Jolera poised to transcend anonymous IT service success

Alex Shan says he sometimes thinks of Jolera Inc. as the largest Canadian IT solutions provider nobody’s ever heard of. The company’s CEO may be partially right.

The Toronto-based company has carved out a niche for itself as a white label IT service provider specializing in business-to-business partnerships with other IT providers and hardware resellers.

Jolera was founded in 2001 as a managed IT service provider. About three years ago, the company took a hard look at itself and realized that its greatest strength was providing the nuts and bolts of IT service delivery. That dovetailed with a “democratization” of cyber security threats.

“Hackers weren’t just hitting the big guys any longer,” says Shan. “Their targets were smaller and medium-sized businesses. For the first time, a dentist was getting hit with ransomware. However, they couldn’t afford enterprise grade security solutions. Instead, they relied on smaller consulting firms who might set up a firewall and do some things that might help fend off security threats. While they couldn’t afford thousands of dollars per month, many of these businesses could see their way to paying, say, $100 per month for enterprise-level security.”

Jolera’s strategy involved transitioning to a security-as-a-service model. The company would concentrate most of its efforts on developing and delivering cloud-based IT services available by subscription. Shared cost among clients would drive prices down.

While security is the central plank of the suite, Jolera also offers other services, including a global service desk, cloud-based backup and recovery, network and performance monitoring, and antivirus and anti-malware management. These products are, in turn, offered as white-label products to resellers.

“Resellers select the products they want to represent and deal with the end user, providing a human face for the technology,” says Shan. “We make it easy for them to brand the products, so they can present our service as their service.”

As part of a typical network security contract, Jolera remains largely invisible, providing reports to resellers on security interventions or unusual threats.

Among clients that include Microsoft, Dell and Lenovo, the company is currently partnering with IT security company Barracuda Networks Inc. Barracuda’s core product is a hardware platform paired with subscription based network security services.

“Our value proposition was that we would provide Barracuda with security services, allowing them to concentrate on their core business, delivering best-in-class technology,” says Shan.

Each contract offers a unique service menu. For example, Jolera works with SERCO, which operates as DriveTest, a public corporation licensed by the Ministry of Transportation of Ontario to operate 55 driver examination centres in the province. The company assisted SERCO in rolling out a new digital testing platform, monitoring equipment, and securely managing digital data on hundreds of thousands of road tests, written tests, and driver’s license applications annually.

Jolera currently employs 250 people globally, primarily at its Toronto headquarters. It also fields offices across Canada, and in the U.S., U.K., Portugal and Brazil.

“However, our white label business model means that we remain anonymous when we’re doing our best work,” Shan says. “That’s a challenge. As a relatively small company, one of our struggles is that 98 per cent of our workforce is doing something technical and we need to devote more resources to promoting and establishing our brand before other channel-based IT solutions try to replicate our success. There’s a lot more global business that we want to grab.”

 

Original Article written by Financial Post. 

What firewalls can’t fix – and what to do about it

Back in the early days of the Internet, firewalls were invented to keep out the bad guys — similar to an electric fence around a building compound. But times have changed.

Evolution of network threats

Firewalls have evolved and become much more sophisticated. So, too, have hackers and malware. Organizations have more complex networks, ubiquitous Wi-Fi, mobile workers, cloud apps and bring-your-own-device policies. Enter the Internet of Things — where almost any inanimate object can have an IP address — and cyber-security is getting awfully difficult to manage these days.

A next-gen firewall should be part of every organization’s cyber-security arsenal, providing a basic line of defence by allowing or blocking access to the corporate network. NG firewalls are not the be-all-end-all, since hackers have found ‘back doors’ into even highly secure networks.

Using IT vulnerabilities or social engineering attacks, the bad guys are able to slip past the firewall and hover around, gathering data, and in some cases exit and enter at will. Most breaches aren’t noticed for weeks or months at a time — and that’s a lot of data gathering.

“Forget the gate and drawbridge idea, there are now hundreds of potential entrances to the castle because businesses are connected to customers, suppliers, and employees over the internet. Not only that, but it’s as if everyone who comes in and out of the castle has a key to unlock all the doors as well.”

