Calling the recent Windows PrintNightmare security vulnerability “bad” is a serious contender for understatement of the year.
Every single device running Microsoft Windows – from laptops, desktops, and servers – was revealed to have a gaping security hole, one that hackers have been able to climb through for God knows how long and then poke around to their heart’s content.
The reach of this vulnerability is truly astounding. Consider the fact that there are currently 1.3 billion devices running Windows 10, not to mention hundreds of millions of other devices running on earlier versions of Windows that are also impacted by PrintNightmare.
Taken together, we’re talking about well in excess of 2 billion devices worldwide running some form of Windows, and 100% of these Microsoft machines were affected by the vulnerability. Every--Single--One of them
The really scary thing is, we’ll never know how damaging this security flaw actually was. There’s no way to quantify what information might have been accessed or viewed by hackers during the lengthy window – ahem – when they had a free pass to leverage the vulnerabilities in the Windows Print Spooler service to create user accounts with administrative privileges and then go rummaging around for sensitive data.
Releasing a security patch, as Microsoft has recently done, helps plug these holes, but unfortunately, people don’t always implement security patches as soon as they’re available.
Busy individuals might see a notification that a patch is available for installation and mutter “Yeah, yeah – I’ll get to that tomorrow” and then keep pushing it off, repeatedly. Or, they might be afraid that the patch will “break” something on their computer, and they’re staring down too many deadlines right now to let that happen, so they don’t want to chance it. To complicate the update process further most machines require multiple patches and multiple reboots to effectively suppress the vulnerability. These added steps increase the likelihood of a failed patch.
The result? Security holes remain unpatched for longer than they should, and the bad guys have more time and more opportunity to leverage the flaw.
It doesn’t have to be this way. Virtual desktops can mitigate much of the threat around a vulnerability like PrintNightmare. But only if done right!
Virtual desktops deliver a desktop environment to end users from a centrally managed server or private cloud. End users have access to the same workspace from any device over any internet connection, which is great for mobility and productivity. But the real advantage is on the IT side. Services like the Digital Bunker deliver virtual desktops in a fully managed environment.
Because virtual desktops are centrally managed, an organization can respond to a five-alarm fire like PrintNightmare very quickly by rolling out a security patch to all of their virtual desktops and servers as soon as it’s available, without any action needed on the part of end users. This is a big advantage over conventional devices that are managed and updated on an individual basis. Virtual Desktops allow the patches to be rolled out in the middle of the night even if the user powers off their machine.
Remember our busy worker, plugging away at their computer and saying, “I’ll install that patch tomorrow” and never getting around to it? Virtual desktops mean we don’t have to worry about that scenario anymore. The patch has already been installed, without their involvement, and probably without them even realizing it.
Even better, the central management of virtual desktops means the ability to quickly reduce or even completely neutralize specific vulnerabilities. For instance, PrintNightmare exploits the inner workings of the Windows print service. The IT team can turn off printing services for all of their virtual desktops in one fell swoop, disabling that functionality until a patch is available to be deployed.
Sure, people might not be able to print things for a day or two. But it’ll otherwise be business as usual, and people will be able to continue getting work done, all while fully shielded from PrintNightmare. Again, this type of rapid response just isn’t feasible if users have to individually remember to toggle off print services on their devices.
The central management that virtual desktops allow for also means that the organization can quickly deploy additional perimeter defenses, including a hardened firewall that ensures the virtual desktop can only be accessed from certain locations or certain IP addresses, to help make sure some unauthorized user isn’t sticking their foot in the door.
While the advantages of virtual desktops are many, not all virtual desktop offerings are the same. You can’t just purchase an à la carte “virtual desktop” and then crack open a cold beverage to celebrate the fact that all your problems have been solved.
A virtual desktop on its own is just a starting point. The offering needs to solve for mobility and security. It needs to provide backups. It needs to ensure users are coming in to access the services in a compliant manner, and it needs to provide visibility into what exactly those users are doing when they’re accessing the services.
If it’s not taking a holistic approach and solving for all those problems, a virtual desktop might actually be creating more problems than a conventional desktop by creating a false sense of security. But properly implemented and packaged with all the right supporting technologies, virtual desktops deliver a powerful advantage – particularly in the face of a nasty piece of work like PrintNightmare.(Maybe for another story: Like any tool if not properly implemented it can cause more harm than good. Think about your father in law when he whips out the chainsaw to trim the tree?)
