Security

by Carissa Carissa No Comments

Spotlight On…

Employee Owners: Chris FortuneChris Fortune

 

Chris Fortune is a 20 year veteran in IT. His experience began as a co-op student on a helpdesk and quickly escalated into increasingly challenging roles in network engineering, system engineering, and telecom. Security has always been the common thread of Chris’ work with these other disciplines.  He has also had direct responsibility for security such as managing firewalls, IDS/IPS, AV, VPN, remote access, log management and forensics.  Chris has worked for manufacturing, education, service provider, financial, healthcare and utility companies, as well as being an IT consultant for these types of businesses.

Chris has a Bachelor of Science in Computer Engineering from the University of Evansville and is working on a graduate certificate in Penetration Testing & Ethical Hacking from SANS Technology Institute.

Contact the Keller Schroeder Account Team to learn more about Chris and how you can leverage his experience and skills to benefit your organization.

by Carissa Carissa No Comments

Phish or Be Phished? The Choice is Yours

PhishingBrad Mathis, Senior Consultant, Information Security

It is mid-2015.  By now, we have all seen incoming emails claiming we have been bequeathed a huge sum of money from a Nigerian Prince, or we have won a foreign lottery we never entered.  Most employees have seen these scam emails long enough to know they are not real.

However,

  • What about the seemingly benign email coming in from a recognizable sender?
  • What if this legitimate looking email has an attached PDF or Word document?
  • What if it contains a seemingly real link to a web site?
  • How many of your employees would open the attachment or click on the link?
  • How many employees will assume it is safe since it made it unscathed through all of your layers of security, including email and web content filters?
  • Do your users understand the ramifications of introducing undetected malware into your environment? Do they know this malware can capture their keystrokes, turn on their web camera and microphone, and capture screen shots or data from their system and transmit this data to cyber-criminals completely undetected?

If you can answer these questions with a high degree of certainty, you are either a one-user environment, you are sitting at each user’s desk approving their every keystroke, OR, you have already identified and implemented the requirement for measurable security awareness training and the importance of recurring testing of your staff to see how Phish prone they are.

This would be a good time to stress the importance of continuing to maintain an effective defense-in-depth strategy.  What does this mean?  Defense-in-depth all comes down to remembering not one single defense mechanism will protect your environment.  It takes several layers to lower risk.  Examples of necessary defense-in-depth layers are:

  • Continuous Vulnerability Management
  • Continuous Patch Management of Applications and Operating Systems
  • System Hardening and Configuration Standards
  • Effective Next Generation Firewall Strategy
  • Intrusion Detection and Prevention
  • Malware Defenses and Content Filtering
  • Secure Perimeter and Network Security Architecture
  • Complete elimination of obsolete operating systems and applications, as well as the elimination of technologies no longer supported or considered best practice, such as RIP and WINS
  • Strengthened Controls such as Password Requirements and Rights Management
  • Policies, Procedures, and Standards

Data SecurityWon’t a strong defense-in-depth strategy prevent the introduction of cyberattacks into my network? Unfortunately, no amount of technical defenses can completely prevent the actions of a user lacking security awareness from clicking or opening something they should not.  The danger point is the window of opportunity the cyber-criminal are all too familiar with.  Cyber-criminals know there is a time lag between the time vulnerabilities are discovered and the time organizations get around to correcting the vulnerability.  The criminals know to attack swiftly while defenses are down and the chance of detection is low.

According to a recent information security study, it takes organizations an average of 176 days to remediate known vulnerabilities.  However, it only takes cyber criminals an average of 7 days to exploit known vulnerabilities.  During the 169-day delta between vulnerability remediation and cyber-criminal exploitation, your defense in depth layers may be at the mercy of your end user’s level of security awareness education.  On top of this, we have been seeing a window of several days before anti-malware providers can detect the newest malware strains.

Of the 150+ Million phishing emails being sent every single day, over 10% are making it through SPAM filters.  Of those, over 8 million are opened, and over 800,000 users are clicking on phishing links.  An average of 80,000 users a day are actually providing sensitive information to cyber-criminals because they believe the email or web link to be legitimate.  Every Day!  Are your users among the 80,000 daily victims?

Know Be 4If you haven’t figured it by now, Security Awareness Training and Effectiveness Testing is now a required layer to an effective Defense-In-Depth strategy.  Knowing this is critical, Keller Schroeder has partnered with KnowBe4 to offer effective and measurable Information Security Awareness Training, as well as perform ‘safe’ simulated phishing attacks to help determine what your current Phish-Prone percentage is and how to lower it.  For years, law enforcement learned their best crime prevention techniques from Criminals.  KnowBe4 has taken this approach, as well, with Security Awareness Training.  The training was co-developed with reformed cyber-criminal Kevin Mitnick, the Most Wanted Hacker in the World during the mid-nineties.

