Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!
1272 Bond Street, Naperville, IL 60563 630-505-7500
Security

Securing information is becoming more important than ever. Damages from cybercrime are expected to exceed $6 trillion annually by 2021. Malware is constantly evolving; DDoS attacks are on an exponential rise and ransomware is no longer just a threat to enterprise organizations, but to every company that is online.

With state-sponsored cyberattacks growing in frequency and sophistication and threat actors being governments and professional organizations who focus on hiring the best talent, the profile of a cybercriminal is no longer an early-twentysomething hacking from his mother’s basement.

It goes without saying, the cybersecurity field is in HIGH demand. There is a negative unemployment rate and a huge skills gap with an expected shortage of 2 million positions by 2019. Only one in three IT leaders believe they have the skills in-house to address their needs. That means demand for security professionals and solutions is only growing and it comes from businesses of all sizes and industries. 

The biggest vulnerabilities companies face include:

DDoS Attacks

A distributed denial of service (DDoS) attack is an attempt to block an online service by flooding it with traffic. You may be familiar with last year’s DDoS attack on Dyn which disrupted thousands of sites across the US and Europe. For any company that has a mostly online presence like an ecommerce retailer or someone who captures leads online, a DDoS attack could be very costly to their business.

Malware

Short for malicious software, malware comes in a number of forms from viruses and worms to spyware and Trojans, all designed to be undetected and transmit personal data. Credit card numbers still have their value but it is pennies compared to the premium paid for healthcare records on the black market. These threat actors make their way in through social engineering, outdated software, EOL machines, non-password protected IoT devices and basic human error.

Ransomware

Ransomware happens as a result of social engineering and phishing schemes and attempts to extort money out of victims by locking them out of their files. No matter how smart people are, they do stupid things like click an email from a “Nigerian Prince”.

Social Engineering and Human Error

Referenced as a cause for all the items listed above, human error happens. The best line of defense against these cyberthreats is well trained personnel. As attacks become more sophisticated, even the most email-savvy employees fall victim to social engineering. Poor password hygiene and incomplete exit strategies for departing employees also leave companies in vulnerable positions.


So where to start? We are here to educate and work together on a strategic road-map. Let’s start with a no obligation security assessment

0

Security

Article by ATI partner Craig D’Abreo from Masergy

Do you need a survival guide to find the right Managed Security Services Provider (MSSP)? Forrester Research and Masergy have joined forces to help you navigate the world of outsourced security.

When firewalls materialized in the 1990s, protecting your network was easier, and outsourcing cybersecurity to a service provider wasn’t necessary. Today, however, it’s a very different story. Defending your network from sophisticated attackers requires a laundry list of services and technologies that must correlate data from multiple devices and sources. When you factor compliance requirements and government regulations with a rapidly growing list of security incidents and seemingly never-ending alerts to monitor and distill down to a short list of high-priority actions, it’s easy to become deluged by the responsibilities. Security has become an untenable situation for most IT teams, stretching personnel resources and budgets to the max.



To survive, enterprises need outside partners with solutions that ingest data from a wide variety of sources, leveraging machine learning and behavior analytics to discern what’s normal and what should sound the alarms. A must-have for any enterprise is a 24/7 dedicated team of internal resources in place to monitor and manage alerts and incident response. Building such a team often stretches internal IT resources even further, and requires a large budget to cover:

  • Staffing
  • Facilities
  • Equipment/tools
  • Training
  • Compliance

The security market has become so saturated that it’s difficult to navigate the plethora of products and services in order to make a smart decision about who and what should be trusted to protect your most important asset–your company data. However, choosing an MSSP can also be daunting, because the selection process is about more than just the features of a given cybersecurity product or solution. It’s a contract to deliver services over a number of years, and once selected, you’re committed to learn to work with your MSSP.

When selecting new technologies and services, questions that are often asked are:

  • What should I be looking for in a managed security service provider?
  • Are there industry gold standards that set the best of the best apart from the mediocre MSSPs?
  • What questions should I ask potential MSSPs before placing my organization’s well-being in their hands?
  • How does a Security Operations Center (SOC) work? What does the escalation process look like? What will be required of my team?
  • And finally, what data will need to be exchanged on a regular basis, and how is that data secured?