Not nearly enough organizations have implemented virtual desktops because, frankly, it takes a certain level of expertise to do it properly. But if more organizations get on board, then maybe we can all breathe a little easier the next time a massive security vulnerability like PrintNightmare is brought to light. Because security wise, we’ll have a lot less to be scared about.
Virtual desktops are emulations of a preconfigured desktop environment that can be remotely accessed by any physical device or endpoint on a local, secure network. In other words, virtual desktops provide a work environment that is nearly identical to and even better than that of a physical workstation.
Virtual desktops are the modern solution to a successful business. Not only does it provide an efficient, secure, and reliant virtual workspace for all employees, by providing access to the desktop from anywhere on a network, it promotes business continuity and employee productivity. Virtual desktops are centrally managed; all software and application updates can be done at once across all shared network devices, eliminating a huge source of time waste. Additionally, IT organizations are easily able to regulate the access and usage of corporate resources through the network—an important facet to have in a world where cybersecurity is a necessity.
Virtual desktops are images of operating systems that are sandboxed, or separated from the hardware used to access it. They are often used as part of virtual desktop infrastructures (VDI), which are collections of virtual desktops hosted on large-scale servers. Endpoint devices can log into these virtual desktops to greatly increase accessible hardware power and for security purposes.
There are two types of VDI: persistent and nonpersistent.
Behind each cluster of virtual desktops is a hypervisor: native software that creates, runs, and manages virtual machines. It allows for many different virtual desktops to reside on the same hardware, and is responsible for allocating the host’s hardware resources to the virtual machines. In a virtual desktop infrastructure, the host is typically a large, physical, and central server. The host delivers the virtual desktop to the endpoint device; a tablet, phone, or laptop can now run an operating system that has the power of a physical desktop machine.
Having all of the virtual machines in a centralized server also makes cloud security and central management easy to implement. Other software can still be run alongside the virtual machines, such as packet monitors, dynamic firewalls, and even machine-learning security algorithms.
Virtual desktops provide a multitude of benefits over the traditional physical desktop machine.
Improved User Experience
Virtual desktops are built so that users can access anything that is necessary for their job all in one place. This desktop is consistent across all devices that a person would use, allowing users to choose when, where, and how they want to work. Persistent and non-persistent virtual desktops give users the ability to customize their desktop if desired, resulting in a more comfortable and productive workspace.
Valuable corporate data and information are stored in a data center instead of on endpoint devices, thereby reducing the chance of theft by outside organizations. IT organizations can control who can access data and how they can access it (to what degree of freedom, e.g., view only, editing rights, etc.)
IT Management Efficiency
Administrators of the virtual desktop network can apply software updates to all devices at the same time. They can also manage control access and change configurations for all desktops. Launching changes to desktops from a centralized location reduces the amount of time and effort needed if they were to be done individually.
The processing power for virtual desktops happens in the data center. This means that endpoint devices do not require more expensive hardware. Less physical equipment and maintenance is required.
Virtual desktop interfaces can easily scale up or down with the amount of users on a given network. This makes it easy for businesses to deal with temporary shifts in employee counts due to unforeseen circumstances. Anyone can easily be given a virtual desktop with all the essential applications and be ready to start working.
A virtual desktop is a desktop that can be accessed over the internet from practically anywhere and performs in the same way as a physical desktop when using a Virtual Desktop Infrastructure. Anyone can log on using a PC, Mac, laptop, iPad, Browser, or smartphone, broadening the range of devices and operating systems they can utilize, as well as where and when they can work. Data is kept in the cloud, so no information is stored locally on users' personal devices. If the device is lost, this is extremely useful because it means there is a low-security risk and no work will be lost. The level of personalization customers will have when they connect to their virtual desktop will depend on whether they utilize persistent VDI or non-persistent VDI.
TetherView is a place where customers can experience leading virtual desktop technology, cutting-edge IT security, protection against cyber threats, and a fully compliant system that is crafted to meet your unique needs. TetherView helps businesses set up and manage digital workspaces by providing industry-leading virtual desktop and email security solutions. TetherView, the inventor of the Frictionless Cloud, can help users decrease their IT footprint and turn their legacy IT infrastructure into a fully managed, turnkey private cloud solution with banking grade compliance, and military-grade security. According to cyber expert Michael Abboud of Tetherview.com, the single finest IT tool for any firm is the deployment of Virtual Desktops.
