Cybersecurity Lingo Every C-Level Executive Should Know

Businesses face various security threats, including ransomware, phishing attacks, computer viruses, and more. With these security threats increasing, managed security services are no longer a luxury—they’re a necessity.

Before business owners and executives can fully understand the advantages of managed security, they need to understand some basic IT security terms. Here’s our glossary of basic cybersecurity terms executives should know:

glossary of cybersecurity terms

Business Cybersecurity Basics

  • Cybersecurity – the protection of computers, networks, and infrastructures from digital threats and risks.
  • BYOD – “Bring Your Own Device,” a business policy that allows or requires employees to use their own devices instead of company-provided ones, that can impact cybersecurity.
  • Infrastructure – the physical and organizational assets and framework comprising an entity. In IT, infrastructure includes hardware and equipment like monitors and servers; software; and organizational processes.
  • Network – a group of computers that are digitally connected to enable communication, file sharing, and other data transmissions. Types of networks can include Local Area Networks (LAN), Wide Area Networks (WAN), and many others.
  • Managed IT Services – IT services that provide continual support, generally on a monthly payment plan, to proactively manage IT reliability, infrastructure, and security.
  • Managed Service Provider (MSP) – an IT provider that offers managed services.

Risks, Threats, & Vulnerabilities

  • Threat – an individual or event that has the potential to negatively affect your systems.
  • Vulnerability – a weakness in your security that can be exploited or penetrated.
  • Risk – the probability that your IT will be compromised due to threats, vulnerabilities, etc.
  • Cyber Attack – a deliberate attempt by an individual or group to breach an organization’s network or infrastructure to steal or erase data, cause disruptions, or otherwise cause harm.
  • Data Breach – when an unauthorized user gains access to restricted data. Data breaches are often caused by cyber attacks, but they may also be caused by vulnerabilities in systems or software which can then be exploited.

Types of Cyber Attacks

  • Malware – any malicious software that is harmful to a network, system, or user.
  • Ransomware – a type of malware that blocks access to a system or data until a ransom is paid.
  • Phishing – a type of cyber attack, often in the form of an email, that attempts to manipulate a recipient into giving up personal or financial information.
  • Spear Phishing – a targeted phishing attack where the attacker uses specific information about the victim, such as place of work, interests, or organizations they do business with, to manipulate the victim into giving up information.
  • Virus – a malicious computer program that replicates itself to “infect” other programs after it is triggered by a bad actor.
  • Worm – a piece of malware that self-replicates to infect other programs automatically once it gains access to a computer.
  • Botnet – a network of computers that have been infected with malware and is controlled by a bad actor. A botnet can be used to send a large amount of traffic in a DDoS attack.
  • DDoS Attack- a “Distributed Denial of Service” attack uses a botnet to bombard a website with a huge number of requests in order to to slow or crash the website.
  • Trojan Horse – malware that exploits a “back door” to gain remote access to a computer.
  • Spyware – malware that operates in the background to collect information such as keystrokes, login credentials, and other data, undetected by the user.

Security Tools, Services & Defenses

  • VPN – a Virtual Private Network (VPN) creates a private network on a public internet connection by encrypting your data.
  • Firewall – a network security tool that monitors traffic and prevents unauthorized access based on a set of instructions.
  • Multi-Factor Authentication (MFA) – a password protection tool that requires two or more forms of authentication before allowing a user to log in.
  • Cloud Computing – an umbrella term pertaining to services, products, and platforms hosted on a secure remote server.
  • Security Framework – a set of standards that serves as a structure or guide for security, such as NIST.
  • Threat Detection & Response – the process of monitoring systems to detect and respond to threats.
  • Pen Testing – penetration testing evaluates an organization’s vulnerabilities, generally by attempting to “hack” their network to explore what weaknesses cyber criminals might be able to exploit.
  • Endpoint Protection – security designed to protect endpoints in a network—devices such as computers and mobile devices where users can access the network. This becomes especially important in a remote network, where endpoints may be spread out rather than located in the same physical location.
  • DNS Protection – Domain Name System protection can blacklist potentially dangerous websites, advertisements, and malware to prevent you from being exposed to risks.
  • Managed Protection & Response – a managed security service that proactively searches for vulnerabilities, potential breaches, and suspicious activity and works to remediate them.
  • SIEM – Security Information and Event Management combines security information management and security event management by analyzing security threats in real time.