For more information about how Keller Schroeder and KnowBe4 solutions can help you determine and lower your Security Awareness Risk, please contact your Keller Schroeder Account Manager.

by Carissa Carissa No Comments

TechSpot Recap : VMware-Kaspersky “Avengers: Age of Ultron” Premiere

Carissa Montgomery, Marketing & Communications CoordinatorStandee

 

On Friday May 1st, VMware and Kaspersky Lab joined Keller Schroeder in treating a group of our clients and their guests to a private showing of “The Avengers: Age of Ultron” at Showplace Cinemas.

Before the movie began, attendees and Keller Schroeder employee-owners listened to presentations from VMware and Kaspersky Lab featuring the latest from their technologies.

DezAfter beginning with an overview, VMware Healthcare Systems Engineer Max Abelardo discussed what was new with the vSphere 6 server virtualization platform, end-user computing using VMware, and the vRealize cloud management platform.

Chris Streeks, Systems MaxEngineer with Kaspersky Lab, then explained how clients could secure their virtual environments with Kaspersky. His talk centered around handling virtual endpoint security at scale and methods of virtualized protection.

AudienceAttendees also had the chance to win prizes. Matthew Yeley from MSWARS Research walked away with an Avengers-themed prize pack. David King with P&I Supply won our grand prize, a $100 VISA gift card.

For more information regarding the VMware, Kaspersky, or our upcoming events, please contact your Keller Schroeder Account Manager.

by Carissa Carissa No Comments

Security Requires Visibility

syslogSchuyler Dorsey [Security Consultant]

As both attacks and networks grow more complex, it becomes increasingly difficult to secure the infrastructure and its data. One of the key components to retaining network security is ensuring you have insight or visibility as to what is actually happening in your network. For total visibility, you need to be able to combine nouns, verbs and timestamps to build a timeline of who did what and when. The need for total visibility extends beyond security best practices and can certainly aid in troubleshooting; however, monitoring for and responding to a security incident is when it is most crucial to have this visibility data.

It is a common misconception network devices and endpoints will automatically log everything needed, by default. Unfortunately, the default logging levels of most network devices and operating systems leave much to be desired. Here are some example default logging configurations which may leave gaping holes in your investigations:

  • Many network switches will not log local failed login attempts by default.
  • Windows will not log failed changes to group memberships or accounts.
  • Windows will not log file creation, deletion, or execution.
  • Many network firewalls will log very minimal traffic information.

So, if we take the example of a malware attack on an organization, and your infrastructure is configured with default logging settings, it would be extremely difficult to track down how the malware originally entered the network (patient zero), what actions the malware took on the endpoint(s), what other internal and external IPs the infected endpoint(s) connected to and ultimately, what malicious actions the malware performed.

In addition to enhanced logging providing this insight, building a proper timeline of the malware infection can also help remediation efforts. As an example, if we assume the proper logging is in place, we would be able to know what file was initially downloaded and executed, what IPs it connected to in order to download its payload, what files were created and deleted as a result of the malware installing itself, and what registry keys were altered to ensure malware persistence.

Once all this logging is enabled, it begs the question, how can it be efficiently managed? The answer is a Security Information & Event Management (SIEM) platform. Not only do SIEM solutions provide a central repository and dashboard for all the logs in the enterprise, most will come with signature/correlation rules to automatically try to detect malicious actions based on those logs. The most important thing to remember, though, is the SIEM can effectively review and analyze only the information it receives. So if your infrastructure’s logging posture is not configured effectively, the SIEM will be ineffective.

A healthy logging posture is crucial in ensuring network visibility; visibility is the only way to effectively monitor and respond to malware and/or Advanced Persistent Threats.

Contact your Account Manager at Keller Schroeder for more information about these products and how they might benefit your organization.

 

by Carissa Carissa No Comments

The End of an Era

Corey Ainscough, Sr. Systems Consultant


That's All FolksDoes your environment include any Windows Server 2003 servers? Did you know Microsoft will end support on July 14, 2015 for all versions of this product? This truly marks the End of an Era and could mean a drastic risk to your business. After July 14, 2015 Microsoft will provide no additional security updates or patches for this system. As a result, we recommend you consider the following when establishing project prioritization:

  • Overall Cost – Without Microsoft support, Windows Server 2003 will be more expensive to maintain due to third party application vendors ending support for their products. In addition, deployment of updated firewall rules, intrusion detection, and vulnerability management solutions will be needed to help mitigate unsupported operating system risk.

