Northern Micro Ranks #1 in Ottawa with 2016 CRN Solution Provider 500 Annual Ranking

Ottawa, Ontario – June 6, 2016

Northern Micro, one of Canada’s leading IT solution providers, announced today that CRN®, a brand of The Channel Company, has named Northern Micro on its 2016 Solution Provider 500. The SP500 list is CRN’s annual ranking of the largest technology integrators, solution providers, and IT consultants in North America by revenue.

Moving up 111 spots to #244 from #355 last year, Northern Micro is now recognized by CRN as the largest IT company in Ottawa. Only 22 companies from Canada were named on this year’s SP500, with Northern Micro ranking in 10th place among them.

“We are truly honoured to be acknowledged by CRN for all of our hard work. It’s an incredible privilege to work with some of the most talented technology specialists in the country.” said Herman Yeh, President of Northern Micro. “Our entire team is to be congratulated for the tremendous effort they’ve made to grow the company by focusing on fulfilling our company’s mission of delivering the ultimate in customer satisfaction.”

The SP500 is CRN’s predominant channel partner award list, serving as the industry standard for recognition of the most successful solution provider companies in the channel since 1995.

“The 2016 Solution Provider 500 represent a total, combined revenue of over $344 billion – a testament to their success in keeping pace with rapidly changing demands of today’s IT market,” said Robert Faletra, CEO, The Channel Company. “This prestigious list recognizes those companies with the highest revenue and serves as a valuable industry resource for vendors seeking out top solution providers to partner with. We congratulate each of the Solution Provider 500 companies and look forward to their continued success.”

Click here for a complete list of the 2016 SP500 list.

About Northern Micro

Northern Micro is Ottawa’s premier provider of Information Technology hardware – from client devices like notebooks and desktops, to datacenter infrastructure. We create IT solutions that solve unique business challenges. Highly trained experts, coupled with focused partnerships with the biggest names in the industry form the foundation on which Northern Micro is built.

For over thirty years, our award winning team has been recognized year after year for our commitment to customer service excellence, community involvement, employee engagement, and sustainable environmental contributions. Northern Micro is the proud recipient of the 2014 Intel Partner of the Year Channel Cares Award for the outstanding charitable and environmental contributions and the 2014 EMC Federal Partner of the Year.

To learn more about Northern Micro, visit https://nmicro.wpengine.com/.

About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace.

To learn more about The Channel Company, visit www.thechannelco.com.

Protecting against Cyber Security Threats, and what it means for Businesses and Governments in Canada (Part 2)

A Conversation with Intel Security (Part 2) – Read Part 1

July 4, 2016

Intel Security Director of Sales Engineering Douglas Cooke sat down with Northern Micro on June 29 to discuss the security landscape, competitors and Intel Security’s measures to address cyber-security. What follows is the second part of their conversation.

What is Intel Security doing differently to respond to these cyber security threats compared to other vendors?

So the primary change that we’re making is that to some extent, the industry or parts of the industry have been concentrating on protection. That includes things like firewalls and antiviruses. In the early days, those were pretty effective technologies – you could keep out the vast majority of hacking activity in your environment with these protection vehicles.

But going from 300 viruses a day to half a million, you certainly have to admit to yourself that although you’ll have as strong a protection defending mechanism as possible and use all the latest techniques for protection, you are going to be compromised at some point; and therefore, you have to build up capabilities that will start to think about detecting anomalous and suspicious activity in your environment and allow you to use that detection of suspicious stuff to see if there’s something that shouldn’t be going on and react to it.

In the past, you used to be able to just rely on the protection. Now you can’t, you have to be in a position where not only are you protecting, but you’re watching for suspicious activity and you’re putting mechanisms, technologies in like SIM and other things that allow you to monitor for suspicious activity that can be highlighted for a knowledgeable analyst who can say “That is bad, and it’s not caught by a protection mechanism, and I’m going to go clean that up.” We call it, protect, detect and correct.

“We call it protect, detect and correct.”

These new tools we have to compliment protection include detect and re-mediate when you detect a problem; and that’s the fundamental change we’re taking and leading.

So other industry leaders are also following a similar approach to the “protect, detect and correct” model. What’s different about Intel’s security model vs. theirs?

