Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sentinel Event Calendar Update
Sentinel regularly hosts events for our customers at various locations across the country. It provides us an opportunity to establish a closer and more personal relationship with those in attendance, and lend our unique expertise to highlight new and emerging technologies designed to optimize and protect the way you do business. We have a handful of fun and educational events coming up over the next month, and want to make sure you are aware of them. Please visit the individual event pages to RSVP and learn more!
**Thursday, March 23rd**
Join Sentinel and Cisco at Fleming’s Prime Steakhouse & Wine Bar in Las Vegas for a special lunch and learn focused on next generation security. As cyber-attacks continue to grow in frequency and sophistication, it is more important than ever to have a complete defense strategy in place to monitor, protect and remediate against them. Our experts will explain the best ways to defend your business before, during and after an attack, as well as showcase the innovative security provided by Cisco Umbrella. Click here to RSVP.
**Friday, March 24th**
Learn all about the latest data protection strategies and take part in a wild indoor skydiving adventure at this fun event hosted by Sentinel’s Phoenix office. Our partners from Veeam, APC and Nimble will be on hand at iFly Phoenix to discuss the best ways to keep your data safe, your business compliant and your end users productive yet secure. Following the presentation, attendees will have the opportunity to experience the thrill and rush of skydiving without ever having to jump out of a plane. Click here to RSVP.
**Thursday, March 30th**
Hyperconvergence is an innovative solution that unifies a variety of physical and virtual technologies so businesses can more easily adjust their data center resources and promote growth, productivity, and mobility. Sentinel and Cisco are hosting a lunch and learn presentation at our Downers Grove, IL headquarters focused on how hyperconvergence can redefine your data center and enhance your organization. Those in attendance will also be able to participate in an interactive demonstration of Cisco HyperFlex. Click here to RSVP.
**Tuesday, April 4th**
Sentinel’s downtown Chicago office is holding a special lunch and learn with Cisco to discuss the latest innovations in cyber security to keep your business safe. 95% of large companies are targeted by malicious traffic, and 100% of organizations have interacted with web sites that host malware. The better you’re able to defend your enterprise network and infrastructure from attack, the lower the possibility of a breach that results in a significant loss of data, money and reputation. Our experts will explain simple ways to add layers of protection without creating additional complexity. Click here to RSVP.
**Thursday, April 13th**
If you are unable to attend one of Sentinel’s events in person, we are hosting a webinar on the morning of April 13th that is focused on security and our Security Operations Center (SOC). It offers advanced, proactive security protection options for on premise, cloud and distributed business environments. Your security infrastructure is monitored 24x7x365 in combination with security incident and event management as well as intrusion detection. This webinar will be led by Sentinel CTO Robert Keblusek and should last about an hour. Click here to register.
**Friday, April 21st**
Sentinel CTO Robert Keblusek will be at Chinook Tavern in Denver for a very special lunch and learn about next generation security. Learn about the latest methods attackers are utilizing to breach your network and steal critical data, talk about your current challenges, and get advice on ways to keep your business safe. Mr. Keblusek will review Sentinel’s SecuritySelect solutions, with an emphasis on our Security as a Service and Security Operations Center offerings. Following the presentation there will be a roundtable discussion to answer any questions and dive even deeper into the state of business security today. Click here to RSVP.
A Closer Look at Sentinel's Accounting Department
By Gail Bianucci and Kathryn Lipps
The Sentinel Accounting Department processes and manages the transactions for products, solutions and services purchased by our customers. It may seem simple or straightforward in theory, but the reality is a bit more complicated. No two customers or solutions are alike, so our processes are different for each one.
The core of our activities are handled through the Sentinel Transaction System (STS), within which all sales or deals are entered. The STS supports all receivable and payable functions in conjunction with our corporate software system. A typical day for the Accounts Receivable (AR) team begins with a morning email generated by the STS system that displays all newly created sales agreements. Each deal is closely reviewed and verified before it is approved for purchasing with special note indicating the sales type, site location, contractual terms that will determine the invoicing schedule, and any unique or specific instructions requested by the customer. Daily AR tasks also include updating deal shipment status, Project Change Requests (PCRs), and assisting customers with additional invoice information as needed.
