Blog

Archive for Company News

The Data Security Game Has Changed

Why Today’s Security Strategy May Not Be Enough

For auto racing fans and teams, safety is a subject that is always on everyone’s mind. Compared to racing 25 years ago, the game today has changed dramatically. Cars are faster, lighter, and danger to the drivers has increased. Safety features to accommodate these changes certainly cost the race team more money – but they’re necessary to stay secure. Investments in safety continue, as long as the threat escalates. The same is true in business, technology and cybercrime The game has indeed changed and a business’s security investment must adapt.

5 Reasons The Game Has Changed

Cyber-security, much like car racing, has changed significantly over the past several years. There are five ways the cyber-security game has changed and why the current strategy, particularly for the small businesses, may not be enough.
1. The Growth of Cyber-Crime – The growth in attack volume on small businesses has grown exponentially because it’s easy. Small businesses (and some public sector entities as well) tend to be well behind the security curve, making the organization an easy target of cybercrime.
2. The Target of Cyber-Crime – The real target of cyber-crime are small businesses! In 2014, 60% of all known successful attacks where against small and medium businesses. And of those that were breached, 60% went out of business within 6 months.
3. The Number of Security Solutions – While firewalls, IDS/IPS, AV, etc., are critical, improper configuration and management of these tools often create more risk. Many companies might not have the resources or expertise to know what to do if those tools alert them of a problem.
4. The Lack of Expertise – The most effective way to listen to these devices is to observe their every action and their communication patterns. Because these actions and “event logs” occur several times per second, many companies turn to a Security Information and Event Management tool (SIEM) to help make sense of the vast amount of machine data being generated.
5. The Lack of Resources – Security products, to be effective, must be monitored and maintained 24/7 so that threats are detected and responded to immediately. Not an easy task for the typical small business that cannot afford around-the-clock security experts. Cisco agreed that “the worldwide shortage of information security professionals is at 1 million openings, even as cyber attacks and data breaches increase each year”.

“it only take once for a hacker to gain access to your network, but it takes 100% of your time defending it”!

Cyber-threat monitoring and detection are the cornerstones of an effective IT security strategy. But collecting the right data, parsing and analyzing it into manageable and useful pieces of information is an extremely complex task.
Our 24/7 security service employs the right technologies, paired with a staff of security experts, to reduce the risk and complexity of protecting your critical data.
Our SentreeGuard solution provides the intelligence and awareness needed to take action on the latest threats in your organization’s environment.  If you are serious about your company and want to take your security to the next level, we have the next level security solution, SentreeGuard.

 

 

Get Your Security Audit Today, Tomorrow Could be Too Late!!!

Did you know that the average breach goes undetected for more than 200 days?


Get Your Data Security Audit

Share

Posted in: Company News, Monthly Security Brief, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

Turn Your Existing Gateway into a Security Powerhouse With a Click of the Mouse When You BYOG

Turn Your Existing Gateway into a Security Powerhouse With a Click of the Mouse When You BYOG

We all love a good BYOB, so just think about it… what if you could do a BYOG? You know, Bring Your Own Gateway. Enjoy a clean, safe Internet experience without having to use any additional software or hardware, plus be safe online in five minutes. Can you imagine not having to spend time and energy on wiring your house or business (not to mention the gray hairs you will save)? We know, it sounds so simple. Well, that’s because it truly is. There is nothing to move or change when you do it the smart way, the BYOG way.

MDS Cloud Powerhouse

 

Turn your existing gateway into a perimeter security powerhouse! Not only do you have Botnet protection with MDS, but also phishing protection. Save the fishing time for a Saturday afternoon at the river, not when you are busy working on your laptop. Who wants to handle that headache of making sure you are protected from malicious malware and phishing schemes on a daily basis? Luckily for you, we do.

BYOG Cloud Link

 

MDS not only protects your computer system when you BYOG, but we also are able to get you connected quickly to our cloud tunnel since there is no extra wiring needed. Don’t have an existing gateway? No problem! You can also connect though one of our Cloud-Links®. The MDS Cloud-Link gives you full access to the MDS Cloud in under five minutes. It’s easy to manage and includes free guest WiFi.