The industry is adopting that partly because industry players like Forester or Gardner are driving it that way. The challenge for most of other vendors is that they only have a single point product: they might have a protection mechanism, or they might be protecting email. They’re only point products, and the thing that differentiates us and what we believe is that you have to have an ability to coordinate the variety of security and protection tools that you have and add detection and correction capabilities to them in addition to having them work together.

One of the big things about this is that you need the visibility that all of the individual tools can give you . Things like firewall have a few alerts showing this kind of activity, and the antivirus is getting some alert showing this activity. You need to be able to take that information, put that into systems, analyze it and correlate it; and from there, see some suspicious activity in your environment. And you could always do that using the fact that you can bring together a number of protection tools and compliment them with these detection capabilities so you have greater visibility.

The reason that we’re different is that for a number of years we’ve had multiple security technologies that we’ve been working to make work well together. We integrate them closely, take advantage of the data they generate to correlate and analyze, see suspicious activity and then use the unique tools we have to go and correct the environment when we find the problem. We’re really one of the only vendors that’s positioning themselves across the endpoint and the network to have a full connected integrated set of tools that do protection, detection and correction.

So for example, Fortinet would say something slightly different from that, and Cisco for example for also say something similar. They appear to have a very similar approach to having multipoint security, much like how you’re describing Intel’s. So what is Intel doing specifically that would be better or different than say Fortinet’s solution?

There are some other vendors that are saying that they have an integrated approach, but what truly differentiates us is the way we’re doing that integration.

The challenge has been that customers have taken the burden of integrating. So if you look at banks for example, they’ll have a mail gateway from somebody, they’ll have a web gateway from somebody else, and they’ll have an endpoint protection product that’ll have a management console. And they would actually do a lot of work to integrate those tools – they would do combined reporting, and they would maybe try to set up scripts to have those systems work together. So in the past, most of the burden has been on the customers to integrate these various security tools.

Intel Security understood that about 5 or 6 years ago, and we developed this special technology called the data exchange layer. This is a message-buff infrastructure that is designed to allow security tools from any vendor to be able to share information to support integration activities. And this is a technology we’re putting in place – we’ve primarily concentrated to get our own tools to work well to demonstrate how it works. Now with vendors starting to do the integration, the challenge has been that when they go to integrate, for example if Blue Coat wants to integrate with an endpoint vendor, they’ve got to have their product managers discuss with each other, build API’s and build software that allows those two particular point products to integrate. That works, and over time they could have a large series of integrations; but it’s just not scalable. If Blue Coat makes a change to their software, that might impact their API’s and they would have to change them. There’s just all this work that has to be done between all these vendors to keep this integration going over time and it’s just not practical.

“And that works, and over time they could have a large series of integrations. But it’s just not scalable.”

We work with a small number of partners to demonstrate that we can work outside of our own ecosystem and bring in the partner community, and we’ll expand that over time; but the idea is that once integration is built using this message bus infrastructure, it is scalable, and it can change over time as these companies change. It doesn’t need to be a point-to-point, and it really can work as a community capability to allow these products to work better together over time.

So it’s taking more the platform approach?

Yes. The word platform is key here. It is a platform approach where you have a series of security capabilities that have an underlying platform that allows them to share data and integrate together.

The sharing is the idea that it’s a published subscribed model. So if there’s information that’s available on one component of your security capability, in this case it would be your intrusion prevention that’s happening in you network. If it sees something happening, maybe it’s an alert or it’s a suspicious file, it can pass that information to be evaluated by another technology.

The example would be let’s pass that file to the sandbox which could be anybody’s sandbox in the general context. So that sandbox would evaluate it, the file gets passed through the message bus, and the sandbox sees through the message bus and says “I’ve got a file that’s been put along the message bus. What do I do with the file? I analyze the file, create some results and publish those results to the message bus.” The results would go back to the intrusion prevention system and might say “That’s a bad file convicted” and the IPS would stop that file from going through.

But the great thing about that message bus is that the information about that file can propagate across the message bus to any other security technologies that’s on the bus. So maybe there’s an endpoint technology on there that says “Hey, we just found this bad file in some other place in the organization. We know it’s bad because we evaluated it on the sandbox. I should act on that, and I’ll go tell every other endpoint to be careful of that file.”

