Proofpoint ($PFPT) Releases Solution To Detect and Respond To Compromised Microsoft Office 365 Accounts

Registered Trademark of Proofpoint Inc.

In a press release issued earlier today, Proofpoint (NASDAQ:PFPT) “announced the availability of Proofpoint Cloud Account Defense (PCAD) to detect and proactively protect Microsoft Office 365 accounts, preventing attackers from causing financial and data loss.”

So What Does This Have To Do With The Folks In AV Land?

Back when I was an audio/video installer (cue the instrumental music), a well-known manufacturer of AV racks would use a handful of key codes for the locking doors on the front and rear of the AV racks. Once an installer had the basic set of keys, he or she could basically unlock any AV rack made by that manufacturer. This was very helpful when troubleshooting AV racks, because the keys were often lost by clients.

Since the AV Rack enclosure keys were so common, they were more of a theft deterrent, and provided no way of truly stopping the theivery, nor was there any trace left behind indicating that someone had unlocked the front or back door.

Many AV integrators will add “security screws” which only prevent someone who was not smart enough, or just plain too lazy, to buy the associated security bit/driver. I remember some of my former coworkers taking it a step further, and hammering the mounting screw posts down until they were bent, just to stop another contractor who kept removing the integrator’s 1RU vanity plate.

About 15-20 years ago, some higher-education IT departments were the first groups that I saw to utilize the LAN ports on the data projectors for security purposes. They would ping the projectors once every minute or so, and if for some reason the projector did not respond, an email was automatically sent to the campus police department, telling them a projector thief may be in such and such room. If the police department was quick enough to respond, they might catch them in the act.

*Cough-cough* It’s All About Convergence *Cough-Cough*

Nowadays, AV rack keys and walking projectors are the least of our worries. As stated in today’s Proofpoint press release, “Cybercriminals have pioneered a new way to compromise corporate email systems, this time by using brute force attacks to steal Microsoft Office 365 login credentials of corporate users and then logging in as an imposter on the system. These new hacking techniques work even if the company has deployed single sign on or multi-factor authentication (MFA) as part of their security system. Once the hacker has logged in masquerading as a real employee, they have a wide spectrum of choices while operating within a corporation’s email instance to cause financial harm and data loss.”

Just as AV has fully converged with IT, so have our security concerns for both hardware and software. We don’t just sell projectors, flat panels, speakers, and AV racks, we sell cloud-based software solutions like Skype For Business, which will soon be a part of Microsoft Teams. Users use single-sign on or multi-factor authentication to access our conferencing and presentation systems, and collaborate with others in the cloud. We install tablet-style room reservation systems that work with Active Directory and company-wide scheduling systems like Microsoft Outlook and Exchange Server.

Having a compromised O365 account is like having a key to every AV system on the network, as well as valuable data stored in the company cloud. If our AV systems rely on a secure network, single sign-on, and active directory, then AV manufacturers, consultants, and integrators all need to be made aware of the inherent security risks.  Integrated system components need to be fully vetted on test networks that use O365 and Proofpoint’s Cloud Account Defense (PCAD) or similar cloud-security solutions, so that there are no surprises when the systems are brought online. We need to go the extra mile, and “hammer down the screw posts” of AV/IT cyber-security, so-to-speak. Constant vigilance!

For more information on Proofpoint’s Cloud Account Defense solution, click here.

If you enjoyed this article, you might also be interested in these similar posts:

Cybersecurity In Audiovisual Systems

We Used To Be Heroes

 

Registered Trademark of Proofpoint Inc.
The Proofpoint Logo Is A Registered Trademark Of Proofpoint, Inc.