Billing for online store orders, equipment/licensing only deals, HANS agreements, and time & materials (T&M) professional services are processed daily, however the majority of invoicing activity culminates during the last week of each month. Recurring services for maintenance, monitoring, cloud, WebEx, consulting, onsite engineering, and projects all invoice during this time, which requires coordination and communication with various departments. For example, when preparing project invoicing, our team utilizes several reports from the EPMO and distribution department to gather information regarding the project status for equipment in staging and professional services, which allows us to generate accurate and timely billing amounts for each project phase.
The Accounts Payable (AP) team manages and processes vendor/supplier invoice approval and settlement, bank statements reconciliation, and inventory tracking. Daily AP tasks include responding to vendor/supplier inquiries, processing payments, and verifying expenses. This team also communicates and coordinates with various departments through reporting tools.
The accounting department supports all ten nationwide Sentinel Technologies locations with diverse customers who have diverse needs. As a result, our responsibilities and processes are constantly evolving, producing a dynamic that is fast-paced and creative. There’s rarely a dull moment!
A Closer Look at Sentinel's Technology Repair Services
By Paul Rybka, Terry Mitchell and Tom Hill, Sentinel Bench Repair Technicians
Everybody with a computer is familiar with that moment of panic when a hard drive crashes or a monitor goes blank. If you work in business, it tends to feel like that always happens at the most inopportune time, like when a deadline is approaching or a project is just about finished. Since nearly every individual today is armed with a computer or mobile device where so much valuable information is stored, the loss of critical data and functions can have a significant impact on our lives.
The very nature of electronics repair, with its extraordinary rate of technological development, creates a constant need for technicians to update and advise customers on computer-related issues. Sentinel’s core strength lies in our team of certified, highly trained and experienced electronics and computer technicians. We are fully prepared to handle maintenance and repair needs for any technology product, as our skills extend to a wide variety of niche areas and continue to expand as innovations and changes occur throughout the industry.
As long as physical electronics such as computers and mobile devices exist, there will always be a need for them to be repaired, serviced or installed. Sentinel understands this better than anybody, since we were founded in 1982 as a maintenance and technology repair company. While our portfolio of offerings has grown exponentially over the years, those original services remain available today to our customers. Please contact us if you would like to learn more about our maintenance and repair services.
Five Simple Infrastructure Management Tips
By Ted Joffs, IT Solutions Team Lead
As an IT solutions specialist and team lead at Sentinel, I work with a wide variety of products and systems – some ancient, some newer, some cutting edge. While each project is a unique adventure and learning experience, I’ve noticed that many businesses facing issues often share similar symptoms that could easily have been prevented had they followed a few basic steps to properly safeguard and maintain their infrastructure. Here are five easy ways to extend the life and safety of your system:
1) If you are still running any version of Microsoft Exchange older than 2010, you need to upgrade immediately. Not tomorrow, not in 15 minutes, right now. Microsoft has stopped all support for pre-2010 versions of Exchange, meaning your servers are not protected from any new or emerging security threats. Critical data and key systems are at risk, so don’t wait to upgrade until it’s too late!
2) Your Active Directory is your company’s lifeblood. Data is important, but if you can't get to it because your AD is not replicating, fails, or is older than molasses, you will wish you had kept it up-to-date. At the very least I’d recommend running a "dcdiag" once a month to check for and correct any AD errors so things continue to run smoothly.
3) If your hypervisor is more than two versions back, no matter what you’re using – VMware, Hyper-V, Xen/XenServer, VirtualBox, or something completely custom – keep it updated! Hypervisor functionality, OS support, VM versions, virtual hardware, etc. all develop and change quickly, so you should too.