So from a technology standpoint, what are some of the important things that customers should consider when they’re evaluating technologies themselves?

They need to understand where their gaps are. So if they have a particular gap, they need to evaluate the capabilities and meet that gap; but they also need to evaluate how they are going to fit it into our overall security strategy and how the company is trying to tackle strategy in total.

Security is a program – it’s not this technology or that. It’s a program that encompasses a wide variety of controls and capabilities. And what they need to think about is having those controls integrated so when they look for a new technology to fill a gap that they have, they should think about that technology is going to fit in with the rest of the integrated technologies that they have.

Let’s switch gears then: let’s talk about the threat defence lifecycle. How would you describe that?

The threat defence lifecycle is built on top of the concept of protect, detect and correct. So we needed a mechanism where we could provide full visibility with the protection as an organization is operating on a day-to-day basis.

One of the things that we know is that as an organization continues to grow, they’re going to continue to do different types of business and move their business in different ways. Which means that they’re going to invest in different technologies to promote their business. These are not security things – these are things to move their business.

It may be that they need to move to cloud technologies to get more efficient in what they’re doing so that they can offer some of their processing databases and move them up to the cloud to be more efficient, save some money and provide greater options from a bursting capability. So we know that companies are going to change over time.

At the same time, the security risk is changing because the hackers are always doing new things. Whatever new technologies come out and whatever new things users are doing, the hackers are always adjusting. So you need to have an ecosystem that allows you to adapt over time.

The lifecycle incorporates protection, detection and correction. So the idea that we’re going as well as we can with protection, we’re going to have very strong mechanisms at the endpoint and at the network to stop the obvious and known malware threats that are coming through. And then we’re going to put ourselves in a position with technologies included in the defence lifecycle around data analytics and correlation to be able to see what’s going on.

Those capabilities are fed by the information supplied from the protection technologies, and if we see suspicious activity as part of the process without the security operations center, then we’ll use correction technologies to go and put things back to normal and get the business back into doing business as opposed to solving a security issue.

You already mentioned the DXL, the data exchange layer, which seems to be pretty unique for the Intel Security platforms. What are the other competing solutions out there that would be really comparable to that DXL layer?

Well I don’t think we believe that there’s anybody out there that’s doing that in a serious way, and the reason I say that is that there’s a lot of examples of message-bus infrastructure in other parts of IT. It’s used quite a bit in the application development area quite widely.

The concept of a message-bus infrastructure isn’t new, and our data exchange layer is based on a technology called MQTT – that’s the foundation of it. We made some extensions and some enhancements with it, but it’s definitely known technology. There are some vendors that are doing some similar things but only in the network world that would maybe tie together network components. But we’re the only vehicle that we know of that is across the IT spectrum from endpoint servers and connecting with the network side and being made available to work properly in the cloud environment.

It’s primarily because of Intel who does this on a regular basis. They look at the security industry and say, “What do we have to do in order to make a big change on how we do things?” So the visibility and understanding how contributing needs to evolve in the next few years. This data exchange layer is really something that’s been built and funded by Intel, not just Intel Security, to be effective across the complete IT spectrum including enterprise, IOT, cloud and all those sorts of things.

We don’t believe that there’s anybody else that’s gone as far as we have in the breadth and the depth of the strategy as we have.

Talking about ransomware, you mention that that’s a growing threat in the business world, hitting businesses, institutions, even governments in some cases. How can governments be protected from that with Intel Security?

This is where they primarily have to take advantage of the most recent technologies. This can get frustrating for customers, but unfortunately you have to keep up to date. There may be new technologies that you have to invest in because this is the newest of the new things, and it’s the most difficult to deal with. Furthermore, it could have the biggest impact on your organization.

If a hacker gets on the right laptop at the right time and lock it up with encryption, this could bring your company to a complete stop. So you have to be investing in the most recent technologies that we have whether its reputational based, malicious code protection or dynamic application containment. These newest and greatest technologies that we have as a part of the defence lifecycle have to be in place to combat ransomware.

There’s a growing trend towards using public and hybrid cloud services as part of businesses IT as well. How is Intel Security looking to secure those parts of the infrastructure as well?

