This article is contributed. See the original author and article here.
We continue to expand the Azure Marketplace ecosystem. For this volume, 120 new offers successfully met the onboarding criteria and went live. See details of the new offers below:
Get it now in our marketplace
ActiveMQ: Apache ActiveMQ is a messaging and integration patterns server, allowing users to foster communication from more than one client or server. This communication is managed with features such as computer clustering and ability to use any database as a JMS persistence provider besides virtual memory, cache, and journal persistency.
AlmaLinux 8 from OpenLogic by Perforce: This minimum profile AlmaLinux 8-based image, built by OpenLogic by Perforce, allows users to run the AlmaLinux image on Microsoft Azure, start an SSH server, and provides login access to customize the instance. This image includes 9×5 weekday email support delivered by a team of US-based Enterprise Linux experts.
BiiTrails Business: This Microsoft Azure-based BiiTrails blockchain service provides self-service traceability toolkits. This service is low cost, with pay-by-use SaaS, and offloaded IT cost. It’s also easy to use, with permissioned usage, a GUI template editor, and admin dashboard.
CentOS 7 from OpenLogic by Perforce: This minimum profile CentOS 7-based image, built by OpenLogic by Perforce, allows users to run the CentOS 7 image on Microsoft Azure, start an SSH server, and provides login access to customize the instance.
CentOS 8 from OpenLogic by Perforce: This minimum profile CentOS 8-based image, built by OpenLogic by Perforce, allows users to run the CentOS 8 image on Microsoft Azure, start an SSH server, and provides login access to customize the instance.
CentOS Stream: This is a minimal CentOS Stream image, mainly used as a common base system on top of which other appliances could be built and tested. It contains just enough packages to run within Microsoft Azure, bring up a SSH server and allow users to login.
CentOS Stream Minimal: This is a minimal CentOS Stream image with an auto-extending root filesystem, mainly used as a common base system on top of which other appliances could be built and tested. Microsoft Azure Linux Agent, cloud-init, as well as the CentOS Stream security updates available at the release date are included.
EspoCRM: This solution is an open source web application, which enables users to view, enter, and analyze their organization’s relationships with customers and as well as with partners. It’s fast and highly configurable and presents users with a web-based CRM platform.
Explorium External Data Platform: This solution enables organizations to automatically discover and use thousands of relevant data signals to improve predictions and machine learning model performance. It also allows for efficient integration of third-party data.
Exponent CMS: This Niles Partners image will configure and publish Exponent CMS, an open-source content management system written in PHP that helps you develop and easily manage dynamic websites without having to code pages or manage navigation.
Intelligent Document Processing: Hexaware IDP uses Microsoft Azure cognitive services for automatic classification and extraction of data from scanned PDF and handwritten documents, improving accuracy by 80 percent and lowering cost by 30 percent.
Kirby: This Niles Partners offer configures and publishes Kirby, a lightweight, file-based content management system. Kirby provides multilanguage and multistore functionality, so you won’t need plugins if you intend to set up your site for multiple countries or stores.
Mantis: Get the big picture on your team’s performance and improve workflow and efficiency by deploying this Niles Partners image of Mantis, an open-source issue-tracking system and project management solution, to Microsoft Azure.
MODX: MODX Revolution is a content management system and application framework rolled into one. Deploy it on Microsoft Azure via this Niles Partners image to gain peace of mind that your websites will be secure and easily maintained with unparalleled performance.
Monica Server Ready with Support from Linnovate: Monica provides an easy-to-use interface to log everything you know about your contacts. Be a better friend, family member, and co-worker by having vital information like important dates or gift ideas at your fingertips.
Nagios: This Microsoft Azure image from Niles Partners allows you to configure and publish Nagios Core, a user-friendly network monitoring solution for Linux operating systems and distributions that includes service state, process state, operating system metrics, and more.