It’s that simple. Turn your existing router or gateway into a next generation cybersecurity machine in just five minutes! Experience clean Internet with the MDS Cloud with a simple click of the mouse. Just think, the MDS Cloud provides you with a Firewall, Antivirus, IPS, APT Defense, Web Filtering, Botnet Protection, Phishing Protection, Malicious Site Protection, Application Control, DLP, and Advanced Malware Protection. All in a day’s work for MDS when you BYOG to our MDS Cloud!

 

Are you at RISK of a security breach?

Did you know that the average breach goes undetected for more than 200 days? Find out in 60 seconds if you are VULNERABLE to a Cyber Breach!  


Test your Internet Connection!

 

Share

Posted in: Company News, Monthly Security Brief, Newsletter Topics, Tech News

Leave a Comment (0) →

Microsoft Patches Critical Windows, Internet Explorer Vulnerabilities in Patch Tuesday Update

Microsoft issued nine security bulletins today for this month’s Patch Tuesday.

Three of the bulletins are rated ‘critical’ and impact Internet Explorer and Microsoft Windows. The IE bulletin (MS15-009) will be the focus for many organizations, and fixes a total of 41 vulnerabilities – one of which was disclosed publicly (CVE-2014-8967) and another of which is known to be under attack (CVE-2015-0071). Despite the large number of fixes, the bulletin does not however address the recently reported universal cross-site scripting vulnerability impacting IE.

"The almost ubiquitous critical cumulative patch for all supported versions of Internet Explorer is back (MS15-009) after a one month hiatus, clearly Microsoft was saving up from last month because this advisory addresses 41 CVEs including CVE-2014-8967 which has been publically disclosed and CVE-2015-0071which is under limited targeted attack," said Ross Barrett, senior manager of security engineering at Rapid7.

The critical Windows bulletins are MS15-010 and MS15-011. According to Microsoft, MS15-010 addresses one publicly-disclosed and five privately-disclosed issues. The most severe of these can be exploited if an attacker convinces a user to open a specially-crafted document or visit an untrusted website that contains embedded TrueType fonts. MS15-011 meanwhile is aimed at one privately reported issue in Windows that could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network.

"A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller," Microsoft explained in its advisory. "To exploit this vulnerability, an attacker would have to convince a victim with a domain-configured system to connect to an attacker-controlled network."

The bug, CVE-2015-0008, was discovered by JAS Global Advisors and simMachines. According to JAS, all computers and devices that are members of a corporate Active Directory may be at risk.

"The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device," according to a JAS advisory. "Roaming machines — Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network (VPN)) — are at heightened risk."

"The IE CVE free-for-all is paired up with two critical remote code execution issues affecting all supported versions of Windows, except Server Core variants," said Barrett. "For MS15-010 this includes CVE-2015-0010 which has been publically disclosed and is the probably reason for the critical designation here, even though over all Microsoft deems this vulnerability as less likely to be exploited. MS15-011 relates to how group policy is applied and is deemed as likely to be exploitable."

The remaining bulletins are all classified as ‘Important’, and cover issues affecting Microsoft Office, Windows and Microsoft Server Software. One of these is MS15-016, which Core Security Principal Software Engineer Jon Rudolph called interesting but less urgent than the other bulletins.

"It appears that the Microsoft library that draws .tiff images might be exposing your computer’s data to attackers," he said. "This kind of vulnerability could be used on a malicious website, and the attacker might be able to see personal information about the user that had not intended to disclose. The good news is that they probably don’t get to pick what they see, and there is not a way to take control of the user’s system directly. However, as the information on our desktops and laptops becomes more vital over time, I think we’re more sensitive to information leaks like this and Heartbleed where attackers eavesdropping for long enough periods are bound to find the keys to our kingdoms and use them to fund and build castles of their own."

Article by SecurityWeek

Share

Posted in: Company News

Leave a Comment (0) →

Windows Server 2003 End of Support 7-14-15

The Windows Server 2003 end of support is on July 14, 2015 could signal the beginning of a new stage in the evolution of your IT organization. You have the opportunity to transform your datacenter and open up a whole new world for your business.

Microsoft envisions a datacenter without boundaries—where you can extend beyond the resources you have on-premises to more easily use cloud resources when you need them. Rapidly build new global-scale applications or websites. Scale infrastructure at a moment’s notice to meet the most demanding business requirements. And reduce the cost of storage, backup, and recovery.