We see there’s really 3 things you have to think about when it goes to cloud. The first one is that organizations do a lot of work with SaaS based applications, you know Salesforce and those types of things for example. So organizations have to think about greater mechanisms to give them greater visibility to what apps are being used and then to be able to have an understanding of what data is being passed through in order to protect their data. So we’re doing a lot of work through our web gateway and are coming to help customers gain visibility and control over what they’re doing with SaaS based applications.

The second is thinking about when they want to move their processing, either in whole or in part, over to cloud based environments like Amazon. What we do in that world is try to provide visibility. Through our security management tool called EPO, we can have visibility to systems you’re running in cloud environments and give you the same visibility control and measurement of security posture whether it’s on your premise or on a cloud environment.

The third one is that Intel Security is introducing capabilities to protect the organizations interest as they use SaaS applications such as Sales Force. It starts with providing the organization more visibility to the SaaS applications in use being mindful of shadow IT. It then extends to Cloud Access Service Broker functions to monitor data flowing to SaaS data repositories to ensure it is meeting compliance requirements that will come to the market in 2016.

They need to start with some analysis of the maturity of their program in general, and where they have gaps.

I would say that all organizations have some level of security. They need to start with some analysis of the maturity of their program in general and where they have gaps. They need to have someone who has some knowledge internal or someone they could bring in to help the organization determine where they’re at now, what the maturity level of the various capabilities they have, and what the most significant gaps are.

So just to wrap things up, what would your recommendation be as a first step for organizations that are thinking about and revaluating how to protect themselves from attacks?

It may be that they haven’t invested enough in technologies that will minimize the impact on the organization through hacking from a browser. Maybe they haven’t invested in that sort of thing, and you can see a series of gaps, and they would move towards those gaps. That’s the best way for an organization to work. They should understand what their needs are and go find the appropriate technologies to address that need.

But when they move over and start evaluating those technologies, they’ve got to think about the security in total. They’ve got to understand their maturity in the different areas and disciplines of security that they need whether its vulnerability management, network protection or endpoint protection data leakage. For each of those, they have to establish what their current maturity is and then think about the gaps they need to address in priority and how overtime they can fill the gaps and make their entire program more mature.

Protecting against Cyber Security Threats, and what it means for Businesses and Governments in Canada (Part 1)

A Conversation with Intel Security (Part 1) – Read Part 2

July 4, 2016

Northern Micro sat down with Douglas Cooke, Director of Sales Engineering with Intel Security to discuss what Intel Security is doing to address the new realities of cyber-security. What follows is the first half of their conversation.

Who should be concerned about cybersecurity in Canada?

Anybody that’s using a computer, even the most basic ones people have in their personal lives, has to be concerned because they have important personal information on their PC, financial information and information about their families – all of which is under attack by hackers.

If you think more about the business community, everybody has to be thinking about cyber security because every business has data and information that may be valuable to somebody else.

The bottom line is that everybody needs to be concerned about cyber-security these days.

Where are these attacks coming from and originating from?

There are some areas with more activity than others – for example, we know some activity comes from Eastern Bloc countries while some activity comes from Asia. So it’s hard to necessarily define exactly where it’s coming from.

It all comes down to money, and in most situations it’s to have financial gain. There’s organized crime doing it, there are individual hackers that are knowledgeable doing their own thing, and there are some nation-state activity that’s happening which is more limited against who it’s being done against. But it’s hackers all around the world generally attacking anyone that’s out there.

There’s many different motivations for it, but the primary motivation is financial.

If you were to put an unprotected server on the internet, within a matter of minutes, there would be people probing that system trying to understand if there’s value on that system and compromise the box in order to get information and make financial gain on it.

There’s always activity that’s out there doing things. Some of that’s reconnaissance, and if anything does show up on the internet, there are people that are looking at it and just trying to see what they can find; and on the other side of it, there’s a lot of targeted activity where a hacker group will use specific campaigns against someone in various ways to get credit card data from a retailer for example.

These attacks might be about social engineering to go after someone, but it’s just everywhere. There are really many different motivations for it, but the primary motivation is financial.

What are the most common types of attacks that that businesses should be concerned about?

There are a few categories for these different attacks. There’s a lot of malware that’s used out there that’s used by less sophisticated hackers, and this is malware that will do different things – keyboard streams for example – so they can get onto a system.