Digitally Protecting Your Business

ISG Technology is proud to help businesses with their IT support needs by providing 24/7 network monitoring, real-time alerts and notifications, infrastructure maintenance, and more. We make security simple through our Managed Security offering, which mitigates business security risks by utilizing the most advanced cybersecurity tools and practices to protect your company.

Contact us today to protect your business from cyber threats and gain complete confidence in your security.

Enhancing Security from the Cloud to the Edge

As IT infrastructure keeps expanding, first to the Cloud and now to the Edge, businesses must implement a security model that protects both. This means implementing both Zero Trust and SASE. 

A Zero Trust model of cybersecurity follows the X-Files philosophy of “Trust No One” regardless of whether your users are outside or inside your organization. 

A secure access service edge model, or SASE, works by identifying users and devices and then applying policy-based access to the appropriate applications or data. This approach allows you to grant users or devices secure access to your IT infrastructure no matter where your users or devices are located.

To assist our clients in implementing Zero Trust and SASE models of cybersecurity, ISG Technology has partnered with Aruba to leverage the value of their new Aruba Edge Services Platform (ESP). Adding Aruba ESP to your network and security solutions will provide you with the visibility required to deliver a fully Zero Trust cybersecurity solution.

This content is brought to you in partnership with Aruba Networks

Zero Trust Requires Visibility

Zero Trust Security starts with knowing who is on your network at all times. Without visibility, critical cybersecurity controls that support a Zero Trust model are difficult to apply.

Businesses are increasingly relying on AI solutions to help maintain visibility at all times. Aruba ESP uses AI to detect and classify all devices on your network. Aruba ClearPass Device Insight uses both active and passive discovery and profiling techniques to track all the devices connected, or attempting to connect, to your network, including standard devices such as laptops and tablets as well as IoT devices.

Visibility Leads to Access Control

Once you know who is on your network, you can restrict access based on identity and role, defining precisely who can connect to your system and what they can connect to, even for work-from-home networks. 

Applying Zero Trust best practices based on “Least Access” and micro-segmentation are critical next steps. A “Least Access” model grants users and devices only the minimum access they need to perform a task or role and only for the minimum amount of time necessary. 

Micro-segmentation means breaking up your systems into silos, allowing you to allocate users to only the specific systems they require access to in order to perform a role or task.

To further tighten your Zero Trust model and help integrate your security across both Cloud and Edge platforms, you can use an SD-WAN (Software-defined Wide Area Network) to tie everything together. 

An advanced cybersecurity dashboard, such as those used by Aruba Central, provides your IT teams with network-wide visibility to help them monitor and manage network access and address any cybersecurity issues.

Combining Zero Trust and SASE into One Platform

Today’s network environment and threat landscape require a different approach. The past’s perimeter-centric network security was not designed for today’s mobile workforce or emerging IoT devices. 

When possible, all devices and users should be identified and adequately authenticated before granting them network access. In addition to authentication, users and devices should be given the least amount of access necessary to perform their business-critical activities. 

Aruba ESP is an excellent system that makes managing network security both easier and more secure. Contact us to find out how this system can work for your business.

Implementing Security at the Core of Your Infrastructure

To survive as a business these days, you simply can’t afford to ignore security. However, as bad actors and cyber threats continue to evolve, it becomes harder and harder to keep your sensitive data safe—even for the most advanced security operations. 

It’s no longer a question of if your business will get attacked, but when. So, what can you do about it?

The first step is to ensure that you have a multi-layered cybersecurity model. After covering all the standard weaknesses in a network, you can take security one step further by building it into the infrastructure of your system. 

When it comes to built-in security, we recommend HPE Gen10 servers with their new silicon root of trust. These are the most secure servers on the market, and they recognize threats from the moment they begin to launch.

