Responsible & Caring Staff
P-Guide
What is a Productive P-Guide?
In an effort to provide the most relevant resources for our customers to use, Productive offers articles about pertinent issues in IT for mid-market companies. These articles are designed to educate IT professionals about software as it relates to security, storage, infrastructure, volume licensing and other relevant topics.
We welcome your feedback. Please send comments or topic suggestions to info@productivecorp.com
P-Guide, Windows 7: Should You Take the Plunge?
Windows 7 promises a host of advances over Vista and XP. Here's a look at five key new features of the new OS, along with five points to keep in mind before you migrate.
Read the full, Windows 7: Should You Take the Plunge P-Guide.
Date published: September 1, 2009
Length: 2,134 words
Download: PDF version
Excerpt:
Microsoft's release of Windows 7 just might be the biggest tech news to hit the streets in recent years, and it's not hard to see why. On one hand, there's the simple scale involved with a new OS. The prospect of migrating an entire company to a new operating system is almost always a daunting venture. You'll need to make sure you get a return on the significant investment that you'll make in the product itself, along with the staff time and resources needed to install it and work out the inevitable kinks.
At the same time, however, Windows 7 is also huge because of the bad vibes that still resonate from its predecessor, Windows Vista, which met with almost immediate critical disapproval when it was released in 2007. To be fair, Vista had a lot of improvements over the XP operating system, including upgraded security, file sharing, and search capabilities. But those were largely overshadowed by its shortcomings: excessive use of RAM, an overly aggressive User Account Control (UAC) feature, and hardware incompatibility, among others. The result: Vista adoption was lukewarm, as plenty of potential users-including corporate stalwarts such as Intel-refused to embrace it. A recent Forrester Group report noted that Vista is in use on only 12 percent of all corporate desktops around the United States.
Now comes Windows 7, and if the early reviews are any gauge, Microsoft appears to have ironed out many of the issues that plagued Vista. In fact, some reviewers have touted it as the best Microsoft OS ever. Should you commit to it? This P-guide addresses that question, walking you through five reasons why you should consider converting to Windows 7, along with five key points to keep in mind before you take the plunge.
Read the full, Windows 7: Should You Take the Plunge P-Guide.
Download: PDF version
P-Guide, The Next Layer of Desktop Security: Host-based Intrusion Prevention Systems (HIPS)
The newest generation of HIPS products offers robust protection against a wide range of threats. Are they the right solution as the last line of defense in a layered approach?
Read the full, Next Layer of Desktop Security P-Guide.
Date published: May 15, 2009
Length: 2,213 words
Download: PDF version
Excerpt:
How can we keep Web-based security threats at bay and keep costs down at the same time? That's the question being asked by mid-market IT staffers around the country these days. The complex and pervasive nature of today's threats demands that you use multiple layers of defensive tools-a layered approach-to keep intruders out of your system.
Trouble is, however, that implementing and overseeing multiple layers can be an expensive and time-consuming proposition-and there's no guarantee of success. In the last few years, however, host-based intrusion-prevention systems (HIPS) have emerged as an increasingly viable option. While they can't offer a magic bullet against Web-based threats-nothing can-they can provide a cost-effective and provide final layer of defense by wiping out malware that slips through the first lines of network defenses or gets manually installed on a PC.
What is a HIPS? In broad terms, it's software that resides on an individual workstation and continually monitors incoming Web traffic, the operating system, and installed programs for unwanted or malicious behavior. If something appears, the HIPS automatically stops it before it can do any damage.
Read the full, Next Layer of Desktop Security P-Guide.
Download: PDF version
P-Guide: Integrated Endpoint Security
A new generation of bundled solutions offers potent help in the battle for network security. How can you find the right option for your company?
Read the full, Integrated Endpoint Security, P-Guide.
Date published: February 24, 2009
Length: 1,968 words
Download: PDF version
Excerpt:
By almost any measure, email- and Web-based security threats have become more common over the last few years. Consider:
- The Pingdom uptime monitoring service notes that 53.8 trillion e-mails in 2008-or 70 percent of all messages sent-were spam.
