I take a look at the Linksys Velop Wi-Fi access points. This is the third in my series of reviews for Network World on smart home devices. If you are going to invest in smart home tech, you want a solidly performing wireless network throughout your house. While I had some minor issues, the Velop delivered solid performance and I recommend its use, particularly if you have existing radio dead spots in your home or have to use multiple networks to cover your entire property. You can read the review here.
The first decision you need to make in your smart home journey is selecting the right ecosystem. By ecosystem, I mean the voice-activated smart hub that is used to deliver audio content from the Internet (such as news, weather, and answers to other queries) as well as the main interface with a variety of other smart home devices, such as lighting, thermostats and TVs. In this review I look at two of the three main hubs from Google (the white-topped taller unit on the right) and Amazon (the smaller black unit on the left) and how they stack up.
This is the second in a series of articles on how to successfully and securely deploy smart home technology. The first one can be found here.
Today I begin a series of reviews in Network World around smarter home products. Last year we saw the weaponized smart device as the Mirai botnet compromised webcams and other Internet-connected things. Then earlier this year we had Vizio admit to monitoring its connected TVs and more recently there was this remote TV exploit and even dishwashers aren’t safe from hackers.
Suddenly, the smart home isn’t smart enough, or maybe it is too smart for its own good. We need to take better care of securing our homes from digital intruders. The folks at Network World asked me to spend some time trying out various products and using a typical IT manager’s eye towards making sure they are setup securely.
Those of you that have read my work know that I am very interested in home networking: I wrote a book on the topic back in 2001 called The Home Networking Survival Guide and have tried out numerous home networking products over the years. My brief for the publication is broadly defined and I will look at all sorts of technologies that the modern home would benefit from, including security cameras, remote-controlled sensors, lighting and thermostats, and more.
Smart home technology has certainly evolved since I wrote my book. Back then, wireless was just getting started and most homeowners ran Ethernet through their walls. We didn’t have Arduino and Pi computers, and many whole house audio systems cost tens of thousands of dollars. TVs weren’t smart, and many people were still using dial-up and AOL to access the Internet.
Back in the early 2000’s, I visited John Patrick’s home in Connecticut. As a former IBMer, he designed his house like an IBM mainframe, with centralized control and distributed systems for water, entertainment, propane gas, Internet and other service delivery. He was definitely ahead of the time in many areas.
When I wrote about the Patrick house, I said that for many people, defining the requirements for a smart home isn’t always easy, because people don’t really know what they want. “You get better at defining your needs when you see what the high-tech toys really do. But some of it is because the high-tech doesn’t really work out of the box.” That is still true today.
My goal with writing these reviews is to make sure that your TV or thermostat doesn’t end up being compromised and being part of some Russian botnet down the road. Each article will examine one aspect of the secure connected home so you can build out your network with some confidence, or at least know what the issues are and what choices you will need to make in supporting your family’s IT portfolio of smart Things.
Since I live in a small apartment, I asked some friends who live in the suburbs if they would be interested in being the site of my test house. They have an 1800 sq. ft. three bedroom house on one level with a finished basement, and are already on their second smart TV purchase. One of them is an avid gamer and has numerous gaming consoles. Over the past several months (and continuing throughout the remainder of this year), we have tried out several products. In my first article posted today, we cover some of the basic issues involved and set the scene.
As you loyal readers know (I guess that should just be “readers” since that implies some of you are disloyal), I have been using and writing about email encryption for two decades. It hasn’t been a bowl of cherries, to be sure. Back in 1998, when Marshall Rose and I wrote our landmark book “Internet Messaging,” we said that the state of secure Internet email standards and products is best described as a sucking chest wound.” Lately I have seen some glimmers of hope in this much-maligned product category.
Last week Network World posted my review of five products. Two of them I reviewed in 2015: HPE/Voltage Secure Email and Virtru Pro The other three are Inky (an end-to-end product), Zix Gateway, and Symantec Email Security.cloud. Zix was the overall winner. We’ll get to the results of these tests in a moment.