There’s a wide variety of viruses and malware mainly trying to get a presence in an organization from where a hacker can get a foothold and do other things like extradite data. That’s all out there, and all the malware that’s been used in the last 5-6 years gets used over and over again in different ways.

There’s lots of variance of those types of viruses. So there’s a lot of activity in that way; but just in general, companies have to be concerned about it, and a majority of that will have issues on production because it could make the systems and environment unstable. It could be gathering data off their systems for example.

One of the things that’s very interesting these days is ransomware where a hacker will use some type of mechanism to get control over a workstation; or if they’re lucky enough to get a server where they get control, they can  put a stream up that says, “I’ve encrypted your data. If you don’t forward me money then I won’t give you access to your data back.”

News articles detailing ransomware attacks across Canada.

Ransomware is a new thing that’s getting lots of publicity, and it’s very troubling for companies because it can severely impact their ability to continue their business.

Isn’t using a firewall or antivirus enough to protect businesses from these kinds of attacks?

This is something that has changed in the past few years – the technology that’s been used previously is just not effective enough.

The firewall marketplace in particular has gone through many changes which first started many years ago, and firewalls we’re initially a very crude mechanism to say, “I want my organization to be able to reach out and talk in this way to the internet,” and you could sort of filter what happened inside and outside of your organization.

Typically what you want to do is filter the majority of access that was coming into your organization to be extremely limited; and before the internet, computer systems were tout between companies; but you would only allow point-to-point connection. You would only allow these computers to talk to these versions and specific computers and really tie it down.

And that’s what the security industry is: it’s an arms race.

Because of the internet, overtime you had to open things up and a firewall could only work on a protocol level. It was missing things because people would hide things in this older HTTP protocol. What you would traditionally do was look at the protocol against this system or that port and shut it down; but if there was something inside the protocol, you couldn’t have visibility of it.

So firewalls changed over time, and now they’ve become much more knowledgeable about what’s happening within the protocol: they have visibility and they can filter it even better than they used to. But again, the hackers just get better and they find more ways to get around these newer, better security technologies.

Similarly with antivirus 20 years ago when I started the business, there were only a couple of hundred viruses per month. Each vendor including McAfee knew about every virus, and we could detect and prevent and clean up every virus that impacted users. So unless you were the first user to get it, we could protect everyone else.

The problem now is that there are half a million viruses per day, and vendors like ourselves can’t keep up and evaluate each and every one of them and get information back to our customers about what the latest ones are today. It’s just too big of a problem.

We’ve had to adapt to things; and as a result, the hackers have adapted. That’s what the security industry is – it’s an arms race. We provide capabilities for known tactics by hackers and build technologies to stop what they’re doing. Then they adapt to these new measures, and in turn the security industry has to adapt once more.

Right now, we have to adapt from firewalls which have gone to the next-generation to obtain even more capabilities that are still not good enough; and the antivirus capabilities we’ve had in the past have to be changed and enhanced so that they do a better job. We’re in a constant race.

What are your predictions for the greatest threats in the Canadian IT security space in the next year?

I think what’s most relevant for the majority of governments and businesses in Canada is a general vigilance against the more sophisticated attacks. A big class of those is ransomware right now, but that’s just one class of many.

You’ve just got to have a comprehensive approach, and not the fallacy that one tool is going to do everything.

Some would talk about the growing threat of mobile, and there are new things that are happening with mobile. But I think in general that the main thing organizations have to build up to is the general threat of the sophisticated hacker. That’s the key issue organizations have to spend their time thinking about.

What are the biggest misconceptions that you commonly find in the Information Security space?

I think that the biggest misconception is that a single tool, some silver bullet, is going to solve all of your issues. That some fancy new thing on the network or some fancy new thing at the desktop is going to solve your problem, but that’s just not the case. Maybe there are some new capabilities that are out there that will slow the hackers down for a small period of time, but they will simply learn to move around it and find some other way to get you.

You have to take a complete approach, a strategy approach to security and think of it in a more holistic fashion with a set of properly integrated security capabilities across the network, endpoints, and cloud activity. You must have a comprehensive approach and eliminate the fallacy that one tool is going to do everything.