Matthew Wall, BBC News

Social Engineering attacks

Social engineering attacks — which manipulate users into handing over sensitive data or clicking on malicious links — are becoming more commonplace, in part because they’re so effective. They’re also becoming increasingly sophisticated.[pullquote cite=”Saryu Nayyar, InformationWeek”] “One new employee, one new contractor, one new business associate. That’s all it takes to own a target. Keystroke loggers and botnet malware will do the rest.”[/pullquote]

User training is helpful (and necessary), but it’s not 100 percent effective. “When a threat actor launches an attack that is planned to take months or years to carry out, all they have to do is spam and wait,” writes Saryu Nayyar in an article for InformationWeek’s Dark Reading.

She argues that security awareness alone won’t stop hackers. As all it takes is one individual falling victim.

Outdated Applications

Hackers can exploit vulnerabilities in software or applications (particularly older versions that haven’t been patched). Or, they can target BYOD devices that aren’t properly managed. They can even target air-gapped computers — ones that are physically isolated from unsecured networks — that are often used in military, financial and critical infrastructure networks.

Indeed, a recent Wired article points out that researchers in Israel were able to steal data from air-gapped computers. “To steal data from them an attacker generally needs physical access to the system — using either removable media like a USB flash drive or a firewire cable connecting the air-gapped system to another computer,” writes reporter Kim Zetter in Wired. “But attackers can also use near-physical access using one of the covert methods the Ben-Gurion researchers and others have devised in the past.”

Detect and resolve intrusions

It’s not all doom and gloom, though. Many industry pundits say the focus shouldn’t be on keeping hackers out. Instead, it makes more sense to stay informed of new threats, analyze vulnerabilities, recognize when a breach has occurred and stop it before any real damage is done.

In addition to a firewall and anti-malware, organizations should consider anti-exploit tools that can recognize when an attack is launched — so they can stop it before malware is installed. When it comes to backdoor attacks, network monitoring is key; network admins are flagged when something is ‘off.’

For many organizations, especially smaller ones, this is a tall order. It requires skilled expertise — hence, time and money — which they probably don’t have in-house.

[x_line]
[prompt type=”left” title=”Secure your network today!” message=”Are you interested in a Security Event Management (SEM) solution that actively monitors and actions live threats on your network? See how you can achieve enterprise-grade security at a fraction of the price. Check out our Secure I.T.™ page for more details!” button_text=”View our SEM solution” href=”http://www.jolera.com/secureit”]
[x_line]

It can be difficult for companies to find talent to secure each of their vulnerable areas, writes Sharon Florentine in an article for CIO.com. That’s where a managed security solution provider comes in. “An MSSP can cover all the security bases for a company: firewalls, intrusion detection and intrusion prevention solutions, security event and incident management, managed vulnerability and identity management solutions — even first-level incident response.”

[bctt tweet=”A next-gen firewall is a must. But relying on that firewall will leave you with gaps — er, back doors.” username=”jolera”] At some point, an intruder is going to find a back door into your network; the key is knowing when it happens, so you can take action before it’s too late.

[x_line]
[content_band bg_pattern=”https://www.jolera.com/wp-content/uploads/2016/05/crossword.png” border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0;” level=”h4″ looks_like=”h3″]About Jolera[/custom_headline] Jolera is a Toronto-based technology hybrid aggregate service provider focused on network architecture and IT solution service and delivery. Jolera is dedicated to innovating the cloud and managed service market space with disruptive solutions for customers, the channel, and the tech and telecom industries around the world.
[x_button shape=”square” size=”regular” float=”none” target=”blank” info=”none” info_place=”top” info_trigger=”hover” class=”mtm” href=”http://www.jolera.com/about”]About Jolera Inc.[/x_button][/content_band]

SECaaS Introduction

Maximize Appliance Utilization

At Jolera we are heavily invested in pushing our carefully chosen security appliances to their full potential. This month we worked extensively with our system engineers and Managed Services team to thoroughly review our Managed Security as a Service (SECaaS) offering.  We believe our efforts have now resulted in a service that provides unparalleled security on a budget. The focus of this service is to provide our channel partners with a cost-effective solution they can trust and improve their time in the market.

