Five Advantages of IT Consulting

Most organizations will face the question of whether or not to consider investing in IT consulting, keep operations in-house, or simply outsource their entire IT environment. The truth is, not all organizations know exactly what they’re doing when it comes to IT and it can greatly slow their growth and progress – and cost them a lot of money. There are many advantages to turning to an IT consultant to help your IT goals align with your overall goals.

Below we’ll discuss five advantages of IT consulting and how each can help your organization succeed.

Time

This may be one of the lesser talked about advantages to IT consulting. While there are only so many hours in a day, week, month, or year, you can use your time more wisely. It takes time to recruit the proper talent to fill your IT department, it takes time to implement good IT practices, and it takes time to manage all the things that come with IT. Hiring a top IT consultant can help you reduce the time it takes from concept to implementation: they’ll be familiar with best practices, security compliance, infrastructure, and how to make sure your IT environment is helping your bottom line.

Cost

One of the main concerns is the cost of maintaining a top IT infrastructure. This can be especially daunting if you’re unsure of what you’re doing or you make some mistakes along the way. While growing pains are often part of doing business, it’s entirely possible to mitigate them and reduce costs in the process. Some organizations have seen a reduction in IT costs of 30% or more! By reducing the cost of IT you can use the increased revenue to invest in IT or other aspects of your business. Not only can you reduce the cost of resources, but you can lessen the risk of major disasters that can cost your company time and money.

Security

Your data and infrastructure’s security is imperative to maintaining a successful business in an ever-evolving digital world. We’re all aware of the threat of data and security breaches including from some of the country’s largest companies. IT experts and consultants will be familiar with all types of businesses, all types of data, and the different ways to secure what’s most important to your business. They’ll be able to perform a security risk assessment on your current infrastructure and find ways to not only improve your security but make sure you’re compliant where you need to be. The threat of a virtual attack isn’t going away, so it’s important to have the proper security you need to avoid an attack that can cost your business big time.

Disaster Recovery

Things happen that aren’t always good for business. When a disaster occurs it’s important to know what to do, how to do it, and who is responsible for certain tasks along the way. Having experts at your side can and will make this process much less stressful. What is most important in the face of a disaster is recovering your data rapidly so you can continue doing business. An expert IT consultant will have multiple recovery options to minimize downtime, and a number of cloud and replication options.

Clean Infrastructure

Though it isn’t easily obtainable, an expert IT consultant will provide a holistic infrastructure assessment allowing you to enhance operational efficiency, increase security, cut costs, and achieve compliance guidelines. In essence, this brings all the other advantages together in one. You’ll be provided with a best-fit solution for your IT needs as a company like Neovera will conduct a thorough assessment and gap analysis of your core infrastructure, including architecture design, implementation and migration services.

Having proper IT consulting is a major make or break point for any organization’s operational efficiency. While every incident is not completely avoidable, having the correct protocol in place will allow your business to continue to operate during the solution process. Neovera’s promise of 24x7x365 bespoke IT consulting allows companies to rest assured that their data is secured and protected.

Shifting Thoughts on Firewalls

Firewalls are par for the course when it comes to discussing cyber security protection. From households to businesses, they’re considered to be fairly simple and easy solutions to combat cyber security attacks. The types of attacks are becoming more unique and greater in quantity, meaning that groups are realizing they need more protection than just a firewall, and have also begun to question the real benefit it brings when used as the only point of cyber security protection on a network.

Let’s start with the basics – what exactly is a firewall, and what does it do? A firewall is a piece of equipment that blocks any incoming actions it deems malicious while allowing verified network users to interact as they so choose. And, for a time, this system worked – the same attacks would move across the Internet, meaning a firewall didn’t have to learn anything new and take time to mold itself accordingly. Once the attacks became more vicious and unique, firewalls were unable to provide the security from the past. So while firewalls are a good first step in any cyber security plan – big or small – they don’t learn from new attacks or protocols.

However, there is a new standard being set for firewalls that will really change the game in the cyber security world. Artificially intelligent machines are becoming more popular, though they are still very much in their infancy, and companies are banking on their continued growth. One virtual machine that takes its firewall capabilities a step further operates by essentially creating a new “space” for each action taken by a user on the network. If, within that space, a link is clicked on that is deemed malicious, the attack itself cannot go any further and is contained. It is a small but significant difference from the way a firewall operates and could pose a major shift within the cyber security industry.