Layer Your Security Measures

First and foremost, you need to make sure you have the proper security measures in place, including:

  • Firewall. A strong and stable firewall is a vital piece of cybersecurity infrastructure, and it is a tried-and-true piece of your organization’s defense against threats and cyber attacks. 
  • Web Security. Web filtering stops threats before they have the chance to reach your network and defends you against online attacks while allowing your employees to continue performing at their highest levels.
  • Email Security. Did you know that one in every eight employees will share information on phishing sites? This means you need to do all you can to prevent phishing attacks by amping up your email security. 
  • Employee Security Awareness. Preventing cyber attacks requires an all-hands-on-deck approach. You’ll need to train employees about cyber threats and the  best practices needed to keep company and personal data secure. 
  • Endpoint Protection. According to Forbes, 70 percent of all threats occur at the endpoint. That means you need to enhance your endpoint protection—the act of securing networks from every access point, including mobile phones and laptops.

To learn more about the steps you should be taking to strengthen your security, read our Digital Handbook: 5 Steps to Strengthen Cybersecurity Posture.

Build Security into the Core

In today’s world of continually evolving and growing cyber threats, you need security that goes beyond the traditional hardware and software layers. That’s why ISG partners with HPE, which has created the silicon root of trust: firmware-level protection that safeguards infrastructure.

Firmware-Level Defenses with HPE

The silicon root of trust is like a fingerprint. It binds all the firmware—UEFI, BIOS, complex programmable logic device, innovation engine, and management engine—into the silicon before the server is even built. 

When the server boots, it first checks to see that the fingerprint is correct. Then it checks through all the firmware systems and if any improper code is found, the server will immediately stop the process and lock down.

Simple Incident Response and Recovery

If a hacker tries to invade the server, they’ll be stopped before the threat can cause any harm, and you will be alerted immediately. 

When a breach is detected, you have three options: 

  1. Recover the server to its last known good state of firmware
  2. Restore factory settings
  3. Choose not to do recovery so that security teams can take the server offline and perform forensics.

A Secure Foundation for Your Infrastructure

Together, the firmware and silicon root of trust create an unbreakable bond that is forged from the beginning of the build process and carried through every element of the HPE supply chain. 

This means that cyber criminals will not be able to attack with malware through the server, bringing your system one step closer to impenetrability.

To learn more about HPE security, explore their Confidence at the Core digital brochure, and contact us for support in implementing this impressive technology.

MSSP, SOCaaS, & Concierge Security Team: Which Outsourced Security Service is Best for My Business?

Business cybersecurity can be challenging to navigate—especially when you have so many services to choose from. 

Though it’s possible for some businesses to tackle their own cybersecurity, it requires hiring several highly skilled specialists, which can be very expensive. For this reason, most companies outsource their security services to providers who come at an affordable rate and have a wider scope, range of resources, and understanding of complex cybersecurity management.

MSSP vs. SOCaaS with a Concierge Security Team

When it comes to outsourced security services, two main options companies consider are 1) hiring an MSSP (Managed Security Service Provider), or 2) opting for a SOCaaS (Security Operations Center as a Service) with a Concierge Security Team. 

Here’s a quick breakdown of what each solution provides:

MSSP: An MSSP or Managed Security Service Provider helps monitor your systems round the clock, while also providing general security management and solutions when threats arise. Their popularity stems from the fact that they are subscription based, meaning they come at an affordable monthly cost. 

SOCaaS: Security Operations Center as a Service extends beyond the basic services offered by many MSSPs and can vary in pricing model. SOCaaS incorporates key tools such as Managed Detection & Response (MDR), compliance, and real-time alerting to give you a more holistic security solution.

Concierge Security Team: A Concierge Security Team is a single point of contact for SOCaaS that facilitates threat detection, response, and mitigation. They act as your security advisor and an extension of your in-house team to provide you with the human element needed to proactively maintain your systems. They help tailor security services to your business needs by integrating solutions into your existing systems, preventing vendor lock-in or expensive equipment replacements.

