Editor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.
Protecting an IT environment is a non-stop game of whack-a-mole where the board continuously gets larger and the moles get faster and smaller. Two recent vulnerabilities show how quickly a mature and widely distributed software package can turn into a major security hole. First, Microsoft announced CVE-2019-0708, a flaw in Remote Desktop Services that allows an attacker to run arbitrary code without authenticating. Not long after, CVE-2019-10149 revealed a similar issue in the Exim mail transfer software. Fortunately, both had patches available before exploits were seen in the wild. However, both were widely distributed pieces of software that contained the flaw through many iterations, including versions that are no longer officially supported.
Major vulnerabilities like these get the attention they deserve. They are major holes that affect millions of internet-connect systems, and customers should resolve these issues immediately. However, there are plenty of other vulnerabilities out there that could cause a business all sorts of trouble. Many software vulnerabilities are small or not widespread enough to lead to broad organizational awareness and immediate remediation but could still lead to a wide-open door or toe-hold into the larger IT environment. Simple misconfigurations or outdated configurations can leave systems exposed or vulnerable. There are lots of ways an IT infrastructure can have vulnerabilities that can leave systems exposed and potentially go unnoticed for years.
These small issues are often overlooked and overshadowed by news of major vulnerabilities and high-impact security issues like ransomware. Unfortunately, most businesses have IT staff that are busy and don’t have the spare cycles to investigate all the little issues. Even more unfortunate is that the hackers are busy too, and they only need one win in the battle to cause trouble.
Businesses need a robust security infrastructure to prevent, detect, and contain these threats. To provide the best experience in the cloud, 11:11 Systems has integrated many security products into the 11:11 Cloud platform to reduce the effort and cost associated with managing a secure infrastructure. Using tools from security companies like Tenable and TrendMicro, 11:11 provides vulnerability scanning and reporting, malware and virus scanning and reporting, log Inspection, stateful firewall functionality and reporting, file integrity monitoring and reporting, and intrusion detection and prevention directly within the 11:11 Cloud Console. All of these features are architected directly into the infrastructure and offered as standard features for all infrastructure as a service (IaaS) and disaster recovery as a service (DRaaS) customers.
IaaS customers have full-time access to these features. DRaaS customers utilize the same platform, so always-on virtual machines, such as domain controllers, virtual routers, and other “core” infrastructure items, are always protected. As soon as virtual machines are brought online during a DR execution or test, they will also be scanned and protected. Customers are able to run a complete security scan of their entire production environment as part of their DR test with no impact on production. With 11:11 Autopilot Managed Recovery for DRaaS, customers can work with 11:11 to define their entire DR plan and don’t need to spend time running and validating the test failover, saving even more of the IT staff’s valuable time. Once the test failover environment is up, customers can also utilize this environment for testing remediation of any vulnerabilities, so they are better prepared for the actual production remediation.
Whether working with a cloud-based production environment or a failed-over environment, scans can be conducted and reports generated that indicate what known vulnerabilities exist in the environment, what ports may be opened to the Internet, and any other suspicious behaviors that may exist in that environment. Full access to manage their own firewalls with stateful monitoring and reporting give customers the control and visibility they need to shutdown inadvertent ports that could potentially be future targets for new vulnerabilities.
A security-first infrastructure is a real value to customers. Some 11:11 customers have been known to scan their failed over environment during DR tests and find vulnerabilities that their on-premises security scans did not detect. Having this capability can make it easier to justify the cost of DRaaS, while relieving the impacts that an intensive security scan can have on production systems. It’s built into the 11:11 Cloud and Console and run by a dedicated staff focused full time on infrastructure security, so customers have no need to acquire and maintain all this functionality.
There is no single solution to defeating malicious players on the Internet. Backups, recovery plans, and strong defenses are all equally important to maintaining a business today. 11:11 is well regarded when it comes to IT data recovery, but can also help prevent the need to recover by providing a strong security posture for customers relying on 11:11 for either their production or recovery systems.