Purpose of Firewalls

Firewalls are devices that sit at the edge of every IT infrastructure, protecting it from any sort of malicious activity.  Firewalls are a necessary part of every IT infrastructure. They assure that both the network and its users are secure. The firewalls do this by ensuring that only trusted data packets are allowed to enter into the environment.

 Next Generation Firewalls

Jolera manages and supports all types of NG firewalls that are available in the market today. The latest breed of firewalls are called the Next Generation (NG) firewalls. These firewalls provide deep packet inspection at a layer 7 level in the OSI model.  Layer 7 is also known as the application layer, this is the layer at which the data that has crossed across your network (through the cables, routers and switches) to your computer and is being read by the software on your computer. However even before the data gets within your network, the NG firewall inspects the data by pretending to be a computer software/application, and tests to see if the data is safe or malicious. Only after the inspection is successfully completed does the firewall allow this data into the network it is protecting.

This inspection process could be visualized as a series of labeled cargo containers being transmitted over the network.  In the past firewalls would only look at the container labels, read the labels and pass on the boxes. The NG firewalls open the containers and examine the contents before passing it along into the network, hence the term deep packet inspection.

Utilizing the SECaaS “Human Layer”

Firewalls are always communicating how they are interacting with incoming traffic and display this information using “log files”. The log files are always being populated and can get pretty big and complicated, but they contain valuable analytical data. Logs are kept of all the different type of traffic going through the firewall – both inbound and outbound. This is the granular level at which we attach our SECaaS offering to ensure proper management of your firewall. This is also the point at which our Human Layer intervention comes into play. By constantly monitoring what the firewall is doing, based on the log files; our Network Operations Center (NOC) team technicians perform maintenance and remediation of a given IT infrastructure. This service may also be referred to as performing Live Security Event Management.

Preconfiguration vs. Live Security Event Management

Cost

An out of the box firewall comes configured with basic, default configurations which are not customized for a unique  IT infrastructure. Most firewalls come with a configuration console that can only be managed by a seasoned security expert. Obtaining such expertise and working to perfect the firewall setup configuration based on your unique IT infrastructure needs can be a challenge and costly. Jolera’s SECaaS offering provides you with Live Security Event Management on a monthly subscription base, allowing you to fill security holes as they happen – in real time.

With our Live Security Event Management, specializing in zero-day threats – clients pay per use, rather than paying a large amount upfront, and hoping that you covered all your bases.  We use analytics and statistics to determine facts, and take remediation actions – all in real time.

Consistency

Once the configuration is completed by a security expert – that is it. Another individual within the company is required to monitor and maintain the device for software and firmware upgrades, to make sure the device is online all the time, and to create new policies for new types of vulnerabilities. With Live Security Event Management you can rest assured that all of the security vulnerabilities are being monitored, maintained and patched – 24/7/365.

Everything is in real-time, protecting you against threats as they happen, keeping you one step ahead of the threats at all times. This is possible due to our 24/7/365 Network Operations Center constantly monitoring, maintaining and patching your firewall.

Dynamic

A preconfiguration is based on plans, theories and expectations – it stops at the preventative stage. Live Security Event Management adds another layer of protection as it is dynamic – it constantly evolves against the threats. Viruses constantly evolve, allowing new vulnerabilities to appear; sometimes so vast that when not acted upon in real time, no amount of planning and pre-configurations can stop them from causing serious harm. By having a team of trained security experts these vulnerabilities can be identified ahead of time, and acted upon in real-time.

You don’t see the damage an intrusion has done until somebody is unable to do their work, in a typical IT infrastructure. Usually it is somebody calling in at a help desk line saying their credentials don’t work, something very minor. But upon deeper inspection these minor events turn out to be something as critical as a cryptolocker or a ransomware, which for any organization can be disastrous.

Reseller Options

Jolera’s SECaaS is a part of our Secure-I.T. product offering. VARs and channel partners are encouraged to recommend both services as a bundle to their clients to ensure complete security. More information about our security product and service can be found on the Secure-I.T.™ products page.