  • Compliance and Security – Vulnerability scans and audit reviews will identify Windows Server 2003 as an unsupported operating system, increasing your overall security risk score.

  • Windows Server


    Now is the time to consider alternatives for application migration and server operating system upgrades including Windows Server 2012 R2. This latest member of the Microsoft server operating systems provides a dramatic improvement over its decade old counterpart, including Work Folders, Storage Tiering and Workplace Join, just to name a few. One of the most beneficial solutions Microsoft has offered to administrators with Server 2012 R2 is the ability to centrally manage all servers via the Microsoft Server Manager dashboard. Microsoft Server Manager removes the boundaries of managing a single server (2003) to the ability to manage multiple servers throughout the environment from a single host. With Server 2012 R2 you can check performance statistics, identify troubled remote services, and take corrective action all from one centralized, customizable dashboard. Multiple servers can be grouped by role, location, or other special criteria.


    As you can see, upgrading to the Windows Server 2012 R2 Server from Windows Server 2003 will save you time and money. Why not make it happen now, well before the End of an Era arrives?


    Contact your Account Manager at Keller Schroeder for more information about these products and how they might benefit your organization.

    by Carissa Carissa No Comments

    Layered Malware Protection

    Schuyler Dorsey, Network Security Consultant


    Back in May, Symantec declared antivirus was dead. In the same announcement, they declared their software was less than 50% effective against today’s malware. These revelations caused quite a stir and confusion in the IT community. Some outlets took this to mean antivirus was dead in the sense it was no longer needed. This is certainly not the case and after a recent surge in Game Over Zeus attacks, it is a good time to explore the problems with today’s malware strategies.


    The Problem


    malware-infectsMany companies rely on traditional antivirus (AV) suites as their primary or sole form of protection against these threats. Once a new virus is created, traditional AV will provide little to no protection against the new virus until a signature is created. For a signature to be created, the AV vendor has to become aware of the new threat, obtain a copy of the virus, study and reverse engineer the virus, create a signature which blocks the virus and update their software with logic on how to remove the virus if it is found.


    File-based malware protection is often based on a specific pattern of bytes in the file. Once AV has an updated signature to actively block the malware based on those bytes, evil-doers can use updated AV software to determine the exact string of bytes the AV is using as its signature. They can often alter as little as one byte in their virus and the AV will no longer detect it, as the pattern of bytes is different.


    The Solution


    What Symantec was truly hinting at was that the use of antivirus as a primary/sole form of malware prevention is dead. We can no longer rely solely on antivirus and must take a layered approach. Two of the most common strategies are next-generation firewalls (NGFW) and advanced malware protection (AMP) solutions.


    shieldNGFWs give a company more visibility into their network. They no longer only control traffic based on IP/port but can control based on specific applications as well. The same devices often come with intrusion prevention and antivirus scanning subscriptions to add an additional layer of security to the perimeter.


    Advanced malware protection (AMP) products were a direct reaction to the signature problem of AV solutions and targeted attacks. AMP solutions will monitor all files traversing the perimeter and run them in a sandboxed Windows virtual machine. If the behavior of the file is malicious, it will add the hash of the file to its block list and update all devices with the AMP subscription worldwide.


    Once NGFWs and AMP devices are added to a company’s network in conjunction with active AV solutions, they have taken a more layered approach to malware defense and have a much better chance of preventing malware infection and more effectively removing an infection from the network.


    The Next Step


    Keller Schroeder partners with Cisco and Palo Alto Networks which can bring these enhanced layers of protection to networks. Cisco recently acquired Sourcefire to enhance their NGFW line and Palo Alto Networks recently acquired Cyvera to add endpoint security to their portfolio.


    Contact your Account Manager at Keller Schroeder for more information about these products and how they might benefit your organization.

    by Carissa Carissa No Comments

    $ecurity Matter$ Conference

    Carissa Montgomery, Marketing Assistant


    SecurityMattersLogo


    The Keller Schroeder Infrastructure Solutions Group was once again well represented at the annual Patterns of Distinction – $ecurity Matter$ Conference, held at Murray State University’s Curris Center in Murray, KY. This marked the 7th year for the successful event, the largest technology security conference in Western Kentucky.


    SchuylerPresenting2Schuyler Dorsey, Systems Engineer with Keller Schroeder, was featured as a Technical Track guest speaker during the event. His presentation, entitled “Mitigations Native to Windows”, focused on how buffer overflows work, how attackers use vulnerabilities to exploit systems, the several mitigation features built-in to Windows that can greatly enhance security, and the Microsoft EMET management tool. Schuyler has over 5 years of experience in the Information Technology field with a Master’s of Science in Information Security & Assurance. His certifications include Certified Information Systems Security Professional (CISSP) and Microsoft Certified Information Technology Professional: Enterprise Administration (MCITP).


