Cisco Umbrella: First Line of Defense

Tyler Carlisle - Keller Schroeder Network ConsultantTyler Carlisle  – [Network Consultant]

How do you protect your users when they are off your corporate network, outside the boundaries of your perimeter security solution? Do they use a VPN? Are you sure? A recent Gartner study predicted that as much as 25% of corporate data traffic will bypass perimeter security. How can you guarantee that your users are secure? Cisco Umbrella can provide the answer.

Cisco Umbrella First Line of Defense

Cisco acquired OpenDNS in 2015 and rebranded its enterprise security products to Cisco Umbrella. Cisco Umbrella is a cloud-based Secure Internet Gateway that protects your users wherever they access the internet, whether on or off the corporate network, and on or off the VPN. Its DNS-based architecture and IP layer enforcement provide a first line of defense against threats, such as malware, ransomware, and C2 callbacks.

Cisco Umbrella Security

 

Cisco Umbrella provides the same protection to all devices on the corporate network, including IoT and mobile devices, by simply forwarding external DNS traffic to the Umbrella servers. Best of all, it provides all this protection with zero additional latency, 100% uptime, and it can be deployed in as little as 30 minutes.

 

If you would like more information on Cisco Umbrella, visit kellerschroeder.com/umbrella to download our “At A Glance” information sheet or request to be added to our upcoming webinar distribution list.  You can also contact your Keller Schroeder Select Account Manager today to start your free trial of Cisco Umbrella.


Baramundi Management Suite

Chance Webster – [Systems Engineer]

There are often tasks in IT departments that tend to create a lot of legwork and require significant time and effort to complete.  Reconciling hardware and software inventories, patching servers and PCs, mitigating security risks or misconfigurations, and deploying software quickly to many PCs or servers in a short amount of time are challenges that every IT department faces.  Baramundi Management Suite helps resolve many time-consuming tasks that you may have in your organization.

Baramundi Logo

With Baramundi Management Suite, hardware and software inventories can be automated, which reduces the manual overhead of collecting inventory information.  Inventories can then be broken out by static groups or groups based on specific attributes such as operating system versions or available disk space.  Inventory information can also be obtained from SNMP capable devices such as switches, routers, firewalls, and printers to reduce the overhead even further.

Security and vulnerabilities are also easier to manage using Baramundi Management Suite.  By providing vulnerability information in a consolidated way, it allows prioritization of these fixes either per machine or per specific vulnerability.  Baramundi Management Suite provides a platform which can be used to replace your WSUS deployment and provide you with a managed, up to date catalog of third party updates to help keep these applications updated.  In addition, a compliance management module is available to allow you to scan for any new vulnerabilities after your patch deployment is complete.

Baramundi Management Suite

Software deployment throughout the organization using Baramundi Management Suite is a snap.  If you are using a pre-packaged Microsoft Installer or other executable package, you can easily create a package to deploy that software with just a few mouse clicks.  If, however, the software requires some customization during the install, you can use the Baramundi Automation Studio to step through the installation as you normally would, recording each step along the way, to create your deployment package.  Once completed, you will be able to deploy even the most difficult applications quickly and easily.

Baramundi Management Suite is one of many systems management platforms.  What makes it stand out among the likes of SCCM, Altiris, and other systems management platform is the ease of use.  You can achieve tasks in minutes that have taken hours, if not days, to accomplish before.  Baramundi Management Suite also allows you to definitively see, in real-time, that action has been taken for a particular task.  Baramundi Management Suite is systems management in real time.

To learn how Baramundi can help resolve many of the time-consuming tasks you may have in your organization, please reach out to your Keller Schroeder Select Account Manager.


Carbon Black Defense Endpoint Security

Paul Miller Keller Schroeder Senior EngineerPaul Miller – [Senior Systems Engineer]

The world of endpoint security is a very crowded market right now, making it difficult to discern what makes one solution better than another. We at Keller Schroeder found ourselves hunting for answers in this market space last summer, and underwent an evaluation of the top ten solutions on the market. After this extensive research, we ended up establishing a new partnership with Carbon Black.

Carbon Black Logo

Carbon Black Defense brings a robust set of features to the table. Their entire technique for endpoint defense relies on detecting malicious software and stopping execution before damage is done.  As a cloud-based solution, Carbon Black monitors all processes running on your endpoint, scores them based on malicious tactics, techniques, and procedures (ram scraping, bad execution methods, self-elevation), and then stops the execution of processes that are found to be up to no good. This happens in real-time, and utilizes a very light agent (0-1% CPU) on the endpoints.