Many companies opt to combine SOCaaS with a Concierge Security Team so they can benefit from a valuable combination of AI and human expertise.

Pros and Cons of MSSPs

To get a better look at what MSSPs can do for your business, here are some of their pros and cons: 

Pros

  • They are affordable: MSSPs’ services come at an affordable monthly rate to help your business save money. Instead of charging per service like a break-fix model would, MSSPs give you predictable costs so you can budget better.
  • They can supplement an in-house team: MSSPs can be a good solution for businesses who already have an in-house team but need to delegate more basic IT management to an outsourced provider. They can monitor and maintain your systems while your in-house team focuses on more complex projects.

Cons

  • They have a limited scope and few post-intrusion solutions: MSSPs do monitor alerts, but they don’t usually provide proactive threat hunting and incident response. With an MSSP, businesses will often still need an in-house team to manage analysis, triage, and response. 
  • They don’t provide personalized solutions: MSSPs often outsourced to call centers, meaning representatives have little insight into your industry, compliance, and security needs. This can cause resolutions to take longer and be less strategically optimized.
  • They lack visibility: Because MSSP services are more basic, compliance solutions and other broad-view security solutions are generally not included in their services.

Pros and Cons of SOCaaS with a Concierge Security Team

Pros

  • They offer a combination of artificial intelligence and human expertise: As mentioned, many companies choose to go with a combination of SOCaaS and a Concierge Security Team. AI-based tools incorporated in SOCaaS allow for more accurate and proactive threat detection and management, while human IT specialists on your Concierge Security Team act as consultants to provide the most appropriate solutions for your business.
  • They provide custom support and consulting: Working with a Concierge Security Team guarantees personalized service and customized cybersecurity solutions for your business and the industry you’re in. This includes compliance services, giving you a more holistic approach to managing your cybersecurity. 
  • They have greater visibility and ability to provide long-term solutions: A Concierge Security Team will provide triage and response, gaining broader visibility to the threats that face your systems. They can also conduct security posture reviews and provide recommendations based on years of experience and professional certifications to prevent future threats. 

Cons

  • Pricing models for SOCaaS vary: While SOCaaS with a Concierge Security Team is often affordable, pricing models can vary, making it slightly more difficult to budget for business IT. The main reason for pricing differences is that the services offered are much more advanced than an MSSPs and often have a greater scope.
  • They may not be ideal for businesses who already have an in-house team: Businesses who already manage their cybersecurity and are in need of supplemental IT help may not need a SOCaaS with Concierge Security Team solution. They may need a lower-scale, cheaper solution to fill in the gaps.

Find the Right SOCaaS and Concierge Security Team Solution for Your Business 

Finding the right SOCaaS and Concierge Security Team solution to meet  your business needs is vital. Cybersecurity is a necessary function that protects your business against hackers, viruses, malware, and other common threats that can be detrimental to your success. Look for a concierge security team that provides customized, strategic solutions and ongoing support, 24 hours a day, 7 days a week. 

If you’re ready to hire a concierge security team for your business, get in touch to discuss your options and the customized solutions we can provide for your business.

Deal with Breaches Effectively: Managed Detection and Response (MDR)

Business success today revolves around technology. From communicating with your team and clients to storing critical data, almost every operation within modern organizations depends on well-run IT.

With this digital dependency comes the need for businesses to continually enhance the protection of their  technological assets.  Cyberattacks have increased in size and scope over the years, leading experts to predict that worldwide cybersecurity spending will reach $170 billion by 2022. 

Because of the continually advancing nature of cyber threats, more robust cybersecurity methods are necessary to safeguard data. One of those methods is MDR, or Managed Detection & Response. 

Here’s what you need to know about MDR for your business and how it can protect you:

What Is MDR?

Managed Detection & Response (MDR) is an outsourced security service that utilizes both technology and human experts actively search for threats in an organization’s systems and immediately address them. MDR is accomplished using tactics such as continuous network monitoring, threat hunting, incident analysis, and remediation to protect against even highly sophisticated threats.

