Security

by Carissa Carissa No Comments

Simple, Sneaky Ways Cybercriminals Access A Small Business’s Network

Sneaky Ways Cybercriminals Access Small Business Networks

Hackers prefer the little guy. The high-profile data breaches you read about in the news — your Facebooks and Equifaxes and T-Mobiles — are only the tip of the iceberg when it comes to the digital crimes being perpetrated day after day, especially against small businesses. Today, according to a report by the National Cyber Security Alliance, 70 percent of hackers specifically target small businesses. Attracted by the prospect of easy money, they search for those organizations who underspend on protection, who have employees untrained to spot security risks, and who subscribe to woefully out-of-date practices to protect their data. As a result, more than 50 percent of small businesses have been hacked, while 60 percent of companies breached are forced to close their doors within six months.

Most business owners have no idea the danger they are putting their livelihood in by leaving cyber security up to chance. According to a survey conducted by Paychex, 68 percent of small-business owners are not concerned about their current cyber security standards, despite the fact that around 70 percent of them aren’t adequately protected. In the face of an imminent, global threat to the very existence of small businesses everywhere, most CEOs offer up a collective shrug.

The tactics and software available to hackers become more sophisticated by the day, but with so many unwitting victims, most criminals do not even need to work that hard to net a six-figure income. By sticking to three tried-and-tested tools of the trade — phishing, ransomware and the subtle art of guessing users’ passwords — they leech comfortably off the earnest efforts of small businesses all over the world.

So, what has to be done? Well, first things first: You need to educate yourself and your team. Protect your organization against phishing by fostering a healthy skepticism of any email that enters your inbox. Make it a habit of hovering over hyperlinks to check their actual destination before you click. If an email is coming from someone you know, but the email address is different, verify it with the other party. And never, ever send passwords or personal details to anyone over the internet if you can avoid it.

Speaking of passwords, you probably need to upgrade yours. The majority of folks use the same password for everything from their Facebook account to their business email. The fact that this includes your employees should make you shudder. It may not seem like a big deal — who is going to take the time to guess SoCcErMoM666? — but aside from the fact that simple software enables hackers to guess even complicated passwords in minutes, that’s not even usually necessary. Instead, they can just look at the data dumps from a recent more high-profile breach — think the Equifax fiasco — pull your old website from there and type it into whatever profile they want to access. If you keep all your passwords the same across sites, it will not take them long to dig into your most precious assets. To avoid this, implement a strict set of password regulations for your business, preferably incorporating two-factor authentication and mandatory password changes every few weeks.

While educating yourself and training your team on the latest hacking techniques is a great line of defense, it is still always possible for a data breach to occur. Cybercrime is constantly evolving, and staying abreast of its breakneck pace takes a dedicated awareness of the latest protective tools and measures. That is why your single best weapon to defend you against the hackers at your door is to find a trusted technology partner with a background in defending against digital threats. With a proper backup and disaster recovery plan in place, if a crisis strikes, they will be able to help get your network back up in minutes rather than days.

In today’s digital world, leaving your cyber security up to a subpar antivirus and some wishful thinking is more than irresponsible — it’s an existential threat to your company. However, with a little savvy, a bit of investment and a second opinion on the circumstances of your company’s security, you can rest easy knowing that no matter what comes, you’re protected.

by Carissa Carissa No Comments

Top 4 Ways Hackers Will Attack Your Network

Know Before Think Before You ClickMost small and midsize business (SMB) owners exist in a bubble of blissful ignorance. They focus on the day-to-day operations of their organization, driving growth, facilitating hiring and guiding marketing, without a single thought given to the security of the computer networks these processes depend on. After all, they’re just the little guy – why would hackers go to the trouble of penetrating their systems for the minuscule amount of data they store? And eventually, often after years of smooth sailing through calm seas, they get hacked, fork out thousands of dollars to malicious hackers and collapse beneath the weight of their own shortsightedness.