OpenDocMan: Configure and publish OpenDocman, an open-source document management system, to Microsoft Azure via this preconfigured image from Niles Partners. OpenDocMan supports multiple file types and offers a minimalist approach to user interface.
osCommerce: This Microsoft Azure image from Niles Partners allows you to configure and publish osCommerce, an open-source e-commerce platform and online store management solution for any website or web server that has PHP and MySQL installed.
PASOS – Paian Azure Spend and Optimization Service: PAIAN IT Solutions will monitor your Microsoft Azure consumption and give you suggestions for improving your Azure environment, allowing you to focus on your business processes, procedures, and employees.
ProcessWire: Configure and publish ProcessWire, an open-source content management system, content management framework, and web application framework, via this preconfigured and ready-to-launch Microsoft Azure virtual image from Niles Partners.
RabbitMQ: This open source messaging broker system from Niles Partners is used for distributing notifications of change events. It is lightweight and simple to deploy and provides applications a common platform for sending and receiving messages on Microsoft Azure.
Rocky Linux 8 from OpenLogic by Perforce: Perforce provides this preconfigured image of Rocky Linux 8 from OpenLogic. This image enables users to run Rocky Linux image on Microsoft Azure, start a Secure Shell (SSH) server, and customize the instance.
Ruby on Rails: Niles Partners is configuring Ruby on Rails, a world-famous open source web application framework, and embedding it with Ubuntu and ready-to-launch image on Microsoft Azure. You can use this high-level programming language to build database-backed web applications ranging from easy to complex.
Spree Commerce: Easily launch, maintain, and scale your online stores across various platforms using this robust e-commerce solution embedded with Ubuntu along with ready-to-launch image on Microsoft Azure. Spree Commerce contains Linux, java, and Ruby Rails.
Strapi Accelerator: This premium image designed by Ntegral and optimized for production environments is an open-source headless content management system (CMS). Strapi Accelerator is an image based on Ubuntu 20.04.2 LTS, PostgreSQL 12, Nginx, PM2, and Strapi.
Syntheticus.ai-Synthetic Data Generator: This B2B SaaS solution by Syntheticus GmbH allows you to synthetically generate data for all your AI and machine learning models. This artificially generated, yet anonymized data, mimics the original data and strengthens your foundation of trust, while mitigating privacy risks.
WildFly: Niles Partners provides this preconfigured, ready-to-launch virtual machine image of Wildfly for Microsoft Azure. WildFly application builder is a lightweight, flexible tool that runs tremendously fast with a full J2EE stack including Java EE7.
Go further with partner consulting services
App Modernization with AKS: 5-Day Implementation: Modernize your business applications with this fully managed Azure Kubernetes Service (AKS) offered by Abtis GmbH. This implementation, available only in German, will help provision your first Kubernetes cluster infrastructure and introduce you to DevOps tools.
Application Modernization: 4-Week Assessment: Cegeka’s four-week assessment serves as a starting point for defining your digital strategy and delivering an actionable IT roadmap and high-level application overview for modernizing your applications using Microsoft Azure.
Azure Data Platform: 2-Week Proof of Concept: Learn how to remove existing barriers between operational data, data warehouses, and analytics while gleaning actionable insights in this offer from Techedge. Their experts will deliver a proof of concept of an integrated data platform centered on Microsoft Azure Synapse Analytics and Power BI.
Azure Development Training: 1-Day Workshop: UPPER-LINK’s training workshop will help you identify options as you set out to modernize your existing applications based on your business requirements and develop the operational bricks for your project using Microsoft Azure services and tools. This offer is available only in French.
Azure DevOps Quickstart: 3-Day Proof of Concept: This offer from Ismile Technologies will help your organization understand core concepts of the Azure DevOps platform and streamline processes so you can learn to quickly launch your first app using Microsoft Azure.
Azure FastStart Service: 5-Day Implementation: Accelerate your journey to the cloud by collaborating with CANCOM consultants who will help deliver the base configuration of a Microsoft Azure environment to your organization. Set up subscriptions, identity, and security as part of this implementation.