4) If you own a storage array such as a NAS, SAN, Filer, or FreeNAS JBOD and you aren’t currently monitoring it, you need to address that ASAP Like stop reading and get a monitoring platform right now. Storage monitoring provides important insight and visibility into utilization and application layers, as well as issues alerts when encountering thresholds or bottlenecks.
5) If you are a manager, director, VP, C-Level, or even an owner and one of your employees recommends something like buying more SAN or upgrading a particular component, you should probably hear them out. They probably wouldn’t make such a suggestion without a valid reason.
The common theme in these tips is to make sure that the key components of your company’s infrastructure remain up-to-date and carefully monitored. That might seem like a no brainer to most people, but you’d be surprised at how often these things slip through the cracks during day-to-day operations. If your IT department is under-staffed or you would simply like more time to focus on growth and innovation, Sentinel offers a variety of proactive maintenance and support services that will monitor, update and repair critical portions of your infrastructure. Please contact us for additional information.
Q & A on Hyperconvergence
Last week at our Downers Grove headquarters, Sentinel held a special lunch & learn event highlighting the benefits of hyperconvergence. The customers in attendance enjoyed a presentation from Sentinel experts and also had the opportunity to engage with a live demonstration of Cisco Hyperflex. In case you missed this highly informative and entertaining session, we’re hosting another one on March 30th in our Business Solution Center. We hope you can join us! As a preview of what to expect, here is a brief Q&A on hyperconvergence from Sentinel Solutions Architect Geoff Woodhouse:
**If you’re starting out with nothing and want to venture into the hyperconverged space, what would you recommend doing first?**
At the very least, start with a 3 node with 2 fabric interconnects system and build up from there. Sentinel can work with you to determine what exactly you need. Sizing can be a little tricky because we’ve got to know what your workload is like, what are your metrics, CPU, memory, how many IOPS and other kinds of things. After we have that information we can make a recommendation that’s best for your particular business.
**What’s the best path if you have a hybrid solution and want to eventually adopt Hyperflex?**
We’ve had people want to install Hyperflex to replace a storage area network (SAN) but keep their blades. In that case we would typically recommend something like a middle-of-the-road processor with a lot of disk. So for example you’d get 3 nodes with 30 TB and allow them to function like a new SAN as we migrate off your current blades. You can move the workloads on there or pick up another node as needed, whatever you’d like to do.
If you wanted to, you could buy a simple SAN with a CPU and continue to use your current blades to do the workload. But at some point down the road you’ll have to get a new SAN and will be forced to do a SAN migration, which will result in a temporary outage and other inconveniences. With Hyperflex, you just add a node and you’ve instantly have more storage. Any old nodes that you don’t need any more can be taken away from the cluster, and the Hyperflex software will move everything around without any problem.
**If you have multiple Hyperflex clusters, can data be replicated between them?**
You could create a hot site and use Site Recovery Manager, which is part of the VMware suite of tools. Hyperflex is just the guts underneath. Therefore, you could do something like SAN to SAN copy, but generally if you have VMware and you want to develop a hot site, I’d recommend Site Recovery Manager.
The challenge is that if you don’t have or want a hot site, then you’ll have to take the data and store it somewhere like a data domain or compress it with Veeam before you can send it to a backup site, cloud or anywhere else. So it all depends on how important that data is. If you’re looking for a real-time, five-minute difference kind of RTO/RPO for your DR site, that’s where a hot site is essential. If a 4-hour to 24-hours RTO/RPO is fine, then maybe our cloud would be an option for you. You can send it off there, and if you do have a disaster, you can call us. This way you can save the cost of buying a second set of hardware hoping you’ll never have to use it.
Ways to Reduce Human Error in Cybersecurity
By Ben Piorkowski, Sentinel Sales Executive
Recent studies affirm that human error contributes to at least 95% of all cybersecurity threats and breaches. Therefore, it is absolutely crucial for an organization to not only stay on the cutting edge of technology tools, but be willing to adopt a stronger and stricter company culture in order to actually maximize their cybersecurity investment as well.
