Proofpoint ($PFPT) Releases Solution To Detect and Respond To Compromised Microsoft Office 365 Accounts

In a press release issued earlier today, Proofpoint (NASDAQ:PFPT) “announced the availability of Proofpoint Cloud Account Defense (PCAD) to detect and proactively protect Microsoft Office 365 accounts, preventing attackers from causing financial and data loss.”

So What Does This Have To Do With The Folks In AV Land?

Back when I was an audio/video installer (cue the instrumental music), a well-known manufacturer of AV racks would use a handful of key codes for the locking doors on the front and rear of the AV racks. Once an installer had the basic set of keys, he or she could basically unlock any AV rack made by that manufacturer. This was very helpful when troubleshooting AV racks, because the keys were often lost by clients.

Since the AV Rack enclosure keys were so common, they were more of a theft deterrent, and provided no way of truly stopping the theivery, nor was there any trace left behind indicating that someone had unlocked the front or back door.

Many AV integrators will add “security screws” which only prevent someone who was not smart enough, or just plain too lazy, to buy the associated security bit/driver. I remember some of my former coworkers taking it a step further, and hammering the mounting screw posts down until they were bent, just to stop another contractor who kept removing the integrator’s 1RU vanity plate.

About 15-20 years ago, some higher-education IT departments were the first groups that I saw to utilize the LAN ports on the data projectors for security purposes. They would ping the projectors once every minute or so, and if for some reason the projector did not respond, an email was automatically sent to the campus police department, telling them a projector thief may be in such and such room. If the police department was quick enough to respond, they might catch them in the act.

*Cough-cough* It’s All About Convergence *Cough-Cough*

Nowadays, AV rack keys and walking projectors are the least of our worries. As stated in today’s Proofpoint press release, “Cybercriminals have pioneered a new way to compromise corporate email systems, this time by using brute force attacks to steal Microsoft Office 365 login credentials of corporate users and then logging in as an imposter on the system. These new hacking techniques work even if the company has deployed single sign on or multi-factor authentication (MFA) as part of their security system. Once the hacker has logged in masquerading as a real employee, they have a wide spectrum of choices while operating within a corporation’s email instance to cause financial harm and data loss.”

Just as AV has fully converged with IT, so have our security concerns for both hardware and software. We don’t just sell projectors, flat panels, speakers, and AV racks, we sell cloud-based software solutions like Skype For Business, which will soon be a part of Microsoft Teams. Users use single-sign on or multi-factor authentication to access our conferencing and presentation systems, and collaborate with others in the cloud. We install tablet-style room reservation systems that work with Active Directory and company-wide scheduling systems like Microsoft Outlook and Exchange Server.

Having a compromised O365 account is like having a key to every AV system on the network, as well as valuable data stored in the company cloud. If our AV systems rely on a secure network, single sign-on, and active directory, then AV manufacturers, consultants, and integrators all need to be made aware of the inherent security risks.  Integrated system components need to be fully vetted on test networks that use O365 and Proofpoint’s Cloud Account Defense (PCAD) or similar cloud-security solutions, so that there are no surprises when the systems are brought online. We need to go the extra mile, and “hammer down the screw posts” of AV/IT cyber-security, so-to-speak. Constant vigilance!

For more information on Proofpoint’s Cloud Account Defense solution, click here.

If you enjoyed this article, you might also be interested in these similar posts:

Cybersecurity In Audiovisual Systems

We Used To Be Heroes

 

Registered Trademark of Proofpoint Inc.
The Proofpoint Logo Is A Registered Trademark Of Proofpoint, Inc.

 

Advertisements

The Ponds Are Stocked In AV Land

When I was younger, I participated in a few fishing derbies. I remember one particular derby where I caught nine trout in one day, see photos. The derby was sponsored by the local K-Mart, thus the hat. My dad and I were overwhelmed by the luck I was having! The pond at YMCA Camp Sloper had been stocked with fish the week prior. We asked around and quickly figured out that the best bait to use was corn, because the hatchery-bred fish had not yet learned to eat pond food; they liked corn.