Azure GlidePath for Governance Workshops: Sirius’ workshop is based on Microsoft’s Azure Cloud Adoption Framework (CAF) and is geared toward helping your organization simplify the complex task of creating a governance program service by establishing a best-practice approach to security, governance, and cost control.
Azure Infrastructure & Data: 10-Day Assessment: In this assessment, MineData will provide an end-to-end analysis of your organization’s entire IT estate along with a cost overview for migrating your virtual machines, storage, and databases to Microsoft Azure.
Azure Migration Readiness: 5- to 6-Week Assessment: Experts from Ismile Technologies will help you migrate to Microsoft Azure by first determining the cloud maturity of your company. An analysis of your current infrastructure, creation of a migration roadmap based on key metrics and dependencies will be offered as a follow-up service.
Azure Migration: 5-Day Implementation: Is your organization looking to adopt a cloud strategy? Through this implementation, the experts at Abtis will migrate your ten most important Windows and SQL Server-based workloads to Microsoft Azure. This offer is available only in German.
Azure Service Advisory: 4-Week Assessment: In this offer experts from Entelect will help you understand the myriad offerings and technologies that are part of Microsoft Azure’s evolving landscape. You will get a custom plan outlining which solutions within the Azure framework work best for your business needs.
Azure Stack Hub: 4-Week Implementation: myCloudDoor consultants will help you build and run applications in an autonomous cloud that is completely or partially disconnected from the internet. Gain ﬂexibility and control and easily transfer your app models between Microsoft Azure and Azure Stack Hub.
Azure Synapse Analytics: 2-Hour Workshop: Get a free education on the Microsoft Azure Synapse Analytics solution from the experts at Altron Karabina so you can identify where this solution can be utilized in your organization. This workshop will help you create a reliable data foundation for your business questions.
Azure Virtual Desktop Journey: 2-Hour Briefing: In this free briefing, ACP IT Solutions will discuss the benefits of Azure Virtual Desktop, cover infrastructure and costs, identify automation opportunities, and more. This offer is available only in German.
Azure Virtual Desktop: 1-Day Quick-Start Workshop: Appsphere’s consultants will show you how Microsoft Azure Virtual Desktop works and the advantages it offers to you and your company. A comprehensive proof of concept will be provided so you can enable a secure remote desktop experience from virtually anywhere.
Azure Virtual Desktop: 4-Day Implementation: IT sure GmbH will analyze your current environment and optimize it for Microsoft Azure Virtual Desktop, enabling you to manage demanding environments such as CAD workstations. This offer is available only in German.
Azure Virtual Desktop: 4-Week Implementation: As part of their managed service the experts from Long View Systems will help design and deploy Microsoft Azure Virtual Desktop so your organization can close the skills gap and enable a secure remote desktop experience from virtually anywhere.
Azure-Driven ML & Data Science: 4-Week Proof of Concept: Arinti will help guide you through your Microsoft Azure AI journey in this four-week engagement. Deliverables include a data audit report, roadmap for future AI implementations, estimate to scale the proof of concept to a production environment, and more.
Cloud Data Migration: 2-Day Workshop: Available only in German, Saracus Consulting’s workshop will teach you how to successfully migrate your on-premises database to Microsoft Azure. Learn how you can benefit from the elasticity and agility of Azure services.
Cloud Readiness: 5-Day Assessment: Looking to migrate your applications to the cloud? Cegeka’s five-day Cloud Readiness assessment will help you create a strategic roadmap to ensure you accomplish a successful migration to Microsoft Azure.
CloudTrack Governance Journey: 3-Day Workshop: Atea’s CloudTrack Governance Journey includes three workshops utilizing Microsoft Azure best practices and Atea’s experience configuring Azure environments as a proven method for successfully moving your organization to the cloud.
Costs Optimization: 2-Week Assessment: Available only in Spanish, Orion 2000’s Cost Optimization assessment includes an analysis and evaluation of your organization’s Microsoft Azure environment to help you reduce unnecessary costs and identify potential savings.