This article is not saying that firewalls are unnecessary; instead, it is instigating a shift in the thought process of anyone implementing a cyber security protection plan. Firewalls are absolutely an important part of any plan for companies big or small. However, to say that they are able to protect an entire network on their own is not a valid statement by any means. Combined with an experienced and trained team of professionals, along with other points of protection mentioned in past posts, networks can be safer and more secure with multiple safeguards in place.

SIM Swap Derails SMS Two-Factor Authentication

We’ve written about two-factor authentication in the past, and how it is a vital part of any cyber security plan whether you are a single user or company with hundreds of employees. Though it does make challenging for an attacker to infiltrate your network with these precautionary measures in place, new tactics are being used that have threatened its viability. SMS two-factor authentication is now under scrutiny as various parties around the world have reported being hacked through a “SIM swap”. How much of a threat is it to businesses and individuals, and what’s alternative options can your company consider to protect its data and network?

SMS two-factor authentication is offered by most websites as a way to determine the user changing any significant details within your stored data is a trusted entity. However, hackers have found ways to gain access to a user’s phone and steal the code sent as a part of the two-factor authentication process. Known as a “SIM swap”, a hacker can call your phone company, impersonate you, and convince the company to redirect the incoming texts to an entirely different SIM card. Then, it’s only a matter of time before they can reset your passwords and “embody” your online persona.

All that being said, don’t use the above information as a carte blanche to discontinue your use of SMS two-factor authentication. Security researcher and forensics expert Jonathan Zdziarski explains that two-factor authentication is meant to test someone’s knowledge on what they know (a password) and what they have (a mobile device). Unfortunately that “something” a user has is now “something they sent you”; in other words it can be intercepted in the SIM swap. One way to circumvent dealing with a SIM swap is to use tools such as Google Authenticator or an RSA token. Basically they allow for a code to be created that uniquely matches with one generated on a web service’s server, and they change every few seconds.

The idea of a SIM swap hasn’t hit mainstream attack status just yet, but it’s only a matter of time before companies big and small will have to reassess their two-factor authentication options. Utilizing a company like Neovera is a great start in staying one step ahead of the debilitating attacks that could easily cripple your organization. As an MSS/MSSP, Neovera utilizes over fifteen years of cyber security experience to manage and monitor your vital data and network components, leaving you with more time to focus on growing your business and reaching your goals.

 

Watch Now: C-Suite Roundtable Discussion at the Executive Summit for Cyber Security 2016

The Executive Summit for Cyber Security brings together C-level IT security executives, industry analysts, and solution providers to discuss challenges and best practices so attendees can come away with advice and knowledge to start proactively protecting their environment from the latest security threats. This year’s event featured a moderated roundtable discussion where notable government and industry panelists explored key cyber security issues and provided expert insight on securing an organization’s mission critical data. Watch the video below.

Panel Members:
Greg Shanton – Vice President of Cyber Security at Neovera (Moderator)
Johan Bloomhart – Virtual CTO, WatchGuard Technologies
Marv Langston – former Deputy DoD CIO and Navy CIO
John Piper – former Chairman of the White House Information Systems Security Advisory Group
Doug Ichiuji – Senior Vice President, US Bank

 

“But We Need to Protect Our Data!” Justifying Cyber Security Spend to Your Board of Directors

As an enterprise, spending $551,000 on something avoidable isn’t an ideal situation, is it? Well, that’s the average amount spent to restore network operations after a significant data loss event – and it doesn’t include the extra costs associated with regaining normal business functionality. According to the 2016 Global State of Information Security Survey, at least 60% of enterprises say they never fully recover.

This is where an enterprise’s Board of Directors becomes a key component in the cyber security planning process. Currently, close to half of reporting organizations say their own executive board is extremely active in setting up the cyber security plans and protocols. However for those companies where this is not the case, the time is now to ensure each and every c-suite member understands and contributes to their organization’s data loss prevention plans.

So how do you justify the resources you need to protect your enterprise? There are some cyber security misnomers to overcome and make your board aware of in order to present the best case for greater allocation of resources and budget. By addressing these myths and focusing on the hard facts, your board will realize the necessity of investing in cyber security efforts to protect your organization’s mission critical data.