Cyber Doomsday

Part  1

I watched TVO ( TV Ontario) The Agenda the other day.  It scared the heck out of me.

Steve Paiken was interviewing Ted Koppel.  The topic was Koppel’s new book  Lights Out, a hypothetical ( ?) modern-day  Armageddon.

A Shocking Possibility

In a nutshell, Koppel reveals that “a major cyber attack on America’s power grid is not only possible but likely, that it would be devastating,and that the United States is shockingly unprepared.”   I have not read the book ( it’s on order) yet but was rapt by the interview.   

No Water, No Toilets…

During the succeeding days, I tried to rationalize how I would deal with the situation.  Well, if I was home, 41 stories up with basically 2 toilet flushes, no water, no heat, no fridge, no stove I would have to grab a flashlight walk down to P3 and get to my kids’ house.  ( Maybe drive if the garage door was locked open)  Hopefully, the tank would be full, but most likely at half).   I won’t continue with the story because I am sure you are doing your own version by now, don’t forget, no transportation, no communications, no hospitals, no money, no banking machines, and replacement transformers are all custom made.

Not Even Mutually Assured Destruction

“What about the nuclear mutually assured destruction scenario,” asked Paiken.  The response was logical.  The M.A.D. approach only works when country A directly threatens country B. In this case, it is clear who is doing what to whom and who would retaliate in kind.  With the black web and the various techniques to avoid detection, the country attacking the grid might take months to be discovered ( It took the FBI man-months to prove that North Korea actually hacked their systems, but it only took Sony and the rest of the world seconds to suspect it).

“What about immediately imposing regulations on the industry,”  asked Paiken? “In the US there are over 3000 independent power companies, some gigantic others minute,” responded Koppel.  “The big guys are doing what they can, the little guys, well we can only hope.” ( The small glitch in Aug 2003  which brought down the interconnected grid in Ontario and many states on the entire eastern seaboard resulted in some action but nowhere near the precautions which should have resulted).  If we want to benefit from an interconnected grid, the possible price is a tumbling domino effect should one participant fail, no matter the cause, a falling tree branch or a cyber attack.

A Wing and a Prayer

Paiken asked Koppel what precautions he had taken to prepare for a potential 2 or 3-month outage and the response was as you might expect, “ …freeze dried food, bottled water, flashlight, and batteries…” (and likely a shotgun,  although it wasn’t explicitly mentioned.)

 

Part 2

Well if having my gas and water cut off wasn’t enough along came an article in wired.com entitled,  Hackers Remotely Kill  A Jeep on the Highway-With Me In It.

Although the author of the article, Andy Greenberg had an agreement with the hackers,  Charlie Miller, and Chris Valasek,  he still reports it was pretty scary having lost control of his vehicle’s speed as he was driving 70 mph on the edge of downtown St. Louis. “ Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway… “To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening.” Not a hypothetical anymore this is really getting serious.

 

Part 3

The last part of this sad trilogy is a recent article in the Wall Street Journal entitled Europe Sets Up Digital ‘SWAT’ Team for Aviation Cyber Threats.

 

The gist of the article discussed how Europe’s top air safety official said he is hiring a group of high-level computer experts to identify and combat looming cyber threats to aviation.

Intended to be a kind of digital SWAT team for hacking attacks, the initiative launched last month goes beyond U.S. efforts and is the most dramatic example of the European Aviation Safety Agency’s increasingly aggressive approach to such risks.

“The aim is to quickly provide technical assistance to carriers or national regulators anywhere in Europe in the event of a cyber attack,” Patrick Ky, the agency’s executive director, said in an interview.

 

Conclusion

Let’s get a handle on this folks!