The facts don’t lie. According to Verizon’s annual Data Breach Investigations Report, a full 71% of cyber-attacks are aimed squarely at SMBs. And while it’s unclear exactly how many of these attacks are actually successful, with the sad state of most small businesses’ security protocols, it’s a safe bet that a good chunk of the attacks make it through. But why? As Tina Manzer writes for Educational Dealer, “Size becomes less of an issue than the security network … While larger enterprises typically have more data to steal, small businesses have less secure networks.” As a result, hackers can hook up automated strikes to lift data from thousands of small businesses at a time – the hit rate is that high.

Today, trusting the security of your company to your son-in-law, who assures you he “knows about computers,” isn’t enough. It takes constant vigilance, professional attention and, most of all, knowledge. Start here with the four most common ways hackers infiltrate hapless small businesses.

PHISHING E-MAILS

An employee receives an e-mail directly from your company’s billing company, urging them to fill out some “required” information before their paycheck can be finalized. Included in the very professional-looking e-mail is a link your employee needs to click to complete the process. But when they click the link, they aren’t redirected anywhere. Instead, a host of vicious malware floods their system, spreading to the entirety of your business network within seconds, and locks everyone out of their most precious data. In return, the hackers want thousands of dollars or they’ll delete everything.

It’s one of the oldest tricks in the hacker toolbox, but today it’s easier than ever for an attacker to gather key information and make a phishing e-mail look exactly like every other run-of-the-mill e-mail you receive each day. Train your employees to recognize these sneaky tactics, and put in safeguards in case someone messes up and clicks the malicious link.

BAD PASSWORDS

According to Inc.com contributing editor John Brandon, “With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight-character password combinations a minute.” What’s more, he says, “80% of cyber-attacks involve weak passwords,” yet despite this fact, “55% of people use one password for all logins.”

As a manager, you should be bothered by these statistics. There’s simply no excuse for using an easy-to-crack password, for you or your team. Instead, it’s a good idea to make a password out of four random common words, splicing in a few special characters for good measure. To check the strength of your password, type it into HowSecureIsMyPassword.net before you make it official.

MALWARE

As described above, malware is often delivered through a shady phishing e-mail, but it’s not the only way it can wreak havoc on your system. An infected website (such as those you visit when you misspell sites like Facebook.com, a technique called “typosquatting”), a USB drive loaded with viruses or even an application can bring vicious software into your world without you even realizing it. In the past, an antivirus software was all that you needed. These days, it’s likely that you need a combination of software systems to combat these threats. These tools are not typically very expensive to put in place, especially considering the security holes they plug in your network.

SOCIAL ENGINEERING

As fallible as computers may be, they’ve got nothing on people. Sometimes hackers don’t need to touch a keyboard at all to break through your defenses: they can simply masquerade as you to a support team in order to get the team to activate a password reset. It’s easier than you think, and requires carefully watching what information you put on the Internet – don’t put the answers to your security questions out there for all to see.

We’ve outlined some of the simplest ways to defend yourself against these shady techniques, but honestly, the best way is to bring on a company that constantly keeps your system updated with the most cutting-edge security, is ready at a moment’s notice to protect you in a crisis, and can train your end-users. Hackers are going to come for you, but if you’ve done everything you can to prepare, your business will be safe. To discuss how Keller Schroeder can help you develop a comprehensive strategy to protect your business, contact your Keller Schroeder Account Manager today.

by Carissa Carissa No Comments

Cisco Umbrella: First Line of Defense

Tyler Carlisle - Keller Schroeder Network ConsultantTyler Carlisle  – [Network Consultant]

How do you protect your users when they are off your corporate network, outside the boundaries of your perimeter security solution? Do they use a VPN? Are you sure? A recent Gartner study predicted that as much as 25% of corporate data traffic will bypass perimeter security. How can you guarantee that your users are secure? Cisco Umbrella can provide the answer.

Cisco Umbrella First Line of Defense

Cisco acquired OpenDNS in 2015 and rebranded its enterprise security products to Cisco Umbrella. Cisco Umbrella is a cloud-based Secure Internet Gateway that protects your users wherever they access the internet, whether on or off the corporate network, and on or off the VPN. Its DNS-based architecture and IP layer enforcement provide a first line of defense against threats, such as malware, ransomware, and C2 callbacks.