The Advantages of MDR

While there are many valuable cybersecurity solutions that businesses should invest in, MDR can enhance your protection beyond basic tools. As mentioned, cyber threats are continually advancing and becoming more common, and it is no longer enough for businesses to rely on a firewall or antivirus software alone to protect their systems.

Additionally, many businesses turn to MSSPs (Managed Security Service Providers) in an effort to achieve cybersecurity without understanding their shortcomings. MSSPs have a lesser scope than what is provided in MDR, meaning businesses don’t get the triage and response needed to eliminate false alarms. Instead, the business’s own internal team has to analyze information to determine which potential threats they were alerted for need to be addressed first.

Here are some of the main advantages of MDR as compared to basic tools or MSSP services: 

MDR Combines AI and Human Expertise

With Managed Detection & Response, you get the combined benefit of machine-driven 24/7 security monitoring and human expertise to ensure threats don’t slip through the cracks. This combination of advanced analytics and a human touch means you get fewer false alerts and more custom-tailored support when it comes to addressing potential threats.

In this way, you get the most proactive support. Your team of experts knows how to identify and prevent the latest types of cyberattacks as well as investigate them before taking action—rather than just alerting your IT team to the cybersecurity issue.

MDR Protects Your Business Financially

MDR is provided by outsourced security experts, allowing your business to benefit from a wide range of IT security experts at a more affordable cost. Considering that the average cost of a cybersecurity attack is now more than $1.67 million—and many of these attacks aren’t mitigated by basic security tools— investing in MDR is the clear choice when it comes to protecting your business financially.

MDR Provides Broader Visibility

MDR experts provide a holistic approach to security. Using data collected from threat feeds, OSINT data, and other tools, MDR security teams keep a watchful eye on internal and external networks, the cloud, and all endpoints to ensure maximum protection. They consider businesses’ unique compliance needs (HIPAA, PCI DSS, etc.) as well as the specific context of threats so they can provide long-term solutions that will improve a company’s cybersecurity posture. 

Take Your Security to the Next Level

Using a Managed Detection & Response service is a great way to take your cybersecurity plan to the next level. When you choose MDR, you gain access to a team of well-trained experts as well as the latest software that will carefully monitor any security threats and vulnerabilities within your system. 

Your MDR team can keep you updated on potential problems while also limiting unnecessary alerts and taking quick action when there’s a true threat to your business. And once the threat has been eliminated, the team will investigate the incident to determine how to prevent such attacks in the future.

If you’re interested in reducing the chance of cybersecurity attacks on your company—as well as minimizing the damage and recovery time if they do occur—you should consider using an MDR service to improve security for your business. Contact ISG Technology today to learn how we can help you through our Managed Detection & Response services.

Why Cyberattacks Are on the Rise — And How to Prevent Them

Cyberattacks have become so common that some experts believe that ransomware—a type of attack that holds your computer system hostage until you pay a ransom—will attack a business every 11 seconds by the end of 2021. 

As the number of crimes increases year after year, cybersecurity becomes more important. Without reliable cybersecurity, your business could suffer from lost productivity, legal liability, business continuity issues, financial loss, and damage to your brand’s reputation.

It can take years to recover from a successful cyberattack, especially when it exposes your clients’ data to criminals who want to commit identity fraud. Before you can choose a managed risk plan that works for your organization, you need to understand why cyberattacks happen more often these days. Then, you can explore ways to prevent attacks from targeting you.

Why Cyberattacks Have Become More Common

Several factors have contributed to the increase in cyberattacks, including:

  • The willingness of organizations and governments to pay ransoms.
  • The rise of remote work, which can increase a business’s exposure to risk.
  • The growing reliance on connected devices.
  • The amount of processing power needed to mine bitcoins and other digital currencies.

Paying Ransoms

Organizations often feel immense pressure to pay ransoms. In 2020, hackers targeted dozens of hospitals and labs working on a coronavirus vaccine. The organizations agreed to pay the ransoms because they were desperate to regain access to their work. With millions of lives on the line, they could not lose the progress they had made toward developing and testing a vaccine.