We find these questions are best answered by the experts. That’s why Masergy has partnered with Forrester Research, to provide you with a survival guide that will assist in your search for the right MSSP. Forrester Research’s Principal Analyst Jeff Pollard and Masergy’s V.P. of Security, Craig D’Abreo have joined forces to help enterprises chart a course for more informed cybersecurity decision making. During the June 13, 2018 webinar, The MSSP Survival Guide, they will discuss the tips you need to know and the traps you need to avoid as you map out a comparison strategy to identify the best partner for your needs.

Article by ATI partner Craig D’Abreo from Masergy

Learn more about Managed Security.

0

Security
Article by ATI Partner Chris Nyhuis, CEO – Vigilant 

In today’s world of Cyber security Incident Response we are seeing evolving threats that are no longer detectable by standard detection. You heard that right, effective evolving threats that can move around artificial intelligence behavior analytics and SIEM. To make it worse, if the security services/solutions you are using are easy to purchase that means threats can purchase them also, testing in their labs prior to attacking bringing them success on the first try.

One of these evolving tactics is in the realm of ransomware. Traditionally, Ransomware was thrown to the wind by the attacker, hoping to hit a random company who the attacker could charge a lion share of bitcoin after encrypting all their data. This approach was successful for quite some time, however, the good guys realized that with the proper backup strategy a company can respond and recover the encrypted data fast taking the wind out of the sails of the attack and money out of their pockets.

Ransomware went dormant for a while, which for us in the security community, meant there was some re-grouping and that there would be another trick up their sleeve. Silence means a wave is on the horizon.

Here’s what they are doing now and it’s ingenious.

  • Attacker enters the company using everyday malware, not anything special. 
  • Next they manually jump off of that original computer before it’s cleaned by AV and pivots to a few other systems so they have redundancy in the control of the network.
  • The attacker then manually identifies and takes over critical servers within the customer’s environment. Notice the manual actions here – it’s not easy to detect manual attacks so most organization’s security solutions will miss it.
    • They take over the following:
      • Firewalls – Ability to Defend
      • Exchange – Ability to Communicate
      • File Servers – Customer’s Data
      • Active Directory – Ability to Control Access
      • Backup Servers – Ability to Recover
  • Once they are on all of these they do a surgical encryption of these systems. Not widespread, surgical and at that point the company’s entire data structure and recovery ability is gone.


Did you see that? The attacker took out a company’s ability to RECOVER by destroying their backups! You can see that the threats your customers face each day are not automated dumb attacks. Threat actors can make significant revenue with these attacks, they are smart, agile and evolve in minutes. Vigilant’s been contacted by three companies in the last week ranging from 10 Million in revenue to 2.2 Billion in size completely encrypted and shut down. Two of them will go out of business and one will recover. The hard part for us is knowing that if we were there prior to the attack we could have stopped all three from happening. Vigilant is a Security as a Service organization who specializes in:

  • Intrusion Detection
  • Intrusion Prevention 
  • Incident Response 
  • Targeted Vulnerability Management

Vigilant performs a 5-Day no cost threat assessment for your customers to show them a much different and effective approach to security. Schedule one today.

Article by ATI Partner Chris Nyhuis, CEO – Vigilant 

Learn more about managed security with Vigilant’s CyberDNA. 
0

Security

 

Why Red Teaming isn’t Pen Testing

Red Teaming has become a buzz word in the security industry of late and is often mistaken to be the same as penetration testing. But how does a Red Teaming engagement actually differentiate from pen testing? 

In this webinar, Ed Williams, Director of SpiderLabs at Trustwave for Europe, Middle East and Africa, will offer key tips to help you manage the complexity of today’s advanced threat landscape and understand some of the real benefits of Red Team engagements for your organisation. 

Tune in to learn: 


• What Trustwave SpiderLabs Red Teaming is all about and what makes it unique 
• How Red Teaming is different than pen testing 
• Key benefits of a Red Team engagement for your organization

0