Cisco Umbrella Security

 

Cisco Umbrella provides the same protection to all devices on the corporate network, including IoT and mobile devices, by simply forwarding external DNS traffic to the Umbrella servers. Best of all, it provides all this protection with zero additional latency, 100% uptime, and it can be deployed in as little as 30 minutes.

 

If you would like more information on Cisco Umbrella, visit www.kellerschroeder.com/umbrella to download our “At A Glance” information sheet or request to be added to our upcoming webinar distribution list.  You can also contact your Keller Schroeder Select Account Manager today to start your free trial of Cisco Umbrella.

by Carissa Carissa No Comments

Baramundi Management Suite

Chance Webster – [Systems Engineer]

There are often tasks in IT departments that tend to create a lot of legwork and require significant time and effort to complete.  Reconciling hardware and software inventories, patching servers and PCs, mitigating security risks or misconfigurations, and deploying software quickly to many PCs or servers in a short amount of time are challenges that every IT department faces.  Baramundi Management Suite helps resolve many time-consuming tasks that you may have in your organization.

Baramundi Logo

With Baramundi Management Suite, hardware and software inventories can be automated, which reduces the manual overhead of collecting inventory information.  Inventories can then be broken out by static groups or groups based on specific attributes such as operating system versions or available disk space.  Inventory information can also be obtained from SNMP capable devices such as switches, routers, firewalls, and printers to reduce the overhead even further.

Security and vulnerabilities are also easier to manage using Baramundi Management Suite.  By providing vulnerability information in a consolidated way, it allows prioritization of these fixes either per machine or per specific vulnerability.  Baramundi Management Suite provides a platform which can be used to replace your WSUS deployment and provide you with a managed, up to date catalog of third party updates to help keep these applications updated.  In addition, a compliance management module is available to allow you to scan for any new vulnerabilities after your patch deployment is complete.

Baramundi Management Suite

Software deployment throughout the organization using Baramundi Management Suite is a snap.  If you are using a pre-packaged Microsoft Installer or other executable package, you can easily create a package to deploy that software with just a few mouse clicks.  If, however, the software requires some customization during the install, you can use the Baramundi Automation Studio to step through the installation as you normally would, recording each step along the way, to create your deployment package.  Once completed, you will be able to deploy even the most difficult applications quickly and easily.

Baramundi Management Suite is one of many systems management platforms.  What makes it stand out among the likes of SCCM, Altiris, and other systems management platform is the ease of use.  You can achieve tasks in minutes that have taken hours, if not days, to accomplish before.  Baramundi Management Suite also allows you to definitively see, in real-time, that action has been taken for a particular task.  Baramundi Management Suite is systems management in real time.

To learn how Baramundi can help resolve many of the time-consuming tasks you may have in your organization, please reach out to your Keller Schroeder Select Account Manager.

by Carissa Carissa No Comments

Carbon Black Defense Endpoint Security

Paul Miller Keller Schroeder Senior EngineerPaul Miller – [Senior Systems Engineer]

The world of endpoint security is a very crowded market right now, making it difficult to discern what makes one solution better than another. We at Keller Schroeder found ourselves hunting for answers in this market space last summer, and underwent an evaluation of the top ten solutions on the market. After this extensive research, we ended up establishing a new partnership with Carbon Black.

Carbon Black Logo

Carbon Black Defense brings a robust set of features to the table. Their entire technique for endpoint defense relies on detecting malicious software and stopping execution before damage is done.  As a cloud-based solution, Carbon Black monitors all processes running on your endpoint, scores them based on malicious tactics, techniques, and procedures (ram scraping, bad execution methods, self-elevation), and then stops the execution of processes that are found to be up to no good. This happens in real-time, and utilizes a very light agent (0-1% CPU) on the endpoints.

Carbon Black Predictive Security Cloud

The console provides kill chain insight like no other product on the market, and other advanced threat protection options.  From the console it is simple (a couple of clicks… really), to look at a threat’s kill chain, and blacklist the offending process from running again anywhere in your enterprise.  Management overhead for most environments are estimated at around 1-2 hours a week under normal conditions, making it light on administration overhead as well.