Similarly, criminals have targeted hospitals that give in because the facilities need patient files to provide treatments. Cities have paid ransoms because ransomware prevented them from providing essential services.

On an individual level, it makes sense for these groups to pay ransoms. Unfortunately, each payment makes hackers more confident that their threats will work. As a result, more criminals turn to ransomware to make money.

Remote Work and Connected Devices

Many organizations struggle with cybersecurity even when they have control over their IT infrastructures. Now that more businesses rely on BYOD policies and remote work, IT infrastructures have become harder to control. If a remote worker downloads malware, it could attack the employer’s network through a cloud connection.

Mining Digital Currencies

It takes a lot of processing power for people to “mine” digital currencies like bitcoin. Hackers have found that they can make a lot of money through an attack called “cryptojacking.” The most effective cryptojacking malware works quietly in the background. It slows your system, but it doesn’t call attention to itself, so it can continue mining cryptocurrencies.

How Cybersecurity Can Prevent Attacks

Some of the most effective approaches to managed risk include:

  • Updating operating systems and applications to patch security vulnerabilities.
  • Training employees to spot signs of phishing and dangerous attachments.
  • Encrypting all files and data.
  • Installing a firewall and securing Wi-Fi networks.
  • Changing passwords regularly.
  • Limiting access to files and databases that contain sensitive information.

Few businesses have large IT departments that can manage a comprehensive cybersecurity program. You will likely find that you can save money and manage risk better by outsourcing your cybersecurity protection to a company that offers managed security and managed IT solutions.

Protect Your Business

You don’t have to spend a lot of money to get the right cybersecurity that keeps your business safe from attacks. Contact us to learn more about your cybersecurity options and get a quote for the services that match your needs.

Understanding Endpoint Protection

Cybersecurity threats have become complex and sophisticated. Organizations are at risk of attacks from hackers, malicious threats, and even insider attacks. According to Forbes, 70% of all threats occur at the endpoint. Endpoint protection has advanced to cushion organizations from cyberattacks and safeguard data.

Endpoint protection is the act of securing networks from all points of access. Endpoints may include mobile phones, laptops, storage devices, or any components that enter your network. By protecting the endpoints, organizations achieve control over their netEndpoint protection is the act of securing networks from all points of access. Endpoints may include mobile phones, laptops, storage devices, or any components that enter your network. By protecting the endpoints, organizations achieve control over their networks.works.

Why is Endpoint Protection Critical?

Have you ever thought about what a single breach could do to your organization? According to CNBC, the average cyberattack costs $200,000. Companies lose millions of money, with some having no option but to shut down.

Endpoint protection is critical for the following reasons:

Data Is at Risk

Data is inarguably the most essential part of any organization. Losing critical business data may cripple your organization, regardless of how large it is.

Malicious attacks target mobile devices and PCs on your networks, as they are the most vulnerable. Without adequate protection, you may lose all your critical data. Endpoint protection strengthens the overall network. It enhances data security, reduces network downtime, and safeguards your reputation.

Employee Training Isn’t Enough

The scope of the workplace has changed significantly. Organizations have had to consider remote working, meaning employees log into networks using personal devices. Remote working and BYOD policies expose your organization to the risk of cyberattacks.

Organizations should train employees on phishing emails, threats, and cybersecurity in general. However, relying on employee training to safeguard your data may increase the risk of attacks. There is no guarantee that all users will observe the guidelines put in place. Even with proper training programs in place, your organization can be at risk.

Endpoint provides cover for users who may ignore device policies or become vulnerable to attacks. It provides multiple defense layers to fend off any threats.

What Does Good Endpoint Protection Do?

Having reliable endpoint protection is imperative to robust cybersecurity. Ideally, good endpoint protection should do the following;

Offer Multi-Shield Protection

First, your endpoint protection should prevent a security breach from occurring. It should offer the following;

  • Phishing protection
  • Web threats protection
  • Identity theft protection
  • Offline protection

With endpoint protection, your business remains secure against all zero-day threats. Multi-shield protection leverages several shields to prevent attacks in all stages.