Carbon Black Predictive Security Cloud

The console provides kill chain insight like no other product on the market, and other advanced threat protection options.  From the console it is simple (a couple of clicks… really), to look at a threat’s kill chain, and blacklist the offending process from running again anywhere in your enterprise.  Management overhead for most environments are estimated at around 1-2 hours a week under normal conditions, making it light on administration overhead as well.

If you have a renewal in the future for your endpoint security products, and would like to take a look at CB Defense, please get in touch with your Keller Schroeder Select Account Manager. We would enjoy providing you a demo to show you why this product stands out in this very crowded field.

 


Penetration Tests – Why does your organization need one?

Chris Fortune[Security Consultant]

Penetration TestingPenetration testing helps businesses understand if their investment in security actually affords them the protection they want.  To help in your understanding, let’s start with defining some terms to make sure we are using the same vocabulary.

  • Threat – agent or actor that can cause harm
  • Vulnerability – a flaw someone can exploit to cause harm
  • Risk – Where threat and vulnerability overlap
  • Exploit – code or technique that a threat uses to take advantage of a vulnerability
  • Penetration testing  – involves modeling the techniques used by real-world computer attackers to find vulnerabilities and under controlled circumstances to exploit these flaws in a professional, safe manner according to a carefully designed scope and rules of engagement to determine business risk and potential impact.  All with the goal of helping the organization improve security.
  • Security/Vulnerability assessment – focus is on finding security vulnerabilities, which may or may not be used to get in or steal data.  These assessments are broader, and often include explicit policy and procedure review.

Now that we have a common vocabulary, you might be thinking “How is a penetration test different than a vulnerability assessment?”  The difference is action – the penetration test aims to breach the security of the business, where a vulnerability assessment is simply an evaluation of your organization’s security posture.

A penetration test can help answer the following questions:

  • Can vulnerabilities that are found be exploited to gain access or steal data?
  • Can lower-risk vulnerabilities be exploited in a way together that opens up a higher-risk vulnerability?
  • What does this mean to the business or operations if successful?
  • At what level can your business successfully detect and respond to attacks?

Other reasons a penetration test can provide value to your business:

  • Meeting compliance with regulatory standards
  • Automated network or application vulnerability scanning software can have difficulty detecting some types of vulnerabilities.
  • Provide evidence to support increased investments in security personnel and technology
  • Post security incident- to validate new security controls put in place will stop a similar attack in the future.

Security BreachPenetration tests can be scoped to your business needs from general to narrow.  On the general side of scope is a black box test.  The tester is given little to no information and tries to see if they can get access or business information.  On the narrow side of scope is a white box test.  This could be something like testing a new application with full knowledge of what it should do.  The tester in this case is given valid user accounts with different roles like a regular user and an admin user to test what each can do in the application.

If you would like to discuss penetration testing and the value it can bring to your organization, please contact your Keller Schroeder Account Manager to begin a discussion with our certified penetration testers.


It’s OK to Ignore the CEO, When it is NOT the CEO!

ImagineBrad Mathis  – [Senior Consultant – Information Security]

Imagine the following scenario.

You are going through your daily routine and you receive an urgent email from the CEO.  The email is urgent, appears to be time sensitive, and is requiring you to act immediately.  You are aware the CEO is currently out on vacation or away on business, and is therefore unreachable.  However, the email is direct and to the point.  “Get this Done!”  The email is asking for you, a member of the financial team, to process a payment or monetary transfer.  It may even inform you someone from another company will be reaching out to you with further instructions, such as account numbers and routing information. An abbreviated example of such an email may look something like this:

CEO Email
What if you also received an email ahead of this one from someone in finance saying “Keep an eye out for an email from the CEO asking about a funds transfer”, followed by an email from the alleged company the CEO mentioned in their original email?  Transferring large sums of money from one account to another is a normal part of your job.  Although this chain of events is a bit out of the ordinary, it also seems perfectly legitimate.  Would you process the transfer?  Would a co-worker?