<![if !vml]><![endif]>

Microsoft technologies offer another great advantage: dynamic delivery of applications. The goal of creating infrastructure is to help your IT professionals respond to the needs of the business more quickly and with greater agility. With the power of automation, IT professionals are equipped to provision, deploy, monitor, and manage nearly everything—applications and infrastructure—from a consistent platform across clouds.

This datacenter transformation is driven by Windows Server 2012 R2,
Microsoft Azure, and Microsoft Office 365.

See how Sentree Systems, Corp. can help Indiana SOLO/Small Businesses Migrate away from Windows server 2003.

 

Share

Posted in: Company News

Leave a Comment (0) →

13 Legal Tech Stories Scarier Than Dracula or Wolfman

Think Verizon and the NSA shouldn’t be in the same category as Wolfman and Frankenstein? Think again: Behind you! It’s … it’s … packet shaping!

So maybe James Clapper isn’t as scary-looking as Lon Cheney in "Phantom of the Opera," but the implications of warrantless surveillance are terrifying. For Halloween, make sure you have the lights on as you read about these 13 (arguably) "frightening" legal issues facing technology today:

  1. Verizon Wireless is tracking your Web traffic. Wired reported earlier this week that Verizon was injecting identifiable IDs into user traffic in order to more effectively target advertisements.
  2. The FBI thinks people who use encryption are criminals. FBI Director James Comey wants to have a master key to everyone’s stuff. Because only murderous pedophiles need to keep the FBI out of their cell phones.
  3. We’re not allowed to know how many National Security Letters get served. Twitter is suing the government for the right to be just a teensy bit more specific than "less than 1,000" about how many requests it gets to turn over user data through National Security Letters.
  4. Police can trick your phone into connecting to their sting operation. Police use a device called a "Stingray" to get cell phones to think it’s a cell tower and connect to it. They’re very tight-lipped about the device, but it also doesn’t help that they’ve lied about using it to get search warrants.
  5. Your thermostat can and will be used against you. Your woefully insecure thermostat or refrigerator could allow a hacker to infiltrate your home network through the fridge — it’s right behind you! (The fridge, I mean.)
  6. ISPs want to do away with net neutrality. Right now, ISPs have to deliver all the bytes you want at the speed you pay for. If net neutrality disappears, you’ll get some of your bytes at one speed, but the bytes you want the most will cost you more.
  7. A Comcast/Time Warner merger is still a possibility. Combined, Comcast and Time Warner would own 57 percent of the cable market. Verizon, the next-largest company, would own a whopping 8 percent.
  8. The FBI thinks it doesn’t need a warrant for your email. Thanks to an outdated federal law, the FBI may be technically correct, even though the Sixth Circuit said parts of the law (the Stored Communications Act) are unconstitutional.
  9. NSA spying has practically no oversight. Contrary to what Clapper has said, Congress says it’s routinely not informed about certain things, and the FISA court says it lacks the expertise to know if the NSA is telling the truth.
  10. ISPs don’t want municipal Wi-Fi. State legislatures, with backing from disinterested parties like major ISPs, want to make it illegal for cities to set up their own municipal wireless networks. Because, you know, money.
  11. State officials are reading emails between attorneys and incarcerated clients. Prosecutors are reading confidential attorney-client emails and introducing them into evidence. It helps that the only email systems some prisons let inmates use are conspicuously monitored.
  12. Government officials impersonating real people. Turns out the DEA was impersonating a woman on Facebook without her knowledge or consent.
  13. Your license plate is being scanned all the time. Even outside the Internet, you’re still being scanned: In Los Angeles, police routinely record the locations of identifiable cars without any articulable suspicion.

Are there any other "terrifying" legal tech issues keeping you up at night? Let us know via Twitter (@FindLawLP) or Facebook (FindLaw for Legal Professionals)… if you dare!

Related Resources:

Share

Posted in: Company News

Leave a Comment (0) →

FTC Concerned About Apple Watch, 3rd Party Access to Health Info

At an unknown time in probably Q1 next year, at an unknown price, the Apple Watch is coming. The Apple Watch promises, among other things, a centralized way to track all your health statistics. That’s got some ears perking up, from e-discovery experts to, now, the FTC.

Citing two anonymous sources, Reuters reported yesterday that Apple and the FTC were in talks over the privacy of all that juicy health data the Apple Watch will undoubtedly collect. In closed-door meetings, the FTC has allegedly asked for assurances that third parties or marketers won’t be able to access a user’s health data.