    TyGreetingAccount Development Group members Michelle Zehner and Ty Eblen also represented Keller Schroeder at the company’s conference table. They had the opportunity to meet and engage prospective clients in our growing Kentucky market areas.


    Congratulations to all on a successful event!

    by Carissa Carissa No Comments

    Spotlight On…

    Employee Owner: Mike Sanford

    mikesanfordWith over 20 years of experience in IT and the last 12 in networking, Mike has served as Network Administrator for a manufacturing company and maintained network environments for domestic and international sites. Mike’s experience also includes work with a financial institution maintaining over 70 banking centers and lending institutions, as well as a large national hospital system. He has installed, maintained and supported wide area and local area networks, including firewalls, Virtual Private Networks and network monitoring solutions. Mike also has experience with Cisco’s Unified Communications Manager and Unity Connections voice platforms.
    Mike and his wife Misty reside in Evansville as do two of their four children, Emma and Kelsey. Their other two children, Justin and Gabriella are active members of the US Navy and reside in Norfolk, VA. Mike’s an avid sports fan, but had to abandon his promising basketball career due to a back injury that forced him to have height reduction surgery. Mike and Misty recently welcomed their first grandchild, Brayden, into the family and much of their time is dedicated to that new adventure.
    Contact the Keller Schroeder Account Team to learn more about Mike and how you can leverage his experience and skills to benefit your organization.

    by Carissa Carissa No Comments

    Your last checkup was WHEN?

    Brad Mathis, Sr. Consultant

    Your Last Check Up Was When???

    Most people understand the vital importance of routine medical checkups. Regular health exams and testing often help pinpoint problems before they begin. Not only do exams and checkups help with early detection of existing problems, professionals who perform them help to greatly reduce the occurrence of future problems by recommending mitigating actions based upon the findings. We all have grown to understand this as a requirement to live a long, healthy, and productive life.
    Why is it we all don’t treat our information systems networks with a similar level of protection and importance? Information systems are the lifeblood and backbone of most successful businesses. When the flow of information stops, business degradation begins. Business interruption caused by malware and cybercrime continues to increase at alarming levels. It is imperative for businesses of any size to ensure robust IT security is in place, in order to prevent becoming a victim of cybercrime. Consequences of not doing so include business interruption, legal compliance issues, loss of revenue, reputation impact, or worst case, complete business failure.
    scope-and-chart
    Keep your IT infrastructure ‘heart’ pumping and data ‘blood’ smoothly flowing by routinely testing the security of your network computing environment. Much like a body has multiple components to diagnose and keep running smoothly, so does a network infrastructure; from the web browser, to the server, to the Internet facing network infrastructure.
    Do you want to get a glimpse of your current security posture? Here are a few security health check tools available from Qualys that you can check out for free!
    And if you’re not routinely having the security of your network reviewed, it may be time to schedule that check up. Our Security Practice can help. If you would like to learn more, be sure and ask your Keller Schroeder Sr. Account Manager for more information.

     

    by Carissa Carissa No Comments

    Security Practice Leader Speaks at Conference

    Brad Mathis, senior consultant and security practice leader with Keller Schroeder, was the keynote speaker at the 6th Annual Patterns of Distinction – $ecurity Matter$ Conference, the largest information technology security conference in Western Kentucky. It is held at Murray State University‘s Curris Center in Murray.

    The title of Brad’s keynote address was ‘Compliance is NOT Security!’ The theme centered on the importance of understanding the difference between ‘checkbox security’ and best practice framework based security. He discussed how, over the past several years, he has seen far too much emphasis placed on passing compliance audits and not enough energy invested in actual security and asset protection. His message was clear that it is imperative that security is baked in from the beginning and not an afterthought.

    Patterns of Distrinction - $ecurity Matter$ Logo

    The conference coincides with the Murray State Telecommunications Systems Management Awards Luncheon, where awards are presented to recognize outstanding students and industry individuals. Brad was selected as the 2013 recipient of the Nathan B. Stubblefield Award for Distinguished Lecture Series.

    With over 27 years of experience, Brad’s certifications include:
    • SANS GIAC Penetration Tester (GPEN)
    • Certified Information Systems Security Professional (CISSP)
    • Certified in the Governance in Enterprise IT (CGEIT)
    • Certified in Risk and Information Systems Control (CRISC)
    • CompTIA Security+

    He currently serves on the ITT School of Information Technology Program Advisory Committee and the IVY Tech Community College School of Business Advisory Council.

    Top