Sadly, far too many organizations are falling victim to these type of crimes known as CEO Fraud and Business Email Compromise (BEC).  Some of the email senders’ email accounts are spoofed, meaning the criminal sender is making the recipient think the email is from the actual sender.  Even more concerning is when the actual senders’ email account credentials are compromised and the criminal is able to send emails directly from the account of a CEO, CFO, Attorney, and so on.  This may sound complicated, but it isn’t.  With the advancement of malware laced email attachments and infected links, it is far too easy to install malicious software on a victim’s workstation, thereby allowing the criminal to capture every keystroke the legitimate user types.  Even more concerning, cameras and microphones can be controlled by the criminals.

The FBI estimates the organizational amount lost to Business Email Compromise between October 2013 and February 2016 to be $2.3 Billion.  Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss! Keep in mind, this is only the amount of loss actually reported.  Many businesses remain quiet and never report their losses for fear of public reputation damage.

Know Be 4Luckily, the risk of becoming a victim to this type of crime, as well as other email and web based threats can be reduced.  A modern and evolving layered security infrastructure is extremely important.  It cannot and should not be overlooked.  However, the most effective and most overlooked method to reduce your risk of becoming a cybercrime victim is effective and measurable End User Security Awareness Education.

While we constantly stress the importance of Vulnerability and Patch Management, this does not just apply to your technology.  User vulnerability levels need to be assessed in order to gauge their likelihood of falling prey to a Phishing email and other criminal scams.  This activity is most effective when supplemented with required security awareness training.  This is where it sometimes gets tricky.  The simulated phishing campaigns and security awareness training requirements must apply to ALL employees, up to and including the President and CEO.

Identifying your employee vulnerability baseline is an important and effective step toward lowering your overall risk profile, as well as empowering your workforce to always be on the lookout for malicious and criminal activity that can threaten your business.

So, Yes… It is OK to ignore the CEO’s request when it cannot be verified it is truly the request of the CEO.  When the business is on the line, they will thank you for your due diligence.

How vulnerable are your users?  How likely are they to fall prey to becoming a victim?  How have you taken steps to get data to support your answers to those questions?  When performing these employee vulnerability baseline assessments, we have already seen as high as a 75% failure rate for the initial Phishing test.  Launching an effective awareness solution that allows you to measure risk and track improvements is a critical first step in lowering your employee vulnerability risk, making your organization less likely to become a victim of cybercrimes such as CEO Fraud, Business Email Compromise, and Ransomware.

Contact Keller Schroeder today to find out how we can help you implement solutions that effectively reduce your employee vulnerability risk through ongoing security awareness training and testing.


ProofPoint Email Protection – Not Your Average Spam Filter

ProofpointChance Webster  – [Systems Engineer – Network Solutions Group]

In today’s fast paced world, e-mail is the medium that drives business.  Not only do we use email to conduct day to day operations and communicate with employees, customers, and business partners, we also use email to advertise products and services, convey information to a large group, or even send that all-important casserole recipe to a coworker.  With the pervasiveness of email, a common business concern is how to filter out junk mail or messages with malicious content.  There are many good solutions on the market today, however there are sometimes gaps in coverage as vendors try to keep up with ever-evolving tactics used by spammers and other malware techniques.  A complete solution to mitigate both junk mail and mail-based risks and provide solid intelligence on these threats is ProofPoint Email Protection.

ProofPoint Email Protection is a cloud-based platform that grows with your business and can be used to develop a highly reliable, low latency solution to protect your users from malicious or otherwise unwanted messages by use of policies rather than a set of rules that apply to everyone in the organization.  By using policies to define your message filtering rules, administrators can allow for a more targeted audience for messages from a particular source, sender, or classification of messages, if required.  Since ProofPoint Email Protection is cloud-based, it also provides for continuity of incoming email if your email servers go down and will automatically restart delivery when your email services are restored.

Proofpoint DemoProofPoint Email Protection also provides a high level of visibility and reporting for your email administrators while also providing your users with some level of control.  Messages can be searched using the message tracing logs and dozens of search criteria to quickly identify messages and take action as necessary.  There are also a large number of detailed reports that can be used to provide a vast array of information and allow administrators to make informed decisions when approving or denying messages with questionable content.  End users can also be provided some freedom to opt in or out of routine quarantined message notifications, ProofPoint-managed or Administrator-defined Safe and Block lists for known spam or malware sources, or even Bulk Message delivery.