Cyber Myth #1: Employee education is an add-on.

Couldn’t be further from the truth, especially when you consider that 34% of security incidents are caused by someone clicking on an errant link or advertisement, or visiting a compromised website. Luckily, many companies have realized that IT education is a major tool in their arsenal – 42% of enterprises have mandatory lessons – but that number needs to be at 100% to truly combat cyber security threats.

Cyber Myth #2: Security is an internal issue.

Ever heard of IoT? Those three letters alone refute this unfortunate myth – currently, it’s rare to find something not connected to the Internet. With that being said, everything from medical devices to HVAC systems are vulnerable to cyber attacks and it’s imperative that they are protected as much as the computers that an enterprise business relies on every day. Also, this protection should extend to the partners your company works with – 40% of large enterprises are very confident in their suppliers’ information security system. That means the vast majority of large enterprises are out in the cold; don’t let this be your company. Make sure the Board of Directors is very aware of every threat coming in and react before there’s a major attack on your protected data.

Cyber Myth #3: Endpoint protection is a set point on the IT landscape.

An endpoint is defined as each point that a device connects to a network. And, in the beginning, that may have been limited to a few desktop computers. But now there’s everything from phones to tablets, laptops, credit card readers, watches…you get the picture. Since each of those devices have an endpoint on the network, that’s an extra piece in an organization’s cyber security puzzle. 36% of employees surveyed have been exploited via their mobile device – are you willing to take the risk with your company’s protected data and hope you come out on the other side with the 64% that haven’t been attacked yet?

Cyber Myth #4: One attack cannot bring down a whole system.

Yes. Yes it can. One attack can take down a company of ten or a company of 10,000 depending on the scope, breadth and overall intricacy of the attack. Sony Pictures dealt with their attack for months with all of the terrible publicity surrounding the leaked messages and conversations, and Target is still dealing with the aftermath of their credit card breach. These are big companies with a lot of resources – what happens to the smaller companies that want to continue blindly on in hopes that a similar attack won’t happen to them? 90% of organizations have experienced some type of external threat; now, one may think that most are small in scale, or just the one time and it won’t happen again. But, pose this situation to your customers: do they want to do business with a group that isn’t taking full control of their cyber security?

Cyber Myth #5: You can protect your vital infrastructure with existing, traditional security software.

Sure, you can do that, but you can also put a fence around your house and leave the windows and doors unlocked. Malicious persons may not notice immediately but once they do, say goodbye to your protected data and information. On average, enterprises spend $942,000 to deal with a breach in a virtual environment, versus half that number for an environment that is not virtual.  Going back to the original statement – when a company uses tools not intended for a virtual environment, the protective forces only cover so much ground. Leaving a number of endpoints vulnerable means your company is at risk for cyber attacks and APTs galore.

Cyber Myth #6: You can do it alone.

There’s a reason they are called cyber security firms or companies and not cyber security person. Every day there’s a new attack or threat or alternative way to hack through what was once an impenetrable set of protective devices; you cannot expect one person to do it alone and have your company thrive as a result. By creating a team of individuals with skill sets that constantly grow and mature with the cyber threat landscape, you are allowing your company to grow and prosper without the possibility of a cyber attack to drag you – and your earnings – down in the dumps.

So the bottom line? Do your cyber security homework. By addressing these commonly held misconceptions and focusing on the high value points will make the best case to your Board of Directors for greater allocation of resources and budget. As more and more data moves outside of your organization through mobile working and the sharing of information, helping your executives to understand the risks involved is imperative.

With Neovera, your company will receive the expertise gained from over 15 years of experience identifying risks and understanding the security threats associated with each and every client’s environment, as well as providing recommendations to prevent security breaches and data loss. Neovera’s Cyber Security Services (CSS) platform provides enterprise-grade cyber security for organizations that are looking for a no-hassle solution to protect their data. Our global threat intelligence monitoring system helps us fully understand the threat landscape so that emerging threats and advanced attack methods are identified and thwarted before damage is done. Bottom line: We protect your data from cyber attacks.