Many people in the industry understand that having a good firewall, having antivirus and malware protection installed, not clicking on suspicious emails, keeping systems up to date, and using strong passwords all play critical roles in keeping data secure. What it ultimately comes down to however is effective execution and the adoption of a comprehensive and multifaceted cybersecurity strategy that is continually monitored and reinforced. The following principles are important cultural guidelines to help implement and maintain the technologies and procedures essential to protecting your company’s critical data.
Establishing a culture of integrity is of utmost importance to maintaining the security of your data. All employees and shareholders need to have a very clear understanding of what is acceptable and unacceptable, along with a known process to identify sins of commission or slips in protocol so any errors can be eliminated right away. People should report problems immediately so as to avoid lengthy and costly investigations later on or to avoid an emergency entirely. A large part of this is also personal accountability – being willing to accept and admit when a mistake has been made.
**Depth of Knowledge**
Having depth of knowledge starts with having top notch talent. Any employees who have access to company data need to have some basic understanding of how these systems work. The more advanced or high risk the system, the greater their knowledge should be. This means understanding how a system works, its potential vulnerabilities, and the procedures on what to do in every circumstance. If they really know the system, they will be able to recognize problems early on, know how to deal with them and when to report them. This is why attracting top talent and thorough training is crucial.
Passing industry audits is a necessity, but in addition to simply being at the industry standard, everyone in your organization should know where to find operational policies and follow them to the letter. This is particularly important for critical systems and company data. They also need to be able to recognize when new policies are needed. Taking the time to write policies and procedures for the various layers and positions within the organization can help greatly. Another way an organization can maximize compliance is through periodic inspections such as written tests, interviews, observations, and responses to fake emergencies.
Closely monitor any critical or high risk system being worked on by senior personnel. In most complex systems it is prudent to require two people to work on it so you don’t create the dreaded “single point of failure.”
**A Questioning Attitude**
This can be counterintuitive in any rank-structure organization, however, this mindset can be invaluable. It is important that people know it is okay to listen to their internal alarm bells, search for the causes of problems and immediately take steps to solve them (according to specified policies and procedures). These people will then double and triple check processes and be very thorough.
**Formality in Communication**
Those giving instructions should state their orders clearly and have subordinates repeat steps back verbatim. This establishes an appropriate gravity for each procedure by the eliminating small talk and personal familiarity that can lead to inattention, assumptions, slip ups, etc.
IBM sponsors the “Cost of Data Breach Study”, which is a gold-standard security research study independently conducted by Ponemon Institute. The 2016 study found the average consolidated total cost of a data breach grew in the last year from $3.8 million to $4 million. In a separate study, Cisco cites the average loss of value to a brand after a security breach is now a staggering 31%, doubling over the past five years from $184 million in 2011 to $332 million in 2016:
So it’s more important than ever for corporate leadership to have tough conversations about the importance of investing in cybersecurity as well as effective training and change management. Breaches almost always occur when one or more of these principles are broken. Embed all of these in daily lives of all your employees and the difference will pay off exponentially.
Sentinel’s SecuritySelect offers the complete security solution for your organization, including employee and manager training to significantly reduce the possibility of breaches due to human error. Please contact us for more information.
An Introduction to the Sentinel Online Store
By Jason Golba, Sentinel E-Commerce Specialist
The Sentinel store is an online portal that provides customers with access to more than half a million of our product and solution offerings. If you’re looking to place a smaller technology order, the store is a quick and easy way to do that without having to engage with your Sentinel sales representative. You can browse our extensive selection and inventory, and our dedicated store team is available to answer any questions and offer support as needed.
