14 December

Growing threats to network security

Posted

How secure is your network?

Is your network security infrastructure prepared for these threats?

The modern, globally connected digital world demands that business applications, data and services be constantly available from any location, which means networks must span multiple hosting environments, fixed and mobile devices and other forms of IT infrastructure. The network has become not only a target, but also a channel for disruption: It’s a primary route of distribution for distributed denial of service (DDoS), phishing, ransomware, worms and other types of malware attacks.

Make sure that your network security infrastructure is up-to-date to efficiently react to these network threats:

DDoS attacks are proliferating.  The volume and strength of DDoS attacks are growing as hackers try to bring organizations offline or steal their data by flooding websites and networks with spurious traffic. Two factors are helping criminals in their endeavors. One is the widespread availability of “DDoS for hire” services, whereby hackers rent out their skills for very low sums of money. The other is the growing volume of internet-of-things products with poor security defenses that are being attached to device-to-device, edge and core networks.

Remedy: Be sure to create a DDoS mitigation plan. Protect networks against DDoS attacks by monitoring and controlling LAN/WAN traffic flows and device bandwidth consumption to receive earlier warnings of attack.

Network-based ransomware is designed to destroy systems … and data. Self-propagating ransomware attacks that quickly spread across systems do not rely on humans to click a button, download a file or plug in a USB stick. They just need an active and unpatched workstation (think WannaCry and NotPetya) and an automated software update. Many security researchers believe that the primary purpose of some ransomware attacks is not to extort money but to deliberately destroy data on infected systems.

Remedy: Perform regular backups of mission-critical data, ensure all systems and applications are patched and up to date and use vulnerability assessment tools to find gaps in defenses. It’s basic stuff, but it couldn’t be more vital.

Malware is evolving, with activity masked by legitimate cloud services.  Today’s business needs have changed the way enterprises send and store sensitive data, with more organizations using off-premise cloud-hosted repositories and services.

Remedy: Threat intelligence monitoring and analytics are more advanced than ever before. These services can identify suspicious behavior that could indicate legitimate services disguising hacking activity.

Encryption is meant to enhance security, but it’s also helping hackers to conceal their communications. We’ve seen a big rise in the percentage of network traffic that is encrypted — a natural consequence of organizations protecting sensitive data by scrambling communications. But this approach to securing data cuts two ways, with threat researchers also noticing a threefold increase in the volume of encrypted network communication employed by malware in 2017. Encryption gives hackers more time and space to operate prior to their eventual detection and remediation.

Remedy: Use machine learning and artificial intelligence to identify unusual patterns in encrypted web and network traffic and send automatic alerts to security staff if issues merit further investigation. Automation really is the future of network security.

 

Written by Sander Barens from GNC.

Network based attacks are on the rise, and not slowing down. These cyber-attacks aimed at businesses have almost doubled in the past years. How secure is your network infrastructure? Call CITON to defend your business’ network, and design a disaster recovery plan.

 

29 November

Security in the workplace

Posted

SETTING HIGH SECURITY STANDARDS

WITHIN YOUR ORGANIZATION 

Gemalto, a leader in digital security, reports that more than 4.5 billion digital records, each with an estimated average value of $148, were compromised in data breaches during the first half of 2018. The breaches have a staggering financial and operational impact.

The survey of 400 full-time U.S. employees found a general understanding of security risk, but risky online behaviors. The survey concluded:

  • Workers understand cyber basics. 80% would not share passwords via email or text and most had passwords that included letters, numbers and symbols.
  • Kindness takes priority over security. Nearly 50% admitted they would allow a fellow employee to use their work machine. Only 35% of employees with administrative access would refuse to let a colleague use their device.
  • People continue to swallow phishbait. Only 36% of employees polled were able to identify suspicious links as an indicator of a phishing email.

The current baseline understanding of on-line security needs ramping up through training at all levels. A whole-of-organization approach is called for, and tailored interactive training can help build a culture in which each employee recognizes their responsibility to stay safe and secure online.

 

Article from KnowBe4, written by Stu Sjouwerman.

Securing your business data is only half the battle. Get your employees the knowledge they need to be part of online security within your organization. Call CITON to find out how we can provide the necessary security measures you need.

26 November

Entrusting your data to HP

Posted

IF YOU CAN’T TRUST YOUR HARD DRIVE –

DON’T TRUST YOUR DATA

Why Buy HPE Server and Storage Hard Drives?

In today’s distributed enterprise with larger, more complex applications than ever before, an increase of mission-critical data moving to the server, and continued server consolidation, storage has become more important than ever. HPE delivers the highest quality products to ensure the integrity and availability of data. A major component of this process is HPE’s commitment to deliver the highest quality hard drives in the industry. So Why Buy HPE Hard Drives?