Watch Now: Neovera Presents “Protecting Vital Company Assets” at the Executive Summit for Cyber Security 2016

Speaker Greg Shanton, Vice President of Cyber Security at Neovera, addresses C-Suite attendees at the Executive Summit for Cyber Security 2016 on best practices to protect your organization’s mission critical data. This exclusive, thought-leadership event took place on May 18th, at Congressional Country Club in Bethesda, MD, and was hosted by Neovera and WatchGuard Technologies. Watch the presentation below.

Neovera Threat Intelligence Short Report – February 22, 2016

A hospital in Southern California made news last week after being the victim of ransomware for 10 days. Hollywood Presbyterian was only able to regain access to its electronic medical records (EMR) system after paying 40 bitcoins, or roughly $17K.

Sophos put the impact of the ransomware on Hollywood Presbyterian bluntly: “This was no joke: ambulances were diverted, electronic medical records disappeared, email was unavailable, and there was no access to X-ray or CT scan information.  Radiation and oncology departments apparently pretty much shut down; their employees apparently banned from even turning on their computers.”

This is the most recent example of what will likely be a popular business model among cybercriminals—holding a network hostage to extort payment, instead of harvesting valuable data and selling it on the secondary market.

One of the reasons why this is likely a growing business model is the easy availability of the Ransomware as a Service (RaaS), which makes it very easy individuals or groups to rent the infrastructure required to compromise a network and hold it hostage. The cybercriminals know that very few businesses could stay in business after losing access to their essential data and systems, like Hollywood Presbyterian.

Impact on you

  • Ransomware is a growing threat: The FBI’s Internet Crime Complaint Center reported between April 2014 and June 2015 it had received almost 1,000 “ransomware” complaints, costing victims more than $18 million in losses.
  • Ransomware typically compromises a network via a phishing attack. Phishing attacks are still a popular method because they continue to succeed. According to the 2015 Verizon Data Breach Report, “…a campaign of just 10 e-mails yields a greater than 90% chance that at least one person will become the criminal’s prey…”
  • Based on information posted on LinkedIn, facebook, and other social media, t’s likely that a focused cybercriminal could quickly determine whom to impersonate in your organization to fool the targeted employees into opening malware-carrying email.

How Neovera Can Help

Our team continues to research and update the ability to detect ransomware-related activity. The platform’s ability has been updated to detect several families of ransomware by adding IDS signatures to detect the malicious traffic on your network and correlation directives to link events from across your network that indicate systems compromised by ransomware.

New Detection Technique – Ransomware

The following correlation rules and IDS signatures to detect new ransomware families have been added:

  • System Compromise, Ransomware infection, JobCrypter
  • System Compromise, Ransomware infection, Pottieq

In addition to that, the team updated some rules and added new IDS signatures to improve the detection of previously known ransomware families:

  • System Compromise, Ransomware infection, Alphacrypt
  • System Compromise, Ransomware infection, Teslacrypt
  • System Compromise, Ransomware infection, HydraCrypt
  • System Compromise, Ransomware infection, JobCrypter
  • System Compromise, Ransomware infection, Pottieq

Next Steps

Does your organization want to see if this is happening in your environment? Contact Neovera at (866) 636-8372 or sales@neovera.com to demonstrate how our comprehensive Cyber Security Services can help with ransomware and other types of threats.

Cloud Migration: Four Key Benefits for your Company

Saving your data in the cloud could save your company in more ways than one – the rise of cyber crime and the increasing need to store more and more data makes companies and individuals susceptible to data theft, corruption, or loss. Many businesses will back up data with a secondary, external hard drive, or a central server. However, if your data storage becomes vulnerable, it is imperative to have a backup plan. In this particular instance, moving to the cloud allows for a more scalable environment that continues to grow alongside your business needs.

Four benefits you can expect immediately after moving to the cloud:

  1. Cost Savings: When you run your own servers, you’re looking at up-front costs: in the world of cloud-computing, that initial hardware investment is taken care of by the cloud provider. Additionally, you can reduce your IT department’s size and money spent on storage costs as a result of moving to the cloud. Furthermore, redistributing IT resources to areas that focus on business growth and not maintenance is another payoff for migrating your company’s data to the cloud.
  2. Storage Capacity: The cloud grows in stride with your data, and you only pay for the space your data is inhabiting at a given time. For as little or as much space as is necessary for your company, not only is it available but you won’t ever have to worry about going over a set storage limit (there isn’t one!).
  3. Improved Operations: You can access your data anytime, and anywhere. Downtime for server updates and maintenance will be a thing of the past, and your business will thrive with the extra time available.
  4. Security: Cloud providers make it their mission to ensure the safety of your information. Databases in rural locations with strict entrance protocols ensure that much, and not to worry if there happens to be a breach – alarms will sound and your cloud provider should be able to provide your company with 24×7 failover protection in emergency situations.