Just like any online retailer, it’s simple to make a purchase using the Sentinel store. Say you want to buy an additional headset and a couple of switches for your environment. Start by visiting store.sentinel.com. Menu bars on the left and right side of the page enable you to view products by category or sort by specific brand/manufacturer. Of course you can always use the search bar at the top of the page to find something using keywords or a manufacturer part number. All search results display the product list price, sell price, part number and amount in stock. Clicking on a specific product brings up additional information, including descriptions and technical specifications to help ensure it will work in your particular environment.
An account is required to buy or save any items. We make it easy to create an account, log in or recover a forgotten password. Once you have decided on a product, you can select the quantity and add it to your cart. If you are not ready to make a purchase at the time or want to remember it for later, you can also save it to your account favorites. After an order is placed, the Sentinel team will process, pack and ship your items to you in a timely fashion. Express shipping is available at an additional cost.
If you need any assistance with the Sentinel store, please don’t hesitate to contact us. Our team is highly knowledgeable and more than happy to provide support. We also have a Help Center, which contains answers to frequently asked questions. The store is just one more convenient way Sentinel is able to deliver industry-leading technology solutions to your business at an affordable rate.
Reflections on Sentinel's Technology Summit 2017
On January 17th, Sentinel Technologies held a Technology Summit. The event took place in the O’Hare Room at Cisco headquarters in Rosemont, and featured some of Sentinel’s subject matter experts giving presentations and taking questions from customers on a wide variety of IT topics including security, data center and collaboration. If you were able to attend, we thank you and sincerely hope you found it to be an informative and entertaining afternoon. For those unable to make it, our presenters have offered some reflections and highlights from the day:
Robert Keblusek – Chief Technical Officer
First of all, I appreciate the time investment our customers made in Sentinel by spending an afternoon with us at the Technology Summit. I hope they felt it was valuable and would consider it again in the future.
My hope would be that everyone came away with the understanding that security is not a product, but an ongoing program with key performance indicators that can greatly improve an organization’s risk footprint. While Sentinel has industry best security products and threat intelligence that work together to protect an organization, the overall program and alignment with our framework is critical to its success. Also, our Security as a Service (SECaaS) and Security Operations Center (SOC) services give customers a world-class security organization available to them 24x7x365 with extremely fast engagement and constant monitoring. We not only have indicators of compromise that reduce the time to detection and time to protect, but also provide measurable results while offloading the workload with fully managed or hybrid managed options.
I was surprised that most customers didn’t feel their current security program was sufficient, but also pleased that they identified this area as a need. Security is an ongoing program. Many customers have very little visibility and are not getting the most out of existing investments. It isn’t always about selling a product to “fix” security, often it is about identifying a program, getting the most out of current investments and adding elements needed over time. I was also very thankful for some of the customer interactions highlighting the use of one of our offerings as part of their own vendor risk management program. It was wonderful to have a customer speak to what I was presenting in action and recommend its value to others.
Security has many components that add different value in different environments and situations. Due to time constraints, I wasn’t able to cover how our security operations can bring best practices and processes to an organization. We can integrate it with existing business processes and create a strong hybrid IT experience. I hope my presentation encouraged each participant to think about their next security steps and go deeper into areas specific to their organization’s needs. We’re always available to talk through more specifics, demonstrate solutions in action or even move to some proof of value engagements. I would also like to remind customers that Sentinel offers a NIST alignment workshop as well as breach assessment workshops at no charge, in case you’re unsure of where to start. Please reach out to us if you’d like more information.
Adam Bertram – Advanced Strategic Solutions Advisor
After getting a chance to connect with some of our current and future customers at the Technology Summit, it was clear that many understood the importance of having a detailed strategy when it comes to deploying next-generation collaboration solutions in your environment. Don’t forget about the user experience! We often only get one shot at getting it right with users, so understanding your audience and the multiple modalities through which they will consume collaboration features is crucial to developing a successful deployment.