- In its 2008 Trend and Risk Report, IBM's X-Force Threat Analysis Service notes that more new malicious Web sites were created during the fourth quarter of last year alone than in all of 2007.
- And Symantec's MessageLabs service reports that the number of targeted Trojan attacks that were intercepted rose to 53 per day in 2008, compared to around 10 per day in 2007 (and one to two per week in 2005).
The threats are also getting far nastier to deal with. Blended malware is now commonplace. Sophisticated assaults such as SQL injections are making their way into the news; last April a mass SQL injection attack specifically designed for Microsoft IIS Web servers infected half a million Web sites around the world, including such high-profile names as the United Nations, various U.K. government sites, and even the U.S. Department of Homeland Security. And then you have the Conficker botnet worm, which surfaced last November and quickly infected more between 2 million and 15 million (depending on which estimates you believe) PCs around the globe.
Read the full, Integrated Endpoint Security, P-Guide.
Download: PDF version
P-Guide: Is Hosted Backup and DR Right for You?
New hosted backup and disaster recovery products and services are offering mid-market IT departments unprecedented flexibility, reliability, and effectiveness.
Read the full, Is Hosted Backup and DR Right for You, P-Guide.
Date published: December 31, 2008
Length: 2,274 words
Download: PDF version
Excerpt:
It's inevitable: At some point in your company's lifecycle, you're going to lose data. As for causes, they might be anything from a cyberattack, a natural disaster, or (more likely) a simple hardware failure and/or human error. Are you prepared? Probably not, if your business is like most U.S. companies. Consider:
- According to the 2008 AT&T Business Continuity Study, one in five U.S. businesses doesn't have a DR/business continuity plan in place.
- A 2007 Forrester Research/Disaster Recovery Journal study notes that 40 percent of all companies only test their data backup plans once each year.
- A SearchSecurity.com survey of 500 IT departments offers even more eye-opening numbers: Up to 20 percent of routine nightly backups fail to capture all data, and 40 percent of IT managers are unable to capture data from tape when needed.
Why the disconnect? Apart from run-of-the-mill corporate inertia, there's one key reason: The traditional solution-backup tape-has serious drawbacks. For starters, the tapes themselves are fragile and susceptible to temperature and humidity extremes. Handling and managing them gobbles up staff time. Transporting them to secure off-site storage locations is inefficient. (And a fair number of companies don't even use secure storage-one study notes that nearly 70 percent of all small businesses store backup tapes at their employees' homes.) And they don't offer immediate restoration of data. Suffer a power outage and lose data in the middle of the afternoon? You're out of luck-the latest information you have access to sits on the previous evening's backup tape.
Read the full, Is Hosted Backup and DR Right for You, P-Guide.
Download: PDF version
P-Guide, Patch Management: An In-depth Look
Patch management is a challenging but crucial task in today's environment. What options do you have at your disposal?
Read the full Patch Management P-Guide.
Date published: November 17, 2008
Length: 1,808 words
Download: PDF version
Excerpt:
Patch Management is a critical task that can quickly drain away your time and resources. What options do you have at your disposal? By any measure, patch management is a crucial task. How crucial? Consider:
- According to the CERT Coordination Center at Carnegie Mellon University, there were 417 known security holes in 1999. That figure jumped to 1,090 in 2000 and has risen steadily each year since. During the first three quarters of 2008 alone, the organization catalogued 6,058 different vulnerabilities.
- A mid-2008 report from IBM's X-Force Threat Analysis Service offers similar numbers, and notes that the number of "high-severity" vulnerabilities (which it defines as "security issues that allow immediate remote or local access, or immediate execution of code or commands with unauthorized privileges") continues to rise.
- The threats continue to evolve, and even desktop applications such as Adobe Reader are being targeted of late and the rise of cloud computing is offering new avenues of opportunity for cyber criminals.
In short, it pays to keep current with patches and updates. The trouble is that patch management can be a time- and resource-draining chore, particularly given the sheer volume of patches that are issued each year.
What Can You Do?
Given that manual patching is too costly and labor-intensive for all but the smallest companies, it pays to invest in a patch management system. There are numerous products at your disposal.