Cloud computing could become one of the most important pieces in your business arsenal. On-premise hardware with limited storage capacity that your own IT team needs to maintain is a thing of the past and puts a hard stop on any business development if there happens to be a technological glitch or breach. Grow your business with the cloud and experience the limitless possibilities.

Neovera Threat Intelligence Short Report – December 31st, 2015

Emerging Threat – Juniper ScreenOS Backdoor

An advisory has been issued that unauthorized code in the ScreenOS software that powers Juniper’s NetScreen firewalls has been discovered. There are two distinct issues: a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. Exploitation of these vulnerabilities can lead to complete compromise of the affected device.

We added IDS signatures and correlation rules to detect the relevant activity:

  • Reconnaissance & Probing, Backdoor, Juniper ScreenOS telnet Backdoor Default Password Attempt
  • Environmental Awareness, Vulnerable software, Exposed Juniper ScreenOS

Emerging Threat – Emissary

targeted attack in November directed at a French Diplomat working for the French Ministry of Foreign Affairs. The attack attempts to exploit CVE-2014-6332 using a slightly modified version of the proof-of-concept (POC) code to install a Trojan called Emissary, which is related to the Operation Lotus Blossom campaign.

We added IDS signatures and a correlation rule to detect Emissary:

  • System Compromise, Targeted Malware, Emissary

New Detection Technique – BBSRAT

BBSRAT is a new tool that attacks Russian Organizations linked to Roaming Tiger. It uses weaponized exploit documents and leaves Russian language decoy document files after infecting the system. The files exploit the well-known Microsoft Office vulnerability, CVE-2012-0158, to execute malicious code in order to take control of the targeted systems. BBSRAT uses the same C2 domains as previously published in the “Roaming Tiger” campaign

We added IDS signatures and correlation rules to detect the following RAT activity:

  • System Compromise, Malware RAT, BBSRAT
  • System Compromise, Malware RAT, BBSRAT SSL Certificate

New Detection Technique – Remote Access Tools

The typical attack pattern involves first an attack (exploited vulnerability) and then installation of malware. Often this last step includes a Remote Administration Toolkit (RAT) used to gain control to the compromised machine.

  • System Compromise, Malware RAT, ExysRAT
  • System Compromise, Malware RAT, AresRAT

New Detection Technique – Malware

The following correlation rules have been added due to recent malicious activity:

  • System Compromise, Hacking tool, Metasploit Meterpreter
  • System Compromise, Targeted Malware, Fexel
  • System Compromise, Targeted Malware, Ironhalo
  • System Compromise, Targeted Malware, Elmer
  • System Compromise, Backdoor, WeBaCoo Web Backdoor Detected
  • System Compromise, Ransomware infection, Radamant

Updated Detection Technique – Exploit Kits

Exploit kits are used in what are called “Drive-by Downloads.” Undetectable by normal users, these kits are embedded in websites by attackers. When a user browses to a website hosting an exploit kit, the kit attempts all known attacks to compromise the user and install malware on their machine. This approach is a common attack vector and a major source of infections for end users.

Cybercriminals constantly change the patterns they use within their code to evade detection. This week we added the following IDS signatures and updated correlation rules to enhance exploit kit detection:

  • Delivery & Attack, Malicious website – Exploit Kit, Neutrino EK
  • Exploitation & Installation, Malicious website – Exploit Kit, Angler EK

Updated Detection Technique – Malware SSL Certificates

We have added new IDS signatures to include the list of certificates identified by Abuse.ch to be associated with malware of botnet activities. The new correlation rules use this information to detect C&C communications related to several malware families, including:

  • System Compromise, C&C Communication, Gootkit SSL activity
  • System Compromise, C&C Communication, Gozi SSL Activity
  • System Compromise, C&C Communication, Known malicious SSL certificate

Updated Detection Technique – Tor Onion Proxy

Tor is an open network that enables anonymity and allows users to surf the Internet anonymously. Tor also provides anonymity for servers that can only be accessed through the Tor network, called hidden services. There are some websites that allow access to Tor hidden services through the Internet without being inside the Tor network. We have created a new correlation rule that will detect when a system is accessing one of these services. Many ransomware schemes use these services to receive payments and conduct other malicious activities.