Data & Analytics Strategy: 5-Day Assessment: Obungi experts will help you use your data as a driver of success by looking at the state of your system, identifying strengths and weaknesses, and jointly developing a target landscape and roadmap based on Microsoft Azure services.
Data Architecture: Half-Day Workshop: Learn how to more effectively use your data via Microsoft Azure and this free, individually tailored consultation. Experts from Zoi TechCon with work with you to look at integration, metadata, and governance best practices for your data architecture.
Data Platform Modernization: 10-Week Implementation: This consultation with Business Integration Partners will assess your infrastructure and applications, define future scenarios, and implement a solution for data platform modernization to accelerate your digital transformation.
Data Warehouse – Synapse Analytics: 1-Day Workshop: Learn from the experts at Obungi how a modern data warehouse based on Microsoft Azure Synapse Analytics can combine traditional data warehousing with big data and data science to uncover hidden insights and make informed decisions.
DataCenter Modernization 6-Week Implementation: Get help moving to Microsoft Azure with this consulting offer from IT Quest Solutions. You will receive a technical assessment, a cost analysis, and a migration plan detailing how to move your workloads to the cloud.
DevOps Consulting: 2-Week Assessment: This consultation with RCR will improve how you produce and operate applications in Microsoft Azure DevOps through the effective execution of processes, practices, and use of tools that automate the development cycle.
External Identity Access Management: 1-Day Briefing: Avaleris will provide high-level recommendations for an optimal path toward deployment of external identity solutions that will protect your organization from threats and ease onboarding for partners and customers.
Infrastructure Provisioning: 2-Week Assessment: LTTS will help you plan automated infrastructure provisioning using Terraform or Microsoft Azure Resource Manager (ARM) templates, reducing the time it takes you to provision cloud resources from weeks to minutes.
Intelligent Spaces: 4-Week Assessment: GlobalLogic will assess your office space management system and propose an improved or new solution based on Microsoft Azure, Dynamics 365, and Power BI that will enable people to be in a more safe and comfortable environment.
Introduction to Azure Purview: 1-Day Workshop: This consultation will use practical examples to show the functions and benefits of Microsoft Azure Purview unified data governance service for the different user groups in your company. This offer is only available in German.
Linux Migration: 5-Day Implementation: Get professional migration for your Linux and open source database workloads. Abtis will migrate your ten most important workloads on the basis of Linux and open source databases to Microsoft Azure safely and quickly. This offer is only available in German.
Machine Learning: 1-Day Workshop: Learn about the functionality and advantages of machine learning with AppSphere’s offering. Get an overview of the terminology and basic statistical methods and create self-learning data sets with Microsoft Azure Machine Learning Studio.
Modern Workplace Jumpstart: 1-Week Workshop: AppSphere‘s consultants will develop an IT architecture/landscape that is heavily based on Microsoft cloud solutions like Office 365 and Azure services, to meet demands for mobility, collaboration, and communication.
Oracle Migration to Azure: 2-Hour Briefing: This offering from Dimension Data will introduce you to managing and optimizing your Oracle footprint and technology costs by migrating your Oracle workloads to Microsoft Azure (Oracle on Azure) or to PostgreSQL on Azure.
Oracle/PostgreSQL Migration: 6-Week Assessment: AKVELON will perform this migration to Microsoft Azure PostgreSQL database infrastructure with an option to use state-of-the-art server solutions. Additional services to migrate the application infrastructure are available.
Quick Azure Virtual Desktop: 4-Week Implementation: Ignite’s offering consists of a structured service that will allow a customer to perform a fast standard deployment of an environment of virtualized desktops and applications running in the Microsoft Azure cloud.
SAP on Azure: 2-Week Assessment: Reply AG will assess and plan an individual migration to Microsoft Azure based on customer needs, combined with its extensive experiences with SAP systems. This offer will bring best practices and individual class together.
StoreSimple: 4-Week Implementation: Extended support for Microsoft Azure StorSimple will cease in December 2022. SoftJam will analyze your StorSimple usage pattern and identify the best IaaS/PaaS/SaaS solution to replace it, granting the same level of reliability.