I was not the only one who had luck that day. The kid who took the trophy for the most fish caught like 23. I also did not take the trophy for the largest fish; but I was still a happy camper, and went back the next day and caught a few more on my own. I tried my luck again that summer, in the same spot, but I did not catch anything. The corn stopped working, so I went an bought some expensive fishing tackle, which looked great in my tackle box, but nothing was effective as the cheap corn was during that one spring day of the fishing derby.

“The difference is time” as they say. The climate changed as the pond got warmer, the fish retreated to the cooler bottom. The young hatch-lings that survived the fishing derby weekend had two options moving forward: they could adapt to their surroundings, and eat worms, bugs, and smaller fish in Sloper’s pond, or they could be eaten by bigger fish. I don’t think it was a conscious decision. Eventually, the pond life goes back to “normal”, there are less fish, and the ones who survived are larger and more healthy.

Now, let’ reel this back into AV land. I believe the ponds in AV Land are getting stocked this spring, largely due to the tax law changes. I think #AVtweeps are conscious of it; some are not making any decisions, while some are putting plans in place, to deal with the upcoming volume. Notice I said volume, not revenue, or profits, or tax shelters.

Assuming your customers are C-corps, you should see, and hear, a gradual crescendo in spending in 2018, ending with the busiest holiday season anyone has ever experienced in all of AV Land. Older, problematic digital signal processing, microphones, and touch panels will be updated. Corporate customers will start spending more money on large ticket items like immersive rooms and video walls. Ping pong tables will compete for space with VR and AR gaming setups. The more start-up type smaller businesses will finally start to outfit their huddle rooms with new video collaboration systems.

K-12 schools and community colleges will see more donations to support classroom technology as well as gaming lounges and black-box theaters. Sounds great, right? But take warning, according to the AV Land Farmer’s Almanac (you see what I did there?)…

Your service center calls could become unmanageable as the new gear mingles with old.  Bandwidth needs will spike as AV and IT converge, and go forth, and multiply, and higher resolution video traffic will bog down older switches. Fan noise will increase.   Credenza rack switches will begin to overheat. Meanwhile, sales and design teams will design more and more networked AV. Programmers will ask for more IP addresses. Lead technicians are going to make extra money working overtime, making it all work.

So, how do you, the AV integration expert, plan to catch the MOST fish, AND the largest, without wasting a bunch of time, and money on equipment you don’t really need?

  1. Start with corn: Standardize on no more than a dozen pre-designed systems that you can sell quickly with confidence.  Keep the prices down by keeping things very simple, but be sure to include an adequate materials budget and labor to cover the inevitable trips to Home Depot, Grainger, or Lowe’s. Give your AV installation crews credit cards or similar means to get small items ordered immediately. Get ‘er done.
  2. Bring plenty of worms: The big fish in the pond will want something more than corn.  They will want large format displays that make viewers say “Wow”. They will also want to upgrade projection systems with newer laser light source models. Worms are a little more tricky to put on the hook, but in the end, not complicated.
  3. Tackle your complicated designs using your most excellent people and engineering. Don’t let your best resources get bogged down with the “corn” projects.  Figure out a way to free up their time so they can focus on the larger custom spaces and bring your client’s dreams to life.  They are like the professional anglers on the television.
  4. Give everyone the tools they need to complete the projects, but be careful not to fill your tackle box with a bunch of expensive lures like I did when I was little.  Only buy the tools you need right now. Update your own conference rooms, but don’t over do it.  The same goes for hiring new people, look for the skills that you are going to need for your pipeline, and then hire the people who have those skill sets.
  5. Don’t mistake volume for market share. I thought I was going to win that derby.

The key to the next few years will be to anticipate the sales volume bump, and then scaling appropriately, by putting the right people and tools in place. By following the above suggestions, (and never, ever asking me for fishing advice,) AV integration firms should be able to realize the upcoming spike in revenue, without being caught off-guard.

Fish on!

fish

Your Conference Rooms Are So Trendy!