If you have a renewal in the future for your endpoint security products, and would like to take a look at CB Defense, please get in touch with your Keller Schroeder Select Account Manager. We would enjoy providing you a demo to show you why this product stands out in this very crowded field.

 

by Carissa Carissa No Comments

Penetration Tests – Why does your organization need one?

Chris Fortune[Security Consultant]

Penetration TestingPenetration testing helps businesses understand if their investment in security actually affords them the protection they want.  To help in your understanding, let’s start with defining some terms to make sure we are using the same vocabulary.

  • Threat – agent or actor that can cause harm
  • Vulnerability – a flaw someone can exploit to cause harm
  • Risk – Where threat and vulnerability overlap
  • Exploit – code or technique that a threat uses to take advantage of a vulnerability
  • Penetration testing  – involves modeling the techniques used by real-world computer attackers to find vulnerabilities and under controlled circumstances to exploit these flaws in a professional, safe manner according to a carefully designed scope and rules of engagement to determine business risk and potential impact.  All with the goal of helping the organization improve security.
  • Security/Vulnerability assessment – focus is on finding security vulnerabilities, which may or may not be used to get in or steal data.  These assessments are broader, and often include explicit policy and procedure review.

Now that we have a common vocabulary, you might be thinking “How is a penetration test different than a vulnerability assessment?”  The difference is action – the penetration test aims to breach the security of the business, where a vulnerability assessment is simply an evaluation of your organization’s security posture.

A penetration test can help answer the following questions:

  • Can vulnerabilities that are found be exploited to gain access or steal data?
  • Can lower-risk vulnerabilities be exploited in a way together that opens up a higher-risk vulnerability?
  • What does this mean to the business or operations if successful?
  • At what level can your business successfully detect and respond to attacks?

Other reasons a penetration test can provide value to your business:

  • Meeting compliance with regulatory standards
  • Automated network or application vulnerability scanning software can have difficulty detecting some types of vulnerabilities.
  • Provide evidence to support increased investments in security personnel and technology
  • Post security incident- to validate new security controls put in place will stop a similar attack in the future.

Security BreachPenetration tests can be scoped to your business needs from general to narrow.  On the general side of scope is a black box test.  The tester is given little to no information and tries to see if they can get access or business information.  On the narrow side of scope is a white box test.  This could be something like testing a new application with full knowledge of what it should do.  The tester in this case is given valid user accounts with different roles like a regular user and an admin user to test what each can do in the application.

If you would like to discuss penetration testing and the value it can bring to your organization, please contact your Keller Schroeder Account Manager to begin a discussion with our certified penetration testers.

by Carissa Carissa No Comments

It’s OK to Ignore the CEO, When it is NOT the CEO!

ImagineBrad Mathis  – [Senior Consultant – Information Security]

Imagine the following scenario.

You are going through your daily routine and you receive an urgent email from the CEO.  The email is urgent, appears to be time sensitive, and is requiring you to act immediately.  You are aware the CEO is currently out on vacation or away on business, and is therefore unreachable.  However, the email is direct and to the point.  “Get this Done!”  The email is asking for you, a member of the financial team, to process a payment or monetary transfer.  It may even inform you someone from another company will be reaching out to you with further instructions, such as account numbers and routing information. An abbreviated example of such an email may look something like this:

CEO Email
What if you also received an email ahead of this one from someone in finance saying “Keep an eye out for an email from the CEO asking about a funds transfer”, followed by an email from the alleged company the CEO mentioned in their original email?  Transferring large sums of money from one account to another is a normal part of your job.  Although this chain of events is a bit out of the ordinary, it also seems perfectly legitimate.  Would you process the transfer?  Would a co-worker?