The best practice is to give users a single digital workspace, or Digital Bunker, where they can access all of their business data or applications and email from a single virtual location. The Digital Bunker is only accessible through a single point of entry, which allows access only when a number of "factors of authentication" have been verified. User behavior inside the Digital Bunker is closely watched, tracked, and regulated. A whitelist technique is used in businesses with higher levels of sensitivity, where users can only access programs, data, or websites that have been checked and approved by the organization's management and security teams.
Zero Trust solutions typically hinder productivity. The proper implementation of Zero Trust is to force users to a known and secure workplace and quadruple-check the users’ identity before they enter. With a Digital Bunker, data does not reside locally on a user’s device. Traditional Zero-Trust solutions allow data to sit locally everywhere, making it impossible to have visibility of control” says Michael Abboud. TetherView's Digital Bunker virtual desktop is designed to exceed the requirements of any regulator on a mission to create Digital Bunkers for every business, so no need to trust a local device and users only have one password to remember. “This technology has been available for a while, but TetherView is distributive because we focus on how to curate and manage the most critical tools together. We believe in solving IT problems with the simplest and most elegant solutions,, minimizing complexity. "We combine great people, great technology, to deliver a world leading service." Abboud mentions further.
TetherView's Digital Bunker takes a holistic approach by combining more than 65 different solutions, including compliance, 24/7 security, backup, mobility, and single sign-on password management, rather than buying security technology as a standalone and solving issues independently, which is more difficult and ineffective. Users are never locked into a device, location, or internet connection. And it is a private cloud that stands out from the crowd. The Digital Bunker provides a consistent virtual desktop that can be accessed from any connection or device, reducing IT footprint and data distribution. The Digital Bunker brings users to their data and applications with the use of Virtual Desktops, Pocket Protector (TV's Mobile Device Management, and Managed Email Security).
In the era of digital transformation, all businesses exist digitally and whether you like it or not, your business’s data lives everywhere. This presents many advantages, chief among them being increased flexibility and agility. But when it comes to compliance with government regulations such as NIST 800-171, many businesses find themselves at a loss. How can they ensure that their data is protected in a cloud-based environment? Virtual Desktops offer the perfect solution and here’s why.
One of the great challenges posed for IT compliance is the lack of control businesses really have over the actions of their employees. Things like training can of course be useful in altering behaviors, but ultimately, workers can do what they want.
This is one area where Virtual desktops can be a fantastic way to ensure IT compliance. By ensuring that workers can only access certain websites, apps and even USBs, the business gets a much stronger element of control.
Additionally, limits can be placed on printing and even data access to protect against leaks and theft of sensitive information.
A virtual desktop can help protect local devices against the threats of hacking, particularly from public wifi. By using a virtual desktop, all of the data and applications are stored on a remote server, rather than on the local device. This means that if the local device is hacked, the hacker would not be able to access any of the data or applications.
In addition, a virtual desktop can provide an additional layer of security by encrypting all of the data that is transmitted between the server and the client device. As a result, a virtual desktop can help to protect local devices against the threats of hacking, particularly from public wifi.
Users now have the freedom of using any device they want. Virtual Desktops mean that businesses no longer have to provide their employees with company laptops or other devices.
Similarly, employees can now reclaim time and freedom by having the luxury of working wherever they want. As long as there is consistent internet access, workers can work from the comfort of their home or the ambient environment of a cafe.
Another big advantage of Virtual Desktops is that they make it much easier to patch in the middle of the day without any disruption to the user. No need to send the company laptop out to the IT department or needing constant downtime.
The digital landscape changes quickly and quite dramatically in the business world. One only needs to look at cases like GDPR which can both come into effect quickly but also impact how businesses operate quickly too.
Virtual desktops enable adaptation and changes to be done quickly and efficiently across all users without the need for extended downtime or slow and cumbersome rollouts.
Virtual desktops are clearly the best way to achieve IT compliance. They provide a level of security, efficiency and satisfaction for all parties that simply have never been achievable with legacy systems.
If you’re interested in a high quality virtual desktop that is compatible with both NIST 800-171 regulations and the SOC 2 Type 2 framework, then you need TetherView's Digital Bunker.