  • Raise the issue whenever you get a chance.  The more the conversation happens, the greater the likelihood some progress will be made.  Tell your friends, tell the folks at the water cooler, ask your car salesman what his company is doing about it.  Don’t be surprised at the blank stare.
  • Write to your legislators.  Perhaps they will get the message if enough people independently sound the alarm.
  • Think globally but act locally. Just as world hunger will take some time to resolve, here are few things you can do.
  1. Make sure all your data, both business and personal, is backed up and secure on devices to which you have access.
  2. Be sure your backup systems have off-grid power sources.
  3. At home keep hard copies of critical data including bank statements, wills, leases, contracts, etc.
  4. Be able to prove who you and your family are.  Picture ID, etc.
  5. If you are still not sure call Jolera, we can help.

Cybersecurity is Serious IT Business

National Cybersecurity Month

Did you know October 2015 was National Cybersecurity Awareness Month ?   Conceived by President Obama it is “designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.”

Engaging and educating are always worthy political objectives but there are a number of commercial  insights that should be shared with your employees…here is listing of publically available material from the Department of Homeland security with the Small to Medium sized business in mind.  There is a similar listing of material for larger enterprises as well.

 

Attachment

Size

 Small Business Tip Card 152.48 KB
 Small Business Presentation (PDF) 508.01 KB
 Small Business Presentation (PPT) 546.15 KB
 Entrepreneurs Tip Card 151.42 KB
 FCC Cybersecurity Planning Guide 334.74 KB
 FCC Small Business Tip Sheet 259.5 KB
 DHS Cybersecurity Overview 151.8 KB
 DHS Industry Resources 161.54 KB
 Mobile Security Tip Card 152.12 KB
 Mobile Security One Pager 151.94 KB
 Social Media Guide 180.59 KB
 Cybersecurity While Traveling Tip Card 149.32 KB
 Internet of Things Tip Card 146.25 KB
 Stop.Think.Connect. Campaign Backgrounder 157.25 KB
 Protect Your Workplace Materials 851.17 KB
 Stop.Think.Connect. Rollout Package 1.19 MB

Don’t Believe Everything You Read

Unfortunately there are other threats lurking on-line to which your employees should be sensitized. This past Sunday’s New York Times ( Dec . 6, 2015)  had an article entitled “ All the Feedback Money Can Buy”.  It concerned a Jewelry store whose Facebook rating fell from 4.8 stars to 2.3 stars literally overnight.  The managers of the store believe the “bogus” reviews came from a website called “Fiverr” where people are paid to perform odd-jobs for $5.00 or more.   In this instant, as you may have guessed, the Jeweller alleges a competitor hired “reviewers” through Fiverr  to write negative reviews about his shop.  Fiverr was loathe to discuss the matter with NYT columnist David Segal but suffice it to report  Fiverr retains 20% of every transaction and so if something generates revenue why discourage it.  The Times notes that, notwithstanding a number of outstanding  lawsuits with industrial majors like Amazon, there seems to be “lots of gigs on Fiverr offering to spam Apple, Facebook, and Google sites with paid-for reviews.”

Tech Data Says

Jolera’s strategic partner, Tech Data  deals with Cybercrime in its Sept/Oct 2015 issue of Techtimes.  It introduces us to a number of plays from the criminals’ gamebook.

“Trojanizing”, is a technique of hiding “malware inside software updates.”  So an individual basically infects himself or herself.

Another type of malware is “crypto-ransomware.” Like other ransom methods something of value (your files) are held ransom until a fee is extorted, usually anywhere from $ 300 – $500.  Pay the ransom and you get your files back…”   assuming your thieves are ethical.

Mobile businesses are susceptible as well reports Tech Data..

  • 31% of Google Play apps have more than 50,000 downloads that contain remote exploitable vulnerabilities
  • iOS vulnerabilities have nearly tripled since 2011. Android vulnerabilities have nearly doubled.
  • One million Android apps were actually malware in disguise.

This is how Cyberthreat tried to summarize 2015 from a security perspective.  I know its complicated but a close look-see will prove interesting and scary. 2016  doesn’t look much better.

The State of Security

 

Call Jolera Now !

There really is no time to be lost.  Jolera is here to help you plan to avoid,  but to be prepared for a cybersecurity disaster.  We can arrange on-line employee training sessions,  measure employee performance for you  and point out groups requiring additional training.  Let’s get this done together.