This article is contributed. See the original author and article here.
Update: Tuesday, 31 August 2021 17:19 UTC
We continue to investigate issues within Application Insights. Root cause is not fully understood at this time. Some customers continue to experience Application Insights telemetry data latency and/or data gaps. We are working to establish the start time for the issue, initial findings indicate that the problem began at August 31, 17:12 UTC. We currently have no estimate for resolution.
This article is contributed. See the original author and article here.
Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed.
Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021. The Joint CSA identifies both immediate and longer term actions organizations can take to protect against the rise in ransomware, including:
CISA and the FBI encourage users to examine their current cybersecurity posture and implement the recommended mitigations in the Joint CSA to manage the risk posed by all cyber threats, including ransomware.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021. The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA are sharing the below information to provide awareness to be especially diligent in your network defense practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.
Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months. The FBI and CISA do not currently have specific information regarding cyber threats coinciding with upcoming holidays and weekends. Cyber criminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses. In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.
In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.
In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting U.S. and Australian meat production facilities, resulting in a complete production stoppage.
In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers.
The FBI’s Internet Crime Complaint Center (IC3), which provides the public with a trustworthy source for reporting information on cyber incidents, received 791,790 complaints for all types of internet crime—a record number—from the American public in 2020, with reported losses exceeding $4.1 billion. This represents a 69 percent increase in total complaints from 2019. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020, representing a 20 percent increase in the number of incidents, and a 225 percent increase in ransom demands. From January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020.
The following ransomware variants have been the most frequently reported to FBI in attacks over the last month.
The destructive impact of ransomware continues to evolve beyond encryption of IT assets. Cyber criminals have increasingly targeted large, lucrative organizations and providers of critical services with the expectation of higher value ransoms and increased likelihood of payments. Cyber criminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption, to further encourage payment of ransom. (See CISA’s Fact Sheet: Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches.) Malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations.
Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. Precursor malware enables cyber actors to conduct reconnaissance on victim networks, steal credentials, escalate privileges, exfiltrate information, move laterally on the victim network, and obfuscate command-and-control communications. Cyber actors use this access to:
Evaluate a victim’s ability to pay a ransom.
Evaluate a victim’s incentive to pay a ransom to:
Regain access to their data and/or
Avoid having their sensitive or proprietary data publicly leaked.
Gather information for follow-on attacks before deploying ransomware on the victim network.
The FBI and CISA suggest organizations engage in preemptive threat hunting on their networks. Threat hunting is a proactive strategy to search for signs of threat actor activity to prevent attacks before they occur or to minimize damage in the event of a successful attack. Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Threat actors often search through a network to find and compromise the most critical or lucrative targets. Many will exfiltrate large amounts of data. Threat hunting encompasses the following elements of understanding the IT environment by developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems.
Understand the IT environment’s routine activity and architecture by establishing a baseline. By implementing a behavior-based analytics approach, an organization can better assess user, endpoint, and network activity patterns. This approach can help an organization remain alert on deviations from normal activity and detect anomalies. Understanding when users log in to the network—and from what location—can assist in identifying anomalies. Understanding the baseline environment—including the normal internal and external traffic—can also help in detecting anomalies. Suspicious traffic patterns are usually the first indicators of a network incident but cannot be detected without establishing a baseline for the corporate network.
Review data logs. Understand what standard performance looks like in comparison to suspicious or anomalous activity. Things to look for include:
Numerous failed file modifications,
Increased CPU and disk activity,
Inability to access certain files, and
Unusual network communications.
Employ intrusion prevention systems and automated security alerting systems—such as security information event management software, intrusion detection systems, and endpoint detection and response.
Deploy honeytokens and alert on their usage to detect lateral movement.