 

Advertisements

Cybersecurity In Audiovisual Systems

You Should Consider Cybersecurity During All Phases Of An Audiovisual Installation

By Paul Konikowski, CTS-D

Earlier this month, the San Francisco Bay Area was graced with the presence of President Barack Obama, who was here to participate in a Cybersecurity Summit at Stanford University.  *Side note*, I am still unsure if it’s spelled as one word or two, cyber security, or with a dash, cyber-security, and the online jury seems to be rather undecided. So for the sake of brevity, I am sticking with the one-word-version, cybersecurity. *End side note*. At the aforementioned summit of cybersecurity experts, students, and information technology managers in Palo Alto, Mr. Obama signed an executive order encouraging the private sector to share cybersecurity threat information with other companies and the U.S. government.

Rising stock prices of cybersecurity software firms like Palo Alto Networks (PANW), FireEye (FEYE), and CyberArk (CYBR) have also reflected this increased level of awareness. Why? Because unlike guns or nuclear warfare, cyber hacking can happen right under our noses, for years and years, without anyone even noticing. Larger firms have realized that they need the best of the best to combat these criminals, and investors have taken notice to the growth potential of these new age software “heroes” who will do battle for a price, much like the Routiers, the early mercenary soldiers of the Middle Ages.

As audiovisual experts we also need to become IT cybersecurity experts, at least to some degree. At minimum, we have to know what risk we are adding to the network before, during, and after the AV installation. Here is a list of ways you can protect your audio, video, and control systems against theft and hackers, in no particular order:

  • Have a frank and honest discussion with the project team about cybersecurity. Find out who is in charge of the network, and who will need access to the systems.
  • Use motorized projection screens that are fitted into the ceilings to discourage theft.
  • Mount projectors using security boxes, or scissor lifts to hide them up inside the ceilings.
  • AV touch panels and camera controllers often have passwords, but are they updated?
  • Portable TVs and poorly mounted speakers are easy targets; don’t “tempt” thieves
  • Ping all projectors and flat-panel television type displays once every minute. If the display does not respond, assume it is being stolen and automatically email security
  • Interactive whiteboards, mice, and keyboards are generally trustworthy, but who is really checking that USB stick that automatically downloads this or that app to the laptops?
  • Don’t assume that the person in charge of your computer network is the best one to test the AV installation for bugs or security breach points. Hire an expert to test it.
  • Backup all files at least once a day to a secure offsite and/or cloud storage facility.
  • Microphones and tableboxes should be periodically checked for James Bond type “bugs” that can listen to private meetings. It’s not always the newest technology that you need to worry about!
  • Videochat and audio conferencing suites should never be left unlocked while not in use
  • Make sure that end users know when a camera is on or when microphones are open.
  • Digital signage and way-finding kiosks are updated via website; use unique passwords.
  • Unfortunately, most AV equipment racks are made by just a few manufacturers, and each uses one or two different key codes in their door locks. Once you have a set of the common AV rack keys, you can open almost any locked AV equipment rack in the U.S.
  • “Security screws” can also limit the amateur thefts, but any real crook will have tools.

These are just a portion of the areas that the AV Design Engineer and Project Manager need to address during a project. The real problems are the bugs and “holes” that are accidentally left in a program, that nobody catches, mainly because, no one is looking for them. That is why it is critical that today’s AV integration firms hire a well-trained, experienced QA (quality assurance) department who will double-check the engineer’s design, the programmer’s code, and the completed installation.

We all make mistakes, its human nature. And even when we don’t make mistakes, we certainly overlook things that others might catch. Having someone else check your AV design, bug test your code, or evaluate your network or website for cybersecurity threats will always uncover more than checking it yourself.  If you are not putting up “constant vigilance” against the hackers, and paying an expert to test your systems, then you are just living in denial, thinking that your systems are working properly and secure. If these hackers can break into insurance companies and Target, you have to assume that they are trying to hack into your systems as well, (or that they already have!)

constant vigilance

2014 Is All About The Video

Sorry Audiophiles: It’s All About The Video

By Paul Konikowski, CTS-D

Last week, rumors surfaced that Google (NASDAQ:GOOGL) is secretly developing modular, large-scale video displays.  Yes, you heard me right:  Google is reportedly making their own video walls.  This should be of no shock to anyone in the so-called “audiovisual industry” which has been completely taken over by the so-called A.V./ I.T. convergence.  In the past few years, both AV and IT have become caught up in the Enterprise Technology sector, while the consumer electronics have themselves caught up in terms of resolution and cost.  Nowadays, audio and video are often considered to be two Things in the much larger Internet of Things (or I.o.T. if you are into the whole brevity thing). Personally, I hate using the term Internet of Things, but I am just one Voice of Reason, and I am outvoted.