If you are considering more effective ways to manage against mail-based malware risks or the loss of time related to sorting through spammed messages, make contact with your Keller Schroeder Account Manager and let us show you more about the ProofPoint Email Protection solution.


Systems Team Proactive Performance Management (PPM) Services

Chris Haynes  – [Keller Schroeder Engineer]

        An ounce of prevention is worth a pound of cure. – Benjamin Franklin

Virtualization has become the norm in most data centers, but so is the expectation of zero downtime. Preventative maintenance is the best insurance against downtime and security threats in your storage/virtualization environment.SV PPM Wheel

Preventative maintenance can:

  • Prevent productivity losses due to unscheduled downtime
  • Reduce security risk
  • Increase the quality & reliability of mission-critical IT operations
  • Maximize performance & efficiency
  • Lower overall maintenance costs

Keller Schroeder’s System Team offers a Proactive Performance Management (PPM) service to perform regular preventative maintenance services and provide remedy reporting and resolution for storage/virtualization environments.

So what does our PPM service include?

  • Review system logs, alerts, & diagnose problems
  • Identify capacity & performance issues & inefficiencies
  • Perform minor upgrades & apply patches
  • Analyze/validate system configurations
  • Remediate discovered issues
  • Make recommendations for improvements or industry common practice design changes

So why use Keller Schroeder for these services?

Our Systems Team has a combined years of experience in IT of 130+ years, which is an average of about 22 years per admin. We have deep knowledge & expertise in the storage/virtualization stack, both past and present.  We carry multiple certifications in various technologies, and continuously perform new installs and upgrade existing systems in the field, so we are fresh & familiar with the latest versions, compatibility requirements, and potential pitfalls.

We already perform PPM programs for many of our clients and have developed detailed & proven install, upgrade, & patch procedures, along with health assessments & checklists, and remedy/status reports. We typically provide these PPM services on a quarterly basis, but we can build a customized plan to meet your specific needs.

A key challenge in IT is having to do more with less and dealing with a lack of resources, so let us do what we do best, so you can focus on what you do best for your business.

Please contact your Keller Schroeder Account Manager for more information.


LogRhythm 7 – Next-Gen Security Threat Detection & Response

Brad Mathis[Senior Consultant, Information Security]LogRhythm Platform

 

LogRhythm, The Security Intelligence Company, recently unveiled LogRhythm 7, a major upgrade to their security intelligence and analytics platform.  With new and enhanced features and capabilities, LogRhythm continues to be a leader in the SIEM (Security Information & Event Management) space.

 

Chris Peterson, senior vice-president of products, CTO and co-founder at LogRhythm states, “The sophistication and resolve of today’s cyber adversaries continue to rise, as does the number of successful intrusions.” “The innovations in LogRhythm 7 empower IT security teams to detect, respond to and neutralize cyber intruders faster and more efficiently.”

 

LogRhythm DashboardWith LogRhythm’s HTML5 based dashboard, advanced security analytics and SmartResponse automation capabilities, and the ability to perform full-text unstructured search with the introduction of Elasticsearch, it is no surprise LogRhythm has been positioned as a Leader in Gartner’s SIEM Magic Quadrant report for four consecutive years.  LogRhythm scored highest in Gartner’s Critical Capabilities for Security Information and Event Management.

 

New features with LogRhythm 7 include:

  • Elasticsearch based indexing for expedited investigations
  • Architectural advancements for up to a 300 percent improvement in data indexing performance on a per-node basis
  • Real-time threat activity map
  • New Risk-Based scoring algorithms
  • Incident Response advancements
  • Extensions to the SmartResponse Automation framework, such as the ability to prevent malware outbreak with endpoint shutdown

For more information or to schedule a LogRhythm demonstration, contact your Keller Schroeder Account Manager.


Spotlight On…

Employee Owners: Chris FortuneChris Fortune

 

Chris Fortune is a 20 year veteran in IT. His experience began as a co-op student on a helpdesk and quickly escalated into increasingly challenging roles in network engineering, system engineering, and telecom. Security has always been the common thread of Chris’ work with these other disciplines.  He has also had direct responsibility for security such as managing firewalls, IDS/IPS, AV, VPN, remote access, log management and forensics.  Chris has worked for manufacturing, education, service provider, financial, healthcare and utility companies, as well as being an IT consultant for these types of businesses.