Layered User and Device Defenses

Good endpoint protection shields your network from user-vulnerabilities. In case a user does not follow all endpoint policies, your protection comes in handy. In case a user logs into your system insecurely, endpoint protection should prevent access until the threat is over.

Malware Protection

Your endpoint protection should detect, prevent, and protect your network from all forms of malware. It performs real-time monitoring to detect any phishing messages, spyware, and Trojans that may lead to security breaches. Once a threat is detected, endpoint protection should prevent it from attacking your system and chip in to offer extra protection.

Secure Architecture

Your endpoint protection provider should have a secure and reliable cloud architecture to offer support. Having a resilient architecture solves the challenges presented by distributed systems seamlessly. Endpoint protection should be scalable and have the ability to withstand stress and avoid loss of data.

Choosing Endpoint Protection

Good endpoint protection should be secure and resilient to allow robust performance. It should take little time to install, have lower boot and scan times for better performance, and use little memory

At ISG Technology, we recommend Webroot for endpoint protection. Check out this comparison of Webroot and eight competitors to see the differences in performance metrics.

And if you have more questions or want to implement endpoint protection technology, contact us!

Secure RPC: The Windows Server Vulnerability You Must Address Before February 9th

Earlier in 2020, a security bug was discovered in Microsoft Windows Systems that the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency order to all federal departments to address the issue. In this article, we’ll help you understand why this vulnerability warrants emergency status, the potential impact to your business and what you can do to avoid issues when February 9th rolls around.

Secure RPC Overview

In August Microsoft patched a very interesting vulnerability that would allow an attacker with a foothold on your internal network to essentially become Domain Admin with one click. This is according to security firm, Secura, which discovered the bug. All that is required is for a connection to the Domain Controller to be possible from the attacker’s viewpoint.
Since then, IT administrators have been urged to prioritize the installation of this security patch for Windows Server. In September, Microsoft reported that it is seeing the vulnerability exploited by hackers.

Fixing the Vulnerability

Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.

Phase 1 – Initial Deployment Phase (Began in August 11, 2020)
In August, Microsoft released the first phase of a two-phase fix to force secure RPC with Netlogon.

Phase 2 – Enforcement Phase (Begins February 9, 2021)
The second phase activates an enforcement mode. “The DCs will now be in enforcement mode regardless of the enforcement mode registry key. This requires all Windows and non-Windows devices to use secure RPC with Netlogon secure channel or explicitly allow the account by adding an exception for the non-compliant device.” Specifically, the policy will;

  • Enforce secure RPC usage for machine accounts on Windows-based devices.
  • Enforce secure RPC usage for trust accounts.
  • Enforce secure RPC usage for all Windows and non-Windows DCs.

How Can This Impact My Business?

Devices that are non-compliant with secure RPC will not be able to connect to the domain. This will include any non-supported Microsoft operating systems including Server 2003, 2008, 2008r2, W7.

This will also include Non-Windows devices that connect to Microsoft Active Directory Domain Services such as Storage Area Network/Network Attached Storage devices, Linux Operating Systems and non-Windows based products that do not support connecting via Secured RPC connection.

Devices that cannot connect to a patched Microsoft Active Directory Domain Controller will not be able to authenticate with or share resources with any Microsoft Active Directory domain that has been patched.

Examples could include the inability to connect to a file server or get security settings from the domain or login network devices such as switches and routers that use Microsoft Active Directory Domain controllers for AAA/Radius Authentication.

What Should I Do?

The critical nature of this vulnerability warrants that action be taken. Here are the four steps to take:

Assess the Situation
Review the information within this article and the resources listed below to fully understand the issue.

Identify & Plan
Identify the devices that are not compliant within your environment and develop a plan.

Address the Issues
Replace non-compliant devices or follow the Microsoft options to allow non-secure RPC.

Seek Advice
If you need any assistance, contact us and we’ll help ensure you’re covered.

Resources

DHS Emergency Directive
Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday

Microsoft Resources
How to manage the changes in Netlogon secure channel connections
Netlogon Elevation of Privilege Vulnerability

Other Resources / Overviews
Admins urged to patch Windows Server immediately to close vulnerability
Zerologon (CVE-2020-1472): Critical Active Directory Vulnerability

Is physical data destruction completely secure?