Organizations are going to need to cater to the next generation of users who will demand the ability to work effectively from anywhere in the world, on any device, and with the same capabilities as their peers. In order to support these demands, organizations will need to build a scalable environment that enables rich, premise-based features as well as effortless roaming for voice, video, and meeting services such as those found in Cisco Spark Hybrid Services with Cisco Unified Communications Manager. The good news is that we are heading into an era where cloud-native solutions will support these features along with rapid provisioning and administration, yet still allow for legacy integrations that will still exist in many environments as they make the transition. It’s an exciting time for collaboration as we figure out how to refine and enhance our daily activities to squeeze out even more productivity from key technology investments.
Geoff Woodhouse – Solutions Architect
My biggest takeaway from the Tech Summit was that the hyperconverged market continues to grow in a very fast and meaningful way. It dramatically simplifies purchasing storage, server, and networking components. It also simplifies administration of the entire environment. For this technology to be successful however, it is important for customers to understand that they may need to change or rethink certain processes and strategies for their IT department.
Typically, organizations have a certain amount of money allocated for IT components, so for example administrators may purchase storage one year, servers the next year, and networking the year after that. Hyperconverged solutions operate a bit differently, which is why critical processes and resources require adjustment. Will the VMware admin, SAN admin, or networking admin be in charge of the appliance? Since the appliance has the ability to be upgraded in small increments, is the customer prepared to make small server, storage, or networking purchases every 6 months? Once these internal issues have been ironed out, the hyperconverged technology can be implemented with success in any environment.
The Rundown on Runbook
By Chris Folland, Sentinel Senior Business Consultant
**What is a Runbook?**
In computer systems, networks, and operations, a Runbook is a set of defined IT procedures developed by administrators to perform day-to-day operational tasks and respond to emergency situations. It’s automation also speeds recovery in the event of a system shutdown.
The Runbook should contain all the information that IT staff would need to perform daily operations and deal with any problems that may arise during usage from the operational system or network.
Typically, a Runbook is divided into routine automated processes and routine manual processes, and contains procedures to begin, stop, supervise, and debug the system. It may also describe procedures for handling special requests and contingencies. An effective Runbook allows other operators with prerequisite expertise to effectively manage and troubleshoot a system.
The evolution of a Runbook is automation, where these processes can be carried out using software tools in a predetermined manner.
Runbook Automation (RBA) is the ability to define, build, orchestrate, manage, and report on workflows that support system and network operational processes. A runbook workflow can potentially interact with all types of infrastructure elements, such as applications, databases, and hardware.
According to Gartner, the growth of RBA has coincided with the need for executives to enhance IT operations efficiency measures. This includes reducing Mean Time to Repair (MTTR), increasing Mean Time Between Failures (MTBF), and automating the provisioning of IT resources. In addition, it is necessary to have the tools to implement best practices, increase the effectiveness of IT personnel, and report on how well the processes are executed in line with established policies and service levels.
**Why Businesses Need Runbooks**
Although organizations may have Standard Operating Procedures (SOPs) for various functions of IT, the Runbook is specific, with the goal to be consistent in performing a function or process so an element of the system can be restored quickly and without interruption.
**When and How Often Should a Runbook Be Updated?**
A Runbook must be tested and reviewed by peers before formal release to ensure it functions properly and according to specifications. It also requires regular maintenance to ensure it continues to operate smoothly, similar to how cars need periodic oil changes. When a disaster occurs, you need to be sure that the Runbook will expediently get your systems back online.
Change Control Management is a crucial element of IT operations, and as such needs to be linked with the Runbook. This allows items such as Microsoft Service Pack upgrades, patch upgrades to the operating system, additional memory, or larger disk capacity to be included in the Runbook architecture. Any change to the environment needs to be validated back to the Runbook.
As part of Sentinel Technologies’ Business Continuity and Disaster Recovery suite of assessments, we can not only offer Runbook assessments, but help you author the Runbook documents and provide it as a Managed Service. Please contact us or reach out to your Sentinel sales representative for more details.