Indicators of suspicious activity that threat hunters should look for include:
Unusual inbound and outbound network traffic,
Compromise of administrator privileges or escalation of the permissions on an account,
Theft of login and password credentials,
Substantial increase in database read volume,
Geographical irregularities in access and log in patterns,
Attempted user activity during anomalous logon times,
Attempts to access folders on a server that are not linked to the HTML within the pages of the web server, and
Baseline deviations in the type of outbound encrypted traffic since advanced persistent threat actors frequently encrypt exfiltration.
CISA offers a range of no-cost cyber hygiene services—including vulnerability scanning and ransomware readiness assessments—to help critical infrastructure organizations assess, identify, and reduce their exposure to cyber threats. By taking advantage of these services, organizations of any size will receive recommendations on ways to reduce their risk and mitigate attack vectors.
Ransomware Best Practices
The FBI and CISA strongly discourage paying a ransom to criminal actors. Payment does not guarantee files will be recovered, nor does it ensure protection from future breaches. Payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of malware, and/or fund illicit activities. Regardless of whether you or your organization decide to pay the ransom, the FBI and CISA urge you to report ransomware incidents to CISA, a local FBI field office, or by filing a report with IC3 at IC3.gov. Doing so provides the U.S. Government with critical information needed to help victims, track ransomware attackers, hold attackers accountable under U.S. law, and share information to prevent future attacks.
Upon receiving an incident report, the FBI or CISA may seek forensic artifacts, to the extent that affected entities determine such information can be legally shared, including:
Recovered executable file(s),
Live memory (RAM) capture,
Images of infected systems,
Malware samples, and
The FBI and CISA highly recommend organizations continuously and actively monitor for ransomware threats over holidays and weekends.
Additionally, the FBI and CISA recommend identifying IT security employees to be available and “on call” during these times, in the event of a ransomware attack. The FBI and CISA also suggest applying the following network best practices to reduce the risk and impact of compromise.
Make an offline backup of your data.
Make and maintain offline, encrypted backups of data and regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups.
Review your organization’s backup schedule to take into account the risk of a possible disruption to backup processes during weekends or holidays.
Do not click on suspicious links.
Implement a user training program and phishing exercises to raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments and to reinforce the appropriate user response to phishing and spearphishing emails.
If you use RDP—or other potentially risky services—secure and monitor.
Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require MFA. If RDP must be available externally, it should be authenticated via VPN.
Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts, log RDP login attempts, and disable unused remote access/RDP ports.
Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for a business purpose (e.g., RDP Transmission Control Protocol Port 3389).
Disable or block Server Message Block (SMB) protocol outbound and remove or disable outdated versions of SMB. Threat actors use SMB to propagate malware across organizations.
Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
Open document readers in protected viewing modes to help prevent active content from running.
Update your OS and software; scan for vulnerabilities.
Upgrade software and operating systems that are no longer supported by vendors to currently supported versions. Regularly patch and update software to the latest available versions. Prioritize timely patching of internet-facing servers—as well as software processing internet data, such as web browsers, browser plugins, and document readers—for known vulnerabilities. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which network assets and zones should participate in the patch management program.
Automatically update antivirus and anti-malware solutions and conduct regular virus and malware scans.
Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices. (See the Cyber Hygiene Services section above for more information on CISA’s free services.)
Use strong passwords.
Ensure strong passwords and challenge responses. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.
Use multi-factor authentication.
Require multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.
Secure your network(s): implement segmentation, filter traffic, and scan ports.
Implement network segmentation with multiple layers, with the most critical communications occurring in the most secure and reliable layer.
Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
Scan network for open and listening ports and close those that are unnecessary.
For companies with employees working remotely, secure home networks—including computing, entertainment, and Internet of Things devices—to prevent a cyberattack; use separate devices for separate activities; and do not exchange home and work content.
Secure your user accounts.
Regularly audit administrative user accounts and configure access controls under the principles of least privilege and separation of duties.
Regularly audit logs to ensure new accounts are legitimate users.
Have an incident response plan.
Create, maintain, and exercise a basic cyber incident response plan that:
Includes procedures for response and notification in a ransomware incident and
Plans for the possibility of critical systems being inaccessible for a period of time.