- One option is Microsoft Windows Server Update Services (WSUS), which is available for free download. The software has some advantages: It does a fair job of streamlining the patch-management process, allowing users to manually or automatically download and distributes patches and updates. However, its reporting capabilities are limited, it only supports relatively current Microsoft-issued updates and patches, and needs its own dedicated server and a Microsoft
Server license.
Read the full Patch Management P-Guide.
Download: PDF version
P-Guide: Mid-market Software Licensing
Do SaaS and open source offer a solution to mid-market software challenges? Or should you look to incumbent vendors for new alternatives?
Read the Mid-market Software Licensing P-Guide.
Date Published: September 23, 2008
Length: 2,104 words
Download: PDF version
Excerpt:
The case for Saas and Open Source
No one can deny the SaaS and open source have plenty of benefits. Consider open source. For starters, plenty of observers cite the software's security advantages over its commercial competitors. It can be customized to fit a company's unique needs. And it's designated as free to use (at least in its most basic versions), which makes it appealing to companies that either have limited cash on hand or which are leery of getting locked into using a single, proprietary software vendor...
Four Reasons to Think Twice
Given the obvious benefits of open source and SaaS, is now the time to ditch the conventional software approach? Maybe not. As fast as both technologies are growing, both have quirks and drawbacks. Here are four points to consider...
OVS: An Alternative to the Alternatives
What other options are out there? Earlier this year, Microsoft unveiled the U.S. version of its Open Value Subscription (OVS) program, an offering that provides a comprehensive way for mid-market companies (with between five and 250 PC's) to manage software acquisition and licensing. The program is notable for several reasons...
Read the P-Guide: Mid-market Software Licensing.
Download: PDF version
Continuous Data Protection as an answer to mid-market data-protection needs.
Read the P-Guide: CDP: A Closer Look.
Date Published: July 15, 2008
Length: 1,745 words
Download: PDF version
Excerpt:
In the last few years, an answer has emerged in the form of a new generation of disk-based backup technologies. Generally lumped together under the term “Continuous Data Protection” (CDP), these systems allow for faster backups and nearly instantaneous data recovery.
What exactly is CDP? There are numerous definitions floating around. For instance, the Storage Network Industry Association (SNIA) defines it as a “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery points from any point in the past.” IDC has defined it like this: “Continuous data protection, also referred to as continuous backup, pertains to products that track and save data to disk so that information can be recovered from any point in time, even minutes ago.”
In other words, CDP protects and captures data as it is written to disk and automatically saves every change made to any item of data on a company’s system. By doing so, it can restore data to their condition before a loss or interruption occurred—and often in a matter of minutes or even seconds. The result: less data loss, potentially less business downtime, and an effective to find a balance between RTO and RPO.
Read the P-Guide: CDP: A Closer Look.
Download: PDF version
P-Guide: Best Practices for Threat Management Implementation
7 key questions to ask.
Date Published: May 27, 2008
Length: 1,493 words
Download: PDF version
Excerpt:
All elements of an IT infrastructure need to be protected by layers of defense based on an encompassing, enforceable security policy:
The network perimeter. This first line of defense requires network firewalls, virtual private networks (VPNs), intrusion detection and prevention, and network access control. Content-level defenses—including anti-malware, Web filtering, and P2P and instant messaging firewalls—also need to be implemented on the perimeter. Unified and integrated threat management solutions can deliver synergy that eliminates perimeter security gaps.
The network core. The variety of applications now handled by networks means that some applications suffer performance degradation. When it comes to securing the core—with firewalls, VPNs, and intrusion prevention—it’s important to consider scalability, performance, and availability.
The data center(s). Protecting your business’s servers and application takes firewalls and intrusion detection/prevention as well as protection of application content (anti-malware). These defenses must be able to handle the throughput demands of realtime apps.
Remote offices and facilities. Both network- and content-level defenses are required here, very much like what’s needed at the enterprise network perimeter. And because these sites generally don’t have IT staff, centralized policy control and remote threat management capabilities are crucial.
Read the P-Guide: Best Practices for Threat Management Implementation.