Many television news studios and even Dr. Phil are investing in large-scale, multi-touch sensing video walls, much like those that Google is supposedly developing.  But there are plenty other examples besides these large touch/video displays that illustrate why 2014 is turning out to be the Year of Video.

If you or a family member is on Facebook, you must have seen at least one, if not one hundred, ice bucket challenge videos.  The ice bucket challenge trend signaled not only a change in social media marketing for non-profits, but on a more basic level, it was a perfect example of what I call the “new” Facebook news feed; have you noticed that roughly half of your Facebook feed is now composed of videos? Why did you think the ice bucket challenge was such a viral phenomenon? Also, did you notice how these videos will auto-play, unless you tell Facebook not to autoplay videos?  Keep an eye on your data plan.

Twitter has big plans for video too.  Very soon, Twitter and Facebook will both turn into a combination of video ads, movie previews, political satires, short films, or tv-like series.  Sure, these sort of video trends have been around for years on YouTube, but now that they are major parts of the Facebook and Twitter news feeds, a lot more people will be seeing a lot more videos on a daily basis.  And media companies will quickly learn that video is the new way to capture an online audience, while engaging their own networks.

ESPN, which is owned by Disney Time Warner (NYSE:DIS) recently played Let’s Make A Deal with the NBA to allow live streaming over-the-top (a.k.a. OTT) meaning end users will soon be able to watch NBA using a set-top box or similar streaming player.  No cable, satellite, or TV antenna needed, just internet access.

Soon, sports clips and reality show fights will be uploaded instantly, and there will be more and more live voting and audience polls.  Video clips on Facebook and Twitter combined with a “buy” button means users can click to view the full feature movies or instantly buy the products they are advertising. Twitter also has a deal with Comcast, if your friends are tweeting about a certain reality show or breaking news, you could hypothetically just watch the show inside Twitter’s main feed. But wait there is a twist: the two contestants who have the least amount of internet bandwidth will be voted off of the show; the rest of you are safe.

$GPROWhere will all of this new video content come from, anyway?  Well the obvious answer is the zillions of mobile phones and tablets, many of which come with “decent” digital cameras / video camcorders, and with the right steady cam, tripod, or selfie-stick, just about anyone with a decent smart phone can make a video and upload it to their social networks.

For folks who want a so-called “real camera”, GoPRO just announced some new models including the HERO 4, which combined with the new LiveStream application, will allow live GoPro streaming live to the web, with just an Iphone.  If GoPro’s stock ticker is any indication, it looks like their new cameras may be the big hit this holiday season. NASDAQ:GPRO up 200% in just over 3 months since it began publically trading. Other video related stocks that are riding this video trend include GoPro component maker Ambarella (NASDAQ:AMBA) up 29% Year To Date (YTD),  Digital Ally Inc. (NASDAQ:DGLY) who make law enforcement cameras, is up 58% YTD; and last but not least Mobile Eye NV (NYSE:MBLY), a video technology that helps automobiles stay in their lanes and avoid collisions, is up 42% YTD.

In closing, I just want to be clear on a few things.  First, I currently own stock in GoPro. Second, I am not a financial advisor. and you should do your own due diligence before investing in any stock.   And last but not least, I just want to say that I don’t know if this trend towards more amateur video is necessarily a “good thing” for social media, for society, or for the video professionals of the world.  But I do believe that if so-called AV professionals can adapt to this new consumer trend in video, that we can then offer more value to more potential customers,

We will see if I am right.