If your organization is impacted by a ransomware incident, the FBI and CISA recommend the following actions.
Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected, whether wired or wireless.
Turn off other computers and devices. Power off and segregate (i.e., remove from the network) the infected computer(s). Power off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering off and segregating infected computers from computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
For additional resources related to the prevention and mitigation of ransomware, go to https://www.stopransomware.gov as well as the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Stopransomware.gov is the U.S. Government’s new, official one-stop location for resources to tackle ransomware more effectively. Additional resources include:
This article is contributed. See the original author and article here.
Data is everywhere, data is decision making power
The emergence of data is changing the way organizations do business. From our mobile devices to our machinery, everyday activities and interactions create trillions of data points generated by inanimate objects. Unfortunately, data is often stored across disparate systems depriving organizations of access to valuable information and connected insights. To keep up with today’s fast-paced data hierarchy, organizations must rely on solutions that effectively integrate data to derive important business insights, empower frontline workers to make data-driven decisions, and streamline operational efficiency.
Break down information siloes with Microsoft Dynamics 365 Guides, HoloLens 2, and Power Apps
Infusing Power Apps with Dynamics 365 Guides and HoloLens 2 has enabled organizations to give their frontline workers step-by-step holographic instructions while also bringing critical, connected data into view. Using Power Apps, you can connect to your business data stored in on-premises data sources and rapidly build customizable workflows for your unique operational processes.
With Power Apps, you can embed your apps directly into Dynamics 365 Guides, displayed on HoloLens 2. Embedding Power Apps apps into Dynamics 365 Guides enables you to:
Create and trigger automated workflows based on captured asset data to simplify business processes seamlessly.
Develop issue reports, incorporated into your existing workflow within Dynamics 365 Guides.
Report issues directly within the workflow in a non-disruptive and efficient way.
Understand historical data and relevant insights.
An example of Issue Reporting integrated into Dynamics 365 Guides using Power Apps
Additionally, using Dynamics 365 Guides PC authoring, you can add a website link or directly link to Power Apps apps in your guides, making the opportunities endless for content linking and quick access to resources such as reference manuals, interactive quizzes, or parts re-ordering systems, or an app that provides the latest status of IoT sensors. This feature enables authors to create a seamless workflow for operators so that there is no need to switch from the workflow to access outside documentation as the information is displayed seamlessly in the line of sight.
It doesn’t end there. By integrating Power Apps with Dynamics 365 Remote Assist, you can ensure your operators are connected to apps when performing tasks on the go. Simply connect to Power Apps via your Microsoft Edge browser to access Remote Assist Helper to manage your tasks, apps, and documentation with a remote expert.
An example of adding in Website link using the Step Editor pane.
To view, edit, or delete the link, right-click the Website link button in the Step Editor pane and then select the appropriate command.
Auger Groupe Conseil uses Power Apps with Dynamics 365 Guides
Auger Groupe Conseil is a firm specializing in industrial process engineering, with a focus on helping organizations accomplish “Industry 4.0” procedural updates. On a recent client visit at Kruger Paper Inc., Auger Groupe Conseil recognized the opportunity to unify vast amounts of unused data stored across disparate sources with Power Apps with Dynamics 365 Guides.
Using the Power Apps connector in Dynamics 365 Guides, Auger Groupe Conseil was able to bring all of this unused data to their employees in real-time on the shop floor. With the Power Apps connector, the organization was able to take the Dynamics 365 Guides solution a step further by customizing workflows, submitting issue reports, and making optimal adjustments live in their real work environment. The customizable workflows let them create what they need within a workflow, for example, an alert or a report. Overall, this low-code, versatile solution has enabled their organization to effectively maximize their operations and employee performance.
“We realized that all these companies have an enormous amount of data sources and the best way to bring all this data to the employee is to use Power Apps in Guides. Power Apps allows you to customize any workflow.” Alan Marchand, IT Director at Auger Groupe Conseil, in charge of solutions architecture.