Sadly, far too many organizations are falling victim to these type of crimes known as CEO Fraud and Business Email Compromise (BEC).  Some of the email senders’ email accounts are spoofed, meaning the criminal sender is making the recipient think the email is from the actual sender.  Even more concerning is when the actual senders’ email account credentials are compromised and the criminal is able to send emails directly from the account of a CEO, CFO, Attorney, and so on.  This may sound complicated, but it isn’t.  With the advancement of malware laced email attachments and infected links, it is far too easy to install malicious software on a victim’s workstation, thereby allowing the criminal to capture every keystroke the legitimate user types.  Even more concerning, cameras and microphones can be controlled by the criminals.

The FBI estimates the organizational amount lost to Business Email Compromise between October 2013 and February 2016 to be $2.3 Billion.  Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss! Keep in mind, this is only the amount of loss actually reported.  Many businesses remain quiet and never report their losses for fear of public reputation damage.

Know Be 4Luckily, the risk of becoming a victim to this type of crime, as well as other email and web based threats can be reduced.  A modern and evolving layered security infrastructure is extremely important.  It cannot and should not be overlooked.  However, the most effective and most overlooked method to reduce your risk of becoming a cybercrime victim is effective and measurable End User Security Awareness Education.

While we constantly stress the importance of Vulnerability and Patch Management, this does not just apply to your technology.  User vulnerability levels need to be assessed in order to gauge their likelihood of falling prey to a Phishing email and other criminal scams.  This activity is most effective when supplemented with required security awareness training.  This is where it sometimes gets tricky.  The simulated phishing campaigns and security awareness training requirements must apply to ALL employees, up to and including the President and CEO.

Identifying your employee vulnerability baseline is an important and effective step toward lowering your overall risk profile, as well as empowering your workforce to always be on the lookout for malicious and criminal activity that can threaten your business.

So, Yes… It is OK to ignore the CEO’s request when it cannot be verified it is truly the request of the CEO.  When the business is on the line, they will thank you for your due diligence.

How vulnerable are your users?  How likely are they to fall prey to becoming a victim?  How have you taken steps to get data to support your answers to those questions?  When performing these employee vulnerability baseline assessments, we have already seen as high as a 75% failure rate for the initial Phishing test.  Launching an effective awareness solution that allows you to measure risk and track improvements is a critical first step in lowering your employee vulnerability risk, making your organization less likely to become a victim of cybercrimes such as CEO Fraud, Business Email Compromise, and Ransomware.

Contact Keller Schroeder today to find out how we can help you implement solutions that effectively reduce your employee vulnerability risk through ongoing security awareness training and testing.

by Carissa Carissa No Comments

ProofPoint Email Protection – Not Your Average Spam Filter

ProofpointChance Webster  – [Systems Engineer – Network Solutions Group]

In today’s fast paced world, e-mail is the medium that drives business.  Not only do we use email to conduct day to day operations and communicate with employees, customers, and business partners, we also use email to advertise products and services, convey information to a large group, or even send that all-important casserole recipe to a coworker.  With the pervasiveness of email, a common business concern is how to filter out junk mail or messages with malicious content.  There are many good solutions on the market today, however there are sometimes gaps in coverage as vendors try to keep up with ever-evolving tactics used by spammers and other malware techniques.  A complete solution to mitigate both junk mail and mail-based risks and provide solid intelligence on these threats is ProofPoint Email Protection.

ProofPoint Email Protection is a cloud-based platform that grows with your business and can be used to develop a highly reliable, low latency solution to protect your users from malicious or otherwise unwanted messages by use of policies rather than a set of rules that apply to everyone in the organization.  By using policies to define your message filtering rules, administrators can allow for a more targeted audience for messages from a particular source, sender, or classification of messages, if required.  Since ProofPoint Email Protection is cloud-based, it also provides for continuity of incoming email if your email servers go down and will automatically restart delivery when your email services are restored.

Proofpoint DemoProofPoint Email Protection also provides a high level of visibility and reporting for your email administrators while also providing your users with some level of control.  Messages can be searched using the message tracing logs and dozens of search criteria to quickly identify messages and take action as necessary.  There are also a large number of detailed reports that can be used to provide a vast array of information and allow administrators to make informed decisions when approving or denying messages with questionable content.  End users can also be provided some freedom to opt in or out of routine quarantined message notifications, ProofPoint-managed or Administrator-defined Safe and Block lists for known spam or malware sources, or even Bulk Message delivery.