How Monitoring Your Conference Rooms Usage Can Help You Build Better Meeting Spaces In The Future

by Paul Konikowski, CTS-D

Imagine you are the Chief Technology Officer (CTO) at a pharmaceutical company, one that is growing rapidly, and you need dozens of new conference rooms and huddle spaces. It is your job to figure out how big the meeting rooms should be, and what sort of technology should be installed in them. Open areas promote collaboration, but there is also a need for privacy, and respect for others who are working nearby. Where should you begin?

You might start by looking at trends in the industry. For instance, sitting is trending down. Standing during meetings is becoming more common, so taller tables with stools should be considered for a portion of your rooms. This will also affect your display wall elevation and camera mounting height. Video collaboration is essential, whether it is a classic hardware codec from Cisco or Polycom, or a software codec like Zoom; you should plan to outfit at least 50% of your rooms with some form of video chat and/or or web conference capability. You can also budget to “scale into” these conference rooms.

The hard question is, how many small, how many medium, and how many large conference rooms do you need? No one wants a big boardroom that only gets used four or fives times a year. Divide/combine/divisible/dividable spaces look good on paper, but often fall short when it comes to day-to-day activities of various lines of business. Should you build two small conference rooms for every one larger conference room? That’s one approach, but…

Wouldn’t it be great to have real statistical data on your meeting rooms, and reports that showed exactly how often the rooms get used, and how much a given room’s technology was actually utilized? Wouldn’t that be great?

Like the Keystone commercials, “Bottled beer taste in a can, wouldn’t that be great!”

Well, just like Keystone utilizes a specially lined can, AV integration experts have the technology to provide these types of usage reports to clients. How they go about it can depend on the technology being installed, a discussion which I will save for future blog post; for this post, let’s keep the discussion to who, what, where, and why.

Who: Although one might think of monitoring and asset management in a corporate environment, there are other environments that can benefit. For instance, K-12 schools and higher education campuses can forecast projector bulb burnouts based on usage. Technology usage might vary from grade to grade, or from teacher to teacher.

What: Getting back to the corporate conference room example, the main piece of data you need to monitor is: when the rooms are occupied or not. This can be accomplished using motion detectors if other audiovisual technology is not available. If there is a touch panel in the room, it may have a motion detector built in, and you can harness that data through the control system using proprietary software.

You can also monitor how much the different components of the technology get used, but that is secondary to the rooms being occupied or not. If you base your room usage reports solely on the technology, your data will be incorrect from the start, because some groups use tech more than others. Its great to know what tech gets used and what does not, but its almost more important to know what rooms get used, and which do not. Then, compare the rooms’ technology, versus the size of the room, and the location.

Where: As you start to amass the data, you will notice trends in the conference rooms. Some of these trends will show up in the numbers, but it is also important to look at the location and physical characteristics of each meeting space. For example, you may have two equal 8-person conference rooms on the same floor, with the only difference between the rooms is that one has windows, the other is internal with no windows. You may notice that one of the two rooms gets used more often, and you might assume it is because of the sunlight. This is a good theory, but you should also consider acoustics. Or, one department may be utilizing the same conference room every day, while another department only meets once a week in the other conference room. So it is important to compare the numbers but also to look at the location within the building, the departments that are nearby, and then spend some time thinking about the why.

Why: You might notice that the smaller rooms are getting booked up for about 4 hours each day, while the larger conference room is booked all day, almost every day. This might suggest you need another large conference room. How you interpret the numbers depends on the situation, but it is always best to work with real data rather than verbal anecdotes like “that second video camera never gets used”. That is great feedback, but is that really true? What if the CTO uses it once a month? What if more training is needed? It is much easier to start the decision making process with real data, but like any metric, you need some time to establish a baseline, so for your first year, you might just collect the data, use it as a baseline, and then compare the following years to the first year.

In the end, you are looking for trends in your conference rooms. You might notice that the collaborative touch displays are getting used more this year than last year, and sub-sequentially, you might anticipate needing more touch displays next year. You will also see what is not so trendy, and you might be able to avoid buying things you don’t need. Over time, the monitoring of the rooms and technology will “pay for itself” because you will be more efficient and accurate in planning for your future meeting spaces.