  • Environmental Awareness, Anonymous channel, Tor Onion Proxy

Updated Detection Technique – Malicious TOR .onion domain

.onion is a top level domain suffix that is used for hidden services inside the Tor network. Several families of malware are starting to use hidden services as a mechanism to communicate with a C&C server and usually use a predefined onion domain. We have updated a correlation rule that groups different IDS signatures that detect when a system is trying to resolve a malicious onion domain:

  • System Compromise, Malware infection, Malicious TOR .onion domain

Updated Detection Technique – Ransomware

Last week we added IDS signatures and updated correlation rules to detect several ransomware families:

  • System Compromise, Ransomware infection, Alphacrypt

Updated Correlation Rules

The following correlation rules have been updated due to recent malicious activity:

  • Delivery & Attack, Malicious website, Phishing activity
  • System Compromise, Malware RAT, Poison Ivy
  • System Compromise, Malware infection, CoinMiner
  • System Compromise, Malware infection, Darkleech
  • System Compromise, Malware infection, Generic
  • System Compromise, Targeted Malware, DeputyDog
  • System Compromise, Trojan infection, Banload
  • System Compromise, Trojan infection, Bitcoin Miner
  • System Compromise, Trojan infection, Dorv.A
  • System Compromise, Trojan infection, Jaik
  • System Compromise, Trojan infection, Kelihos
  • System Compromise, Trojan infection, Linux DDoS Bot
  • System Compromise, Trojan infection, Winwebsec

Think Before You Click: Could I Steal Your Information?

The truth: we need the Internet. According to Statista the United States has over 200 Million Internet users; that’s over two thirds of us.

The problem: most people don’t know how unsafe they are when using the Internet. Sure, websites put up “safety seals” and purchase SLL certificates to help ease consumer or user concerns but this often isn’t enough to stop someone from stealing your personal information.

Currently, when a person or business registers a domain name for a website they must provide contact details such as a name, address, and email but if the purchaser doesn’t want this information shown on a public WHOIS (domain search), they can use a privacy proxy or company that will provide its own contact details in lieu of the registrant’s. This amount of privacy allows people to anonymously register domain names which can elicit spam or other negative attention. WHOIS records are already a hot bed for spam artists who comb them to gain email and home addresses.

We move at light speed creating new websites, apps, products, and services while only thinking briefly about how secure they actually are. Remember the case of SnapChat, who claimed they did not keep any snaps after they were seen by the recipient? It turned out SnapChat in fact did keep a record of the snapped chats even after they were supposedly deleted.

Most of us don’t even blink an eye when clicking the box to accept the terms of service (we could’ve signed off our firstborns for all we know), or fill out a form because we assume that the company or provider on the other end can be trusted to protect us. In reality, they only do what they’re legally required. Current requirements are not necessarily strict, and if a company is the victim of a cyber attack (think Target, IRS, Apple) they face little repercussion outside of a slight dip in consumer trust or loyalty – at least for large brands.

Rest assured there are plenty of security advocates fighting for our online safety. The Internet is still a relatively young, and ever changing beast that is difficult to regulate or fully secure.

What can you do to help protect yourself? batmanWhile we continue to see new legislation and regulations rolled out in the future, you can do a number of things yourself. As a consumer, you can use prepaid credit or debit cards, only purchase from websites you trust 100% or have a solid reputation for security. You could also limit the amount of information you share online in places like Facebook, Twitter, or other social websites.

As a business you can seek out vendors, such as Neovera, who can help run security audits, find holes in the armor, and help build a plan to protect yourself from cyber attacks. When a business takes firm action to try to stop threats, it trickles down to their customers as well, making their information more secure and building more trust.

In the end, the Internet is an awesome, yet sometimes scary place. It can often seem like the Wild Wild West of the digital era, but it doesn’t have to be if precautions are taken.