If you are considering more effective ways to manage against mail-based malware risks or the loss of time related to sorting through spammed messages, make contact with your Keller Schroeder Account Manager and let us show you more about the ProofPoint Email Protection solution.

by Carissa Carissa No Comments

Systems Team Proactive Performance Management (PPM) Services

Chris Haynes  – [Keller Schroeder Engineer]

        An ounce of prevention is worth a pound of cure. – Benjamin Franklin

Virtualization has become the norm in most data centers, but so is the expectation of zero downtime. Preventative maintenance is the best insurance against downtime and security threats in your storage/virtualization environment.SV PPM Wheel

Preventative maintenance can:

  • Prevent productivity losses due to unscheduled downtime
  • Reduce security risk
  • Increase the quality & reliability of mission-critical IT operations
  • Maximize performance & efficiency
  • Lower overall maintenance costs

Keller Schroeder’s System Team offers a Proactive Performance Management (PPM) service to perform regular preventative maintenance services and provide remedy reporting and resolution for storage/virtualization environments.

So what does our PPM service include?

  • Review system logs, alerts, & diagnose problems
  • Identify capacity & performance issues & inefficiencies
  • Perform minor upgrades & apply patches
  • Analyze/validate system configurations
  • Remediate discovered issues
  • Make recommendations for improvements or industry common practice design changes

So why use Keller Schroeder for these services?

Our Systems Team has a combined years of experience in IT of 130+ years, which is an average of about 22 years per admin. We have deep knowledge & expertise in the storage/virtualization stack, both past and present.  We carry multiple certifications in various technologies, and continuously perform new installs and upgrade existing systems in the field, so we are fresh & familiar with the latest versions, compatibility requirements, and potential pitfalls.

We already perform PPM programs for many of our clients and have developed detailed & proven install, upgrade, & patch procedures, along with health assessments & checklists, and remedy/status reports. We typically provide these PPM services on a quarterly basis, but we can build a customized plan to meet your specific needs.

A key challenge in IT is having to do more with less and dealing with a lack of resources, so let us do what we do best, so you can focus on what you do best for your business.

Please contact your Keller Schroeder Account Manager for more information.

by Carissa Carissa No Comments

LogRhythm 7 – Next-Gen Security Threat Detection & Response

Brad Mathis[Senior Consultant, Information Security]LogRhythm Platform

 

LogRhythm, The Security Intelligence Company, recently unveiled LogRhythm 7, a major upgrade to their security intelligence and analytics platform.  With new and enhanced features and capabilities, LogRhythm continues to be a leader in the SIEM (Security Information & Event Management) space.

 

Chris Peterson, senior vice-president of products, CTO and co-founder at LogRhythm states, “The sophistication and resolve of today’s cyber adversaries continue to rise, as does the number of successful intrusions.” “The innovations in LogRhythm 7 empower IT security teams to detect, respond to and neutralize cyber intruders faster and more efficiently.”

 

LogRhythm DashboardWith LogRhythm’s HTML5 based dashboard, advanced security analytics and SmartResponse automation capabilities, and the ability to perform full-text unstructured search with the introduction of Elasticsearch, it is no surprise LogRhythm has been positioned as a Leader in Gartner’s SIEM Magic Quadrant report for four consecutive years.  LogRhythm scored highest in Gartner’s Critical Capabilities for Security Information and Event Management.

 

New features with LogRhythm 7 include:

  • Elasticsearch based indexing for expedited investigations
  • Architectural advancements for up to a 300 percent improvement in data indexing performance on a per-node basis
  • Real-time threat activity map
  • New Risk-Based scoring algorithms
  • Incident Response advancements
  • Extensions to the SmartResponse Automation framework, such as the ability to prevent malware outbreak with endpoint shutdown

For more information or to schedule a LogRhythm demonstration, contact your Keller Schroeder Account Manager.

Top