The Digital Bunker creates an individualized virtual desktop for every user and provides the dual role of giving the company control over access to your business’s data while also staunchly protecting it. That way, you don’t have to worry about lost or stolen devices, data leaks or improper usage. All, this is included at a flat fee enabling you to have top quality security for a fair price.
So, if you're interested in TetherView’s Digital Bunker, get in touch today.
The average time to detect and contain a data breach is 287 days (212 to detect, 75 to contain). That’s 287 days a cybercriminal is inside your network, wreaking havoc, stealing company information.
On the other side of the coin, what’s the average time it takes for a company to make decisions about improving their cybersecurity and move away from legacy IT infrastructure? I’ll wait. And wait. Still waiting…
While there is no average time, the truth is that most companies are far too slow to act.
Here’s a more important number. This one has a dollar sign in front of it: $170,404. That’s the average cost of a ransomware attack. And if you want to quantify the cost of stagnation at your company, this is a good place to start.
Most conversations around cybersecurity happen within silos. Cyber risk is viewed in a vacuum. This siloed view leaves companies on their back foot, in a place that is reactive versus proactive.
Well, if we just patch this part of our infrastructure over here. Or if we just tighten up our controls around email security. Or, or, or…if we just do this one thing.
At TetherView, we believe that the most effective cybersecurity solutions force companies to take a holistic view of their IT infrastructure. Of course, with so many companies dealing with old legacy IT, more often than not everything in their environment is fragmented. Information technology maintenance, threat monitoring and cloud services cannot effectively work together to stop cyberattacks if they operate independently of one another. IT sprawl means there are multiple entry points for hackers and more potential areas of vulnerability.
When a company’s IT infrastructure is fragmented, we see generally see two outcomes:
1. The company focuses on one part of their network but ignores the rest
2. Paralysis by analysis - the company does nothing because it’s inefficient to analyze risk in each segment of their fragmented IT environment
One way in. One way out.
The best way to transform your legacy IT infrastructure (and avoid paralysis by analysis) is to move to a zero-trust environment. Zero-trust environments provide visibility into everything and only provide your employees (and the bad guys) with one way into your network…and one way out. When you put up a big wall in a zero-trust environment, there aren’t multiple parts of your network to patch. Instead of being viewed in a vacuum, cyber risk is seen in its entirety with one clean, comprehensive view. So if the bad guys do happen to get in and breach your network, it’s a lot easier to detect and ultimately trap them before they do any real damage.
Don’t fall victim to paralysis by analysis. The action you need to take to improve your organization’s cybersecurity is clear: Lose the sprawl in your IT environment.
OCEANPORT, N.J., June 8, 2020 /PRNewswire/ —TetherView, the creators of the Digital Bunker™, hosted the Third Annual TetherView Cyber Security Summit “Controlling IT Chaos in Post COVID-19 World” bringing together distinguished speakers from the FBI, Oppenheimer, Columbia University, Cyxtera (CFG), and Akamai (AKAM).
The Summit brought a unique perspective on the COVID-19 pandemic and the ongoing challenges it presents to business executives and communities...Read More Here
Founded in 2014 by industry expert Michael Abboud, TetherView revolutionizes cloud use by offering simple, affordable, and secure solutions. As more companies move their workforce to remote locations, TetherView’s Frictionless Cloud is designed to keep data secure and accessible while ensuring the highest levels of compliance–allowing IT teams to focus on innovation.
He hopes to put minds at ease while providing access and security that is vital to keep businesses safe and productive during this period of uncertainty…Read More Here
As the COVID-19 pandemic continues to impact residents in Bayonne, some aspects of normal life continue, although not in a normal fashion.
On April 15, the Bayonne City Council met for its first official online meeting held via TetherView. During the mostly sleepy council meeting, one item on the agenda sparked intense discussions: tax abatements… Read More Here
City Council meetings have moved online, as Bayonne copes with the COVID-19 pandemic. The move comes after Gov. Phil Murphy’s order last month for all residents to stay home unless travel is necessary.
The city council needed to find a way to continue to hold its meetings in accordance with the Open Public Meetings Act as well as the stay-at-home order…. Read More Here
As clients work towards accomplishing their missions, technology should not be a roadblock or a friction point.
TetherView the creator of the Frictionless Cloud, transforms the existing legacy IT infrastructure into a new state of the art environment that will allow businesses to use technology as a tool to deliver the mission… Read More Here