A Data Engineer's Guide to Ransomware Protection
By Ted Joffs, Sentinel IT Solutions Team Lead
Your worst nightmare just happened: A popup on your computer screen appears, telling you that your data is being encrypted and that you have a certain number of days to pay if you ever want access to it again. It gets worse - every day you delay, chunks of your data are deleted. Scenarios like this are occurring with increased frequency across the globe. I have been on the outside helping to restore data, remove the threats, salvage business operations and prevent further damage. It has given me a unique perspective on ransomware.
We do have tools like Cisco AMP, which is a truly robust and state-of-the-art anti-malware system that integrates everything from firewall to endpoint with telemetry systems and response rates beyond anything else in the industry at a crazy fast 13 hours! However even Cisco will tell you that it is not possible to rely on prevention alone. That is why they embed their AMP endpoints into everything – it keeps watch for malware that may have slipped through during that 13-hour window. If you don’t have Cisco AMP, you could have a much longer response time window. The current industry average is 100 days.
So, how do you protect your data when something gets through? How do you guarantee the ability to recover and restore? Will you be ready when that popup box shows up?
This may seem obvious, but backups are critical to recovery. When your data is encrypted, there is a very strong chance you will not be able to recover it using decrypting tools, so having proper backups will help. So, what is a proper backup? I like Veeam Backup & Replication as it has some really handy features that can make it and its backups a little more resilient to malware.
+ Out of the box, it will back up its own configuration and repository data. If the Veeam Controller is infected, you have the ability to restore the Veeam system quickly.
+ It can replicate itself. In fact, you should replicate all critical data if you can. Having a secondary copy in another location can be handy – especially if you have non-real-time replication scheduled for the Controller.
+ It can back up to a variety of locations, including the cloud, to protect your data from afar.
+ You can backup to deduplication appliances such Dell EMC Data Domain, which uses protocols that are not typically prone to malware attacks.
If you don’t have Veeam you can still achieve some or all of this, it just may not be as easy. Either way, multi-location and multi-type backup/replication strategies are critical to protecting data.
How can snapshots help? If you are using snapshot inclusive storage such as EMC Unity or Nimble arrays, you can configure the snapshots with retention schedules to allow you to quickly roll the system back to a point in time BEFORE a malware attack. You might lose a few minutes or an hour of data, but it is much better than the alternative. If your storage network supports snapshots and you are not using them, set them up as soon as you can.
Patching is crucial. Without patching you are more vulnerable to ransomware and malware attacks. Typically, security patches for software are a free or low-cost measure to protect your systems. Yet they are often overlooked. Why? Usually it is a lack of a management system or personnel to perform the patching. This can be addressed with things like WSUS, Microsoft System Center, or VMware Update Manager. Use them.
**Control System Access**
This is more than making sure you have passwords for employees – it is often protecting employees from themselves. You can prevent the propagation of ransomware by investing in or making use of some of the following options to restrict access to data.
1. Grant read-only access. If ransomware can’t write, it can’t encrypt. Write access should be granted only as necessary. This applies to databases, file systems, servers, Active Directory, etc. You can use things like Microsoft Identity Manager to help control and automate that access.
2. Use Virtual Desktop Infrastructure (VDI) to your advantage. Create an air-gap of sorts between end user local systems and the critical systems. Lock down folder redirection and USB redirection. Both Citrix XenDesktop and VMware Horizon with View are great tools to use for this.
3. Use Group Policies to lock systems down. Is allowing users to set a screen background worth losing all your data?
4. Use things like Cisco ISE with posturing to ensure that only secure systems connect to the network.
Sentinel’s SecuritySelect has all of the products, solutions and services essential to preventing, responding to and recovering from ransomware and other attacks. As threats continue to evolve no solution will remain perfect, however having the right protections in place can go a long way toward keeping your business and data safe from harm. For more information on ransomware and Sentinel’s SecuritySelect offerings, please contact us.