Officially, Apple has strong privacy protections in place. Its App Store submission guidelines for apps using the HealthKit API don’t allow apps to store health information in iCloud or use health information for advertising purposes.

Yes, the ‘E’ Word

But privacy isn’t the only problem. The Apple Watch monitors and stores health care data that could be at issue in a lawsuit — meaning that our e-discovery woes are entering a whole new universe. As the Apple Watch might say if it were Jack Nicholson, "Wait ’til they get a load of me."

It’s unknown yet (to the public, at least) just what or how the Apple Watch stores health information, but lawyers will definitely need to understand the technology if an employer subpoenas it in a workers’ compensation or disability claim. And getting that data isn’t as easy as hooking the siphon up to the company’s server. Did we mention data retention might be a problem? At least some law student is going to have a heck of a law review note to write about all this.

Who Can You Trust?

Certainly Apple is successful enough that it doesn’t need to rely on surrendering users’ private information to advertisers in order to make money. But Apple’s not the problem; it’s the app makers, who use apps either to collect information or to up-sell.

It’s hard to believe a company whose business model once included children mistakenly buying in-app purchases of hundreds of dollars’ worth of "Smurfberries" would be above finding a way to monetize consumer health data. Reuters points out that the FTC discovered 12 mobile health apps "were sharing user information with 76 different parties, such as advertisers." In a few instances, the health data were transmitted along with users’ names and email addresses, reported Ad Age.

So if you thought tracking location data was bad, maybe sit out a little while to see how this Apple Watch thing plays out.

Related Resources:

Share

Posted in: Company News

Leave a Comment (1) →

5 Practical Gifts for a Tech-Savvy Lawyer’s Office

If Thanksgiving is coming, you’d better believe that "Black Friday" deals are too. Hopefully you won’t actually be out shopping on Black Friday — or on Thanksgiving, for crying out loud. In any case, you don’t need to wait until Black Friday before finding deals for the tech-savvy lawyer in your life — "Black Friday" is basically a month-long thing now.

So what do you get for Attorney 2.0? Gadgets, of course. In the first part of an ongoing series about tech stuff, here are some of our favorite tech gifts for the lawyer’s office (all prices are current as of publication):

1. Headphones.

If you work in a cubicle environment like we do at FindLaw, you can’t turn Taylor Swift up to maximum (as much as my fellow blogger William Peacock would like to). Instead, get the lawyer in your life a pair of over-the-ear headphones like this sweet studio set for only $68.

2. A Wireless, Multifunction Printer.

The lawyer’s home office needs a laser printer for cheap, high-volume printing and copying (and maybe faxing, but all you need these days is one of those email-fax services). A lawyer also needs a scanner, but not one of those flatbed deals; a sheet-fed scanner is ideal for scanning a pile of documents with the push of a button. Like the Showtime Rotisserie Barbecue, you just set it and forget it.

We like this Brother wireless multifunction printer. It prints! It scans! It copies! And for $130? You can’t beat that with a stick.

3. A Backup Drive.

Yeah, yeah. It’s terribly prosaic — like getting someone vegetables for their birthday — but seriously, backups are one of those things that you have to make happen. If you know a lawyer who isn’t using Dropbox or any of the other cloud storage services (and if not, why not?), then make backups easy for him with a 1 or 2 TB hard drive. Yes, that’s terabytes — because they’re unbearably cheap now, currently $99 for a 2 TB drive.

4. A Big Monitor.

If your lawyer friend sits in her home office — or at the dining room table — all day squinting at a laptop screen, then it’s time to get a big monitor. Newegg has many deals on monitors, including this 24" Dell LED monitor for $170, which is $70 less than what it normally costs. Once you’ve got a big monitor, your whole world changes.

5. A Wireless Router.

Your wireless multifunction printer isn’t much good without a wireless router, is it? And if it’s been a couple years since your lawyer friend got a wireless router, then it might be time for an upgrade. All your devices made in the last few years support 802.11n, which transmits at up to 450 megabits per second (that’s 50 megabytes per second).

Any more "most-haves" for the tech-savvy lawyer(s) in your life? Send your suggestions to Twitter (@FindLawLP) or Facebook (FindLaw for Legal Professionals).