Chris has a Bachelor of Science in Computer Engineering from the University of Evansville and is working on a graduate certificate in Penetration Testing & Ethical Hacking from SANS Technology Institute.

Contact the Keller Schroeder Account Team to learn more about Chris and how you can leverage his experience and skills to benefit your organization.


Phish or Be Phished? The Choice is Yours

PhishingBrad Mathis, Senior Consultant, Information Security

It is mid-2015.  By now, we have all seen incoming emails claiming we have been bequeathed a huge sum of money from a Nigerian Prince, or we have won a foreign lottery we never entered.  Most employees have seen these scam emails long enough to know they are not real.

However,

  • What about the seemingly benign email coming in from a recognizable sender?
  • What if this legitimate looking email has an attached PDF or Word document?
  • What if it contains a seemingly real link to a web site?
  • How many of your employees would open the attachment or click on the link?
  • How many employees will assume it is safe since it made it unscathed through all of your layers of security, including email and web content filters?
  • Do your users understand the ramifications of introducing undetected malware into your environment? Do they know this malware can capture their keystrokes, turn on their web camera and microphone, and capture screen shots or data from their system and transmit this data to cyber-criminals completely undetected?

If you can answer these questions with a high degree of certainty, you are either a one-user environment, you are sitting at each user’s desk approving their every keystroke, OR, you have already identified and implemented the requirement for measurable security awareness training and the importance of recurring testing of your staff to see how Phish prone they are.

This would be a good time to stress the importance of continuing to maintain an effective defense-in-depth strategy.  What does this mean?  Defense-in-depth all comes down to remembering not one single defense mechanism will protect your environment.  It takes several layers to lower risk.  Examples of necessary defense-in-depth layers are:

  • Continuous Vulnerability Management
  • Continuous Patch Management of Applications and Operating Systems
  • System Hardening and Configuration Standards
  • Effective Next Generation Firewall Strategy
  • Intrusion Detection and Prevention
  • Malware Defenses and Content Filtering
  • Secure Perimeter and Network Security Architecture
  • Complete elimination of obsolete operating systems and applications, as well as the elimination of technologies no longer supported or considered best practice, such as RIP and WINS
  • Strengthened Controls such as Password Requirements and Rights Management
  • Policies, Procedures, and Standards

Data SecurityWon’t a strong defense-in-depth strategy prevent the introduction of cyberattacks into my network? Unfortunately, no amount of technical defenses can completely prevent the actions of a user lacking security awareness from clicking or opening something they should not.  The danger point is the window of opportunity the cyber-criminal are all too familiar with.  Cyber-criminals know there is a time lag between the time vulnerabilities are discovered and the time organizations get around to correcting the vulnerability.  The criminals know to attack swiftly while defenses are down and the chance of detection is low.

According to a recent information security study, it takes organizations an average of 176 days to remediate known vulnerabilities.  However, it only takes cyber criminals an average of 7 days to exploit known vulnerabilities.  During the 169-day delta between vulnerability remediation and cyber-criminal exploitation, your defense in depth layers may be at the mercy of your end user’s level of security awareness education.  On top of this, we have been seeing a window of several days before anti-malware providers can detect the newest malware strains.

Of the 150+ Million phishing emails being sent every single day, over 10% are making it through SPAM filters.  Of those, over 8 million are opened, and over 800,000 users are clicking on phishing links.  An average of 80,000 users a day are actually providing sensitive information to cyber-criminals because they believe the email or web link to be legitimate.  Every Day!  Are your users among the 80,000 daily victims?

Know Be 4If you haven’t figured it by now, Security Awareness Training and Effectiveness Testing is now a required layer to an effective Defense-In-Depth strategy.  Knowing this is critical, Keller Schroeder has partnered with KnowBe4 to offer effective and measurable Information Security Awareness Training, as well as perform ‘safe’ simulated phishing attacks to help determine what your current Phish-Prone percentage is and how to lower it.  For years, law enforcement learned their best crime prevention techniques from Criminals.  KnowBe4 has taken this approach, as well, with Security Awareness Training.  The training was co-developed with reformed cyber-criminal Kevin Mitnick, the Most Wanted Hacker in the World during the mid-nineties.

For more information about how Keller Schroeder and KnowBe4 solutions can help you determine and lower your Security Awareness Risk, please contact your Keller Schroeder Account Manager.