Qualification Process. HPE drives are NOT the same as their OEM equivalent. HPE has set up an industry recognized qualification process unmatched in the industry with four teams dedicated to testing drives in real-life and extreme environments:

  1. Selection Evaluation Team
  2. Development Validation Team
  3. Supplier Production Qualification Team
  4. Continuous Improvement/Performance

Not only does HPE test for data and signal integrity and physical defects, but we also audit supplier processes and put drives through real-life situations to see how they cope with the differences of various operating systems. The HPE system compatibility aspects of an HDD product are validated through a series of test sequences defined by a set of matrices that describe representative configurations, including both HPE legacy and new storage applications. Typically, more than 2,000 unique HDDs are used to evaluate a product family during the Development Validation phase, and approximately 2 million drive test hours occur during each family qualification. Closed-Loop Quality System. HPE’s closed-loop

Closed-Loop Quality System. HPE’s closed-loop quality system includes multiple quality controls and monitoring systems. These quality controls and monitoring systems ensure the product meets HPE’s quality and reliability requirements. The controls will alert HPE and the HDD Supplier to any “out of control” conditions and quality issues, allowing HPE to contain nonconforming product and implement corrective actions prior to shipment of nonconforming product to customers.

Integration. Many issues customers have with third party hard drives have to do with “simple” integration concerns. All HPE hard drives ship with the correct cables, SCSI ID settings, termination schemes, and documentation for HPE servers. When buying from another supplier, there is no guarantee that these drives have been set properly from their generic default settings to ensure proper operation with HPE servers.

HPE has developed strong long-term working relationships with all of its HDD suppliers. HPE engages with HDD suppliers in researching new technologies, product requirements, long-range product roadmaps, new features, and defining requirements for product designs. HPE also works with HDD suppliers 2 to 3 years in advance of product availability to ensure technology feasibility and successful system integration.

Firmware. High performance drives include a firmware-based feature named “Tagged Command Queuing”, which improves performance and dramatically increases the complexity of drive operations, making the firmware similar to a multi-tasking operating system. There are an enormous number of timing sequences that need to be tested to ensure that the drive firmware design is “bullet proof” with amendments made accordingly. Only HPE drives have firmware tested and optimized for HPE systems.

Pre-Failure Warranty. HPE’s Integrated Lights Out (iLO) leverages technology embedded in Smart drives to detect anomalies in drive operation. When a drive performs outside an accepted parameter, the agents send an event to iLO. Under HPE’s exclusive Pre-Failure Warranty, the drive can then be replaced at HPE’s expense. This feature allows Systems Administrators to proactively schedule downtime for maintenance without interruption to business critical operations. With a combination of hot-pluggable drives and a Smart Array Controller, the faulty drive can be replaced without any downtime. Only HPE drives can be monitored by the health log and benefit from this warranty. Note of caution: The HPE warranty may be invalidated when HPE products have been damaged or rendered defective by the installation or use of third-party parts.

Price Competitiveness. HPE monitors the drive market on an on-going basis to ensure that our drives are price competitive with all competitors and to offer superior price/performance and the lowest total cost of ownership (TCO).

 

Written by Levi Norman, HP

CITON has used HPE hard drives since the first server we built. We believe in providing the highest quality products to our customers. Hard drives are a vital piece of equipment for the security and performance of your business. Contact CITON to learn more on how HPE hard drives can improve the integrity of your data.

21 November

Taking Caution in Cloud Security

Posted

CLOUD SECURITY MISSTEPS

HOW TO AVOID COMMON SECURITY PITFALLS.

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

TAKE HEED OF THESE COMMON CYBER SECURITY PITFALLS:

Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions.

Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

 

Article retrieved from Cloud Tweaks.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime.

8 November

The Power of Partnership

Posted

Hewlett Packard Enterprise

We have been doing the I.T. thing for a long time.  A really long time.  So long in fact that I think we have printers older than some of our employees. (Those HP Laserjets just keep going when you maintain them!)

One of the reasons we remain relevant in this cloud obsessed big-data driven world are the partnerships we have created since 1994.  We are a really loyal company. We believe in the power of consistency. Because when you combine loyalty and best in class vendor performance, the result is a powerful IT platform that will outperform the competition year after year.

These partnerships take work.  We meet, we strategize, we continually learn to ensure that we are offering you, our customer, the very best that I.T. has to offer. We believe that this gives you an edge. An edge over your competition and an edge that provides for razor-sharp performance and incredible customer service.

We have had some vendor relationships for over 24 years.  For example, HP Inc and HPE have been providing desktops, servers and storage on the most stable platform we have experienced since we started our little company in 1994. Their products rarely fail but if they do we have found that their support is the best in the world.  With local depots for stock and a commitment to parts (sometimes beyond a product’s usable life) we are able to support you because they support us.

The role of I.T. has always been one of enablement from vendor to distributor to solution provider (that’s us!) and finally to you our customer. We want our I.T. served hot with power, performance and longevity – just like that bullet proof Laserjet printer. Thanks HP!

Steven Dastoor

At CITON our IT solutions are dependent on our vendor partnerships. We focus on aligning with great companies that offer great solutions. But that’s not enough. Our vendor partners have to provide us with the best possible support as well. HPE supports us so we can support you.