Related Resources:

Share

Posted in: Company News

Leave a Comment (0) →

U.S. Postal Service Says Hackers Got Employee Data

WASHINGTON – The US Postal Service said Monday hackers stole sensitive personal information from its employees in a large data breach this year, and got some customer data as well.

The postal service said in a statement it "recently learned of a cybersecurity intrusion into some of our information systems" and was cooperating with the FBI and other law enforcement agencies in an investigation.

It said the hackers appeared to have gotten "identifiable information about employees, including names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact information and other information."

A USPS spokesman said the breach affected as many as 800,000 people who are paid by the agency, including employees and private contractors. The statement said hackers also penetrated payment systems at post offices and online where customers pay for services.

It said the customer data included "names, addresses, telephone numbers, email addresses and other information" but that there was "no evidence that any customer credit card information from retail or online purchases" had been compromised.

The Washington Post, citing unnamed sources, said Chinese hackers were suspected in the breach.

The news comes with US President Barack Obama in China for high-level talks, amid heightened concerns about cyberattacks believed to originate from China.

The statement said some postal systems were taken offline over the weekend "as part of the cybersecurity intrusion mitigation efforts."

The postal service, which is an independent government agency, said it was offering free credit monitoring to employees whose information may have been stolen, to lessen the risk of identity theft.

Share

Posted in: Company News

Leave a Comment (0) →

Inside the Point-of-Sale Malware Threat

Point-of-sale malware has been at the center of numerous high-profile breaches this year. Many of those attacks have involved three pieces of malware – BlackPOS, FrameworkPOS and Backoff.

In a new report, researchers at security firm Cyphort have peeled the layers back from each of these cyber-weapons, which have been linked to attacks on businesses ranging from Target to Home Depot to UPS.

Cyphort co-founder Fengmin Gong believes point-of-sale (PoS) malware has been so impactful this year for three main reasons: retailers have been slow to shore up their defenses; Backoff and its derivatives were quickly adopted by cyber-criminals; and publicity about retail breaches has called attention to the effectiveness of PoS malware.

"There definitely is growing awareness [of PoS malware], pressure from compliance, reputation, threatened law suit, and probably more importantly, top executives losing their jobs," he said. "However, the gap is the practical know-how that prevents them from implementing effective protection."

Recently, security firm Damballa noted that detections of the Backoff malware jumped 57 percent from August to September. During the month of September alone, Backoff infections increased 27 percent.

Among the breaches tied to Backoff is the attack on UPS, according to the Cyphort report. In the report, the firm notes that unlike BlackPOS and FrameworkPOS, Backoff is not oriented toward specific victims. Instead, it is built to operate on random PoS machines, listens to a command and control server and is independent of the retailer’s local infrastructure.

"Backoff is the most sophisticated…mainly because it’s designed to attack a broad spectrum of POS systems, it’s designed with all the modern malware armoring techniques, from protection layers to frustrate static analyses to the behavior armoring to evade simple sandboxing," Gong said. "Since our blog on September 19 and the special report, we have seen more reports, e.g. from both US Secret Service Alerts and Fortinet blog on November 3, pointing to Backoff infections. It appears that Backoff is either sold or shared through a form of SDK (software development kit) by multiple groups. Newer advanced versions are being produced and deployed in new campaigns."

FramworkPOS and BlackPOS, on the other hand, are like off-the-shelf software and are tailored specifically for dedicated targets, the report explains.

"They are most likely not from the same authors but FrameworkPOS leaves the strong impression of a copycat attack after former POS malware incidents," according to the report. "Basic principles and ideas are identical, as of creating a service, scanning chunks of memory, pushing data to a local SMB server and hiding the data in a fake binary file in system root. Still, the implementation methods look very different. FrameworkPOS is very linear, no multi-threading is performed and the data exfiltration is controlled by time intervals rather than coordinated by two threads. Also, FrameworkPOS scans multiple processes, while BlackPOS limits itself to the pos.exe process of the infected POS device. Interestingly, all three families show slightly different memory scraping methods."

Cyphort recommends retailers take a number of steps to improve PoS security, including eliminating unnecessary system capabilities to limit a potential intruder and designing a security baseline that accounts for the complete attack lifecycle hackers have to fulfill to infect a system.

The full report is available online in PDF format.

Share

Posted in: Company News

Leave a Comment (0) →
Page 1 of 2 12
Real Time Web Analytics