In the past, encryption was frankly a pain in the neck. Users hated it, either because they had to manage their own encryption key stores or had to go through additional steps to encrypt and decrypt their message traffic. As a consequence, few people used it in their email traffic, and most did under protest. One of the more notable “conscientious objectors” was none other than the inventory of PGP himself, Phil Zimmerman. In this infamous Motherboard story, the reporter tried to get him to exchange encrypted messages. Zimmerman sheepishly revealed that he was no longer using his own protocols, due to difficulties in getting a Mac client operational.
To make matter worse, if a recipient wasn’t using the same encryption provider as you were using, sending a message was a very painful process. If you had to use more than one system, it was even more trouble. I think I can safely say that these days are soon coming to an end, where encryption is almost completely frictionless.
By that I mean that there are situations where you don’t have to do anything, other than click on your “send” button in your emailer and off the message goes. The encryption happens under the covers. This means that encryption can be used more often, and that means that companies can be more secure in their message traffic.
This comes just in time, as the number of hacks with emails is increasing. And it is happened not only with email traffic, but with texting/instant message chats as well. Last week Checkpoint announced a way to intercept supposedly encrypted traffic from What’s App, and another popular chat service Confide was also shown to be subject to impersonation attacks.
So will that be enough to convince users to start using encryption for normal everyday emailing? I hope so. As the number of attacks and malware infections increase, enterprises need all the protection that they can muster and encrypting emails is a great place to start.
What I liked about Zix and some of the other products that I tested this time around was that they took steps to hide the key management from the users. Zimmerman would find this acceptable, to be sure. Some other products have come close to doing this by using identity-based encryption, which makes it easier to on-board a new user into their system with a few simple mouse clicks.
I also found intriguing is how Zix and others have incorporated data loss prevention (DLP) and detection into their encryption products. What this means is that all of these systems detect when sensitive information is about to be transmitted via email, and take steps to encrypt or otherwise protect the message in transit and how it will ultimately be consumed on the receiving end.
DLP has gone from something “nice to have” to more essential as part of business compliance and data leak hacks, both of which have increased its importance. Having this integration can be a big selling point of making the move to an encrypted email vendor, and we are glad to see this feature getting easier to use and to manage in these products.
Finally, the products have gotten better at what I call multi-modal email contexts. Users today are frequently switching from their Outlook desktop client to their smartphone email app to a webmailer for keeping track of their email stream. Having a product that can handle these different modalities is critical if it is going to make a claim towards being frictionless.
So why did Zix win? It was easy to install and manage, well-documented and had plenty of solid encryption features (see the screenshot here). It’s only downside was no mobile client for composing encrypted messages, but it got partial credit for having a very responsive designed webmailer that worked well on a phone’s small screen. Zix also includes its DLP features as part of its basic pricing structure, another plus.
We have come a long way on the encrypted email road. It is nice to finally have something nice to say about these products after all these years.
Email encryption products have made major strides since I last looked at them nearly two years ago in this review for Network World. This week I had an opportunity to revisit these products, and found that they have gotten easier to use and deploy, thanks to a combination of user interface and encryption key management improvements. They are at the point where encryption can almost be called effortless on the part of the end user.
I reviewed five products: the two that I reviewed in 2015 (HPE/Voltage Secure Email and Virtru Pro) and three others (Inky, Zix Gateway, and Symantec Email Security.cloud). The overall winner was Zix (shown here). It was easy to install and manage, well-documented, and the encryption features were numerous and solid. The only drawback was that Zix lacks a separate mobile client to compose messages, but having a very responsive mobile web app made up for most of this issue.