Cybersecurity is a paramount issue facing businesses in the digital world. The average costs of a successful cybercrime in 2017 were roughly $1.3 million for large enterprises and $117,000 for small- to medium-sized businesses, according to Kaspersky Lab. These figures include the cost of data theft but do not encompass the additional potential price of a damaged reputation and ensuing legal action. Data also indicates that cyberattacks will become only more expensive and damaging in the coming years.

Defending an organization against cybercrime requires a multi-channel approach. Companies should be open to software solutions, employee training and hardware upgrades whenever necessary. However, another avenue for cybercrime is occasionally overlooked. Physical theft of connected mobile devices, laptops and even desktop computers can lead to an open pathway for cyberattacks. In addition, some businesses simply sell their used electronics without first doing a proper data cleanse.

But can information to completely and permanently removed from a hard drive?

Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is "can data be permanently removed."Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is “can data be permanently removed?”

The levels of data destruction
Deleting data is not as secure as some might assume. In actuality, when information on a computer is “deleted,” the files themselves are not immediately removed. Instead, the pathing to that information is expunged. The data is also designated as open space, so the computer will eventually overwrite it. However, until this rewrite occurs, it is relatively easy for the information to be restored and accessed by any tech-savvy user.

Fortunately for organizations trying to permanently dissolve their data, deletion is only the first step of the process. Lifewire recommended three additional methods to ensure that information remains lost.

First comes software – using a data destruction program on the hard drive. This method has been met with approval from the National Institute of Standards and Technology as a secure way to permanently remove information from a hard drive, according to DestructData. However, drawbacks include resource consumption, as this can be a time-intensive process. In addition, some overwriting tools can miss hidden data that is locked on the hard drive.

The most secure method to completely remove data is degaussing. Hard disk drives operate through magnetic fields, and degaussers alter those waves. The result is a drive that can never be read again. In fact, the computer will not even register it as a hard drive from that moment on. However, the downside in this process is twofold: One, the drive is useless after degaussing. Two, this method can on only hard disk drives. Solid state drives and flash media do not use magnetism in the same way, so a degausser will be ineffective.

The final option is to physically destroy the data drive. While many people think that this task can be done with patience and a hammer, it is unfortunately not that simple. Hard drives can be rebuilt with the right tools and expertise. According to the Computer World, NASA scientists were able to recover data from the charred wreckage of the Columbia shuttle after its disastrous explosion and crash in 2003.

Computers that are simply thrown out can still possess classified data, which can return to haunt the company.

The resiliency of hard drives
In short, it can be difficult to permanently expunge data from a hard drive. This reality is in part why businesses are opting for less internal data centers and more dependency on cloud solutions. According to TechTarget, cloud solutions represent a more secure method of data organization than traditional IT infrastructure.

While data can be safely deleted, the reality is, unless a degausser is used, there is always some chance of information recovery. Cybercriminals are becoming more sophisticated, and given the expensive nature of dealing with data breaches, it is understandable why the cloud is becoming the preferred solution.

Webinar: Strengthen Security Ops & Tackle Threats

By now you know that Covid-19 has expanded the attack surface, making businesses across the globe more vulnerable to attacks via remote workforces and security policies built on the fly. You also know that a layered security approach is the solution. 

But what does a complete security strategy entail? How do you know what layers to add? And how do you get there?

In this webinar, Lane Roush, Vice President of Pre-Sales Systems Engineering for Arctic Wolf, utilizes his 20+ years of experience in IT infrastructure, storage, compute, networking and security to layout a more cost effective way of layering your security strategy.

What You’ll Learn:

  • How to strengthen your security operations
  • What the NIST Cybersecurity framework is and how to complete it
  • Tackling a hybrid-remote workforce during COVID-19
  • How ISG + Arctic Wolf can help

Who Should Watch?

Business and IT leaders who are responsible for business continuity, disaster recovery and data protection.