You can read the complete review in Network World here, and you can watch a screencast video comparing how three of the products handle data leak protection:
Check Point has long been known as a firewall company but it is reaching beyond its roots with a new series of protective technologies under its SandBlast line. SandBlast has been around for several years, but received several significant updates over the past year to make it a truly effective endpoint protection product that can handle a wide variety of zero-day exploits across your entire enterprise, such as this backdoor exploit that we detected from China moments after we installed our product.
You can read my full review here (reg. req.)
The on-premises and cloud editions of Skype for Business Server and the Cloud PBX are promising and less-expensive alternatives to traditional phone systems, but come in a complex array of options and require integration. The software has gained some promising features along with growing support for third-party software, hardware and services. In my review for Redmond Magazine, I look at what is involved in getting it setup and how it works with a sample video conference phone from Logitech here (shown above).
We all spend too much time on email, and if your inbox is overflowing with messages from your coworkers, it might be time to investigate another way to communicate. I review for WindowsITpro some of the issues involved in choosing a tool for team communications with intranet-like features, text messaging, workflows and collaboration features. While Slack is a leader in this field, there are lots of other choices (such as Glip, shown below) that could cost less or do more.
This month the updated Windows 10 Anniversary Edition is now available for download. (Here is a list of offers on Microsoft’s blog.) There are several new security features worth mentioning, including Information Protection andDefender ATP (each of which will require a Windows 10 Enterprise E3 or E5 subscription respectively). I cover what these new features are and suggest that if you are using an earlier version, it might be time to upgrade on my iBoss blog post today.
Endpoint security used to be so simple: you purchase an anti-malware scanner, install across your endpoints, and you were protected. Not anymore. However, the days of simple endpoint protection are over. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a small fraction of potential infections. The attackers have gotten more sophisticated, and so too must the endpoint detection and response (EDR) tools, which need to find more subtle exploits, even ones that don’t leave many fingerprints.
This week, I review of ten different endpoint detection and response (EDR) tools for Network World magazine. You can read the complete review package here.
I spent several months running Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, Countertack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. From this experience, I came up with a series of broad trends:
Virus signatures are passé. Creating a virus with a unique signature is child’s play, thanks to the nearly automated virus construction kits that have filled the Internet over the past several years. Instead, many of these products tap into security news feeds that report on the latest attacks such as VirusTotal.com and other reputation management services.
Second, tracking executable programs is also so last year. In the old days of malware, exploits typically had some kind of payload or residue that they left on an endpoint: a file, a registry key or whatnot. Then the bad guys graduated to run their business just in memory, leaving little trace of their activity, or hide inside PDFs or Word documents, or would force your Web browser to a phished site that contained Java-based exploits. Today’s hackers have become more sophisticated, using Windows Powershell commands to set up a remote command shell, pass a few text commands, and compromise a machine without leaving much of a trace on an endpoint.
Many products can track privilege escalation or other credential spoofing. Modern attackers try to penetrate your network with a legit user credential that uses a default setting when you installed SQL Server or some other product, and then escalate to a domain administrator or other more significant user with greater network rights.
Insider threats are more pernicious, and blocking them has become more compelling. One of the reasons why traditional anti-virus protection has failed is because attackers can gain access to your internal network and do damage from a formerly trusted endpoint. To block this kind of behavior, today’s tools need to map the internal or lateral network movement so you can track down what PCs were compromised and neutralize them before your entire network falls into the wrong hands.
In addition to insider threats, data exfiltration is more popular than ever. Moving private user data, or confidential customer information, out of your network is the name of the game today. Look no further than Sony or Target to see the harm of making public some of their data as examples of what the EDR tool has to deal with now.
Many tools are using big data and cloud-based analytics to track actual network behavior. One of the reasons why the sensors and agents are so compact is that most of the heavy lifting of these tools happens in the cloud, where they can bring to bear big data techniques and data visualization to identify and block a potential attack.
The variety of approaches is stunning, and worth a closer look at these tools, to see if you can leverage one or more of them to better protect your endpoints.