Introduction

A utility company was having issues with business workflows and production that was impacting their business connectivity. After reviewing the current state of their network, Sentinel determined that unauthorized user(s) were accessing their system via a Citrix server. This could have occurred due to stolen credentials or a brute force login attack. This type of attack not only results in unauthorized access to data, apps, and other resources, but also serves as an entry point for further attacks.

The unauthorized access impacted the company’s current backups along with an encrypted SQL server. The attacker then executed malware to disable servers and encrypt file structures.

The utility company required assistance to determine the current state of their network, to stop and remediate the current attack, and to implement additional security measures that would help identify and prevent unauthorized access to their network via Citrix or any other method moving forward. Sentinel’s incident response team provided assistance to disable the unauthorized access to the company’s network and worked to remediate the environment to a state before the attack occurred based on the customer’s backups.

Incident Status

It was determined that attacker(s) gained remote access to the customer’s network via a Citrix server, then used credentials from three different domain admin accounts to access other portions of the environment. The attacker(s) deleted disk-to-disk backups, disabled terminal servers, encrypted SQL servers, and executed malware, all of which significantly impacted business workflow and production. Also during Sentinel’s network security review, it was discovered that several unauthorized remote logins to the company’s Veeam proxy server had occurred via the server administrator account and were used to access the backups and network.

Resolution / Remediation

Sentinel assisted with many areas of the incident response, including providing security recommendations, securing the environment, and contributing to restorative activities.

Sentinel’s Cyber Security Engineers (SCSE) started the process by disabling the affected Citrix server and all domain admin accounts, as well as blacklisting all .exe file types in Cisco AMP (Advance Malware Protection) to prevent the current situation from becoming worse. The current state of the network was reviewed to determine if there were are additional areas where the attacker(s) would be able to reenter the network. It was discovered that the Veeam proxy server had unauthorized administrator accounts for remote logins that granted access to the backups and to the company network. SCSE disabled all VPN access until new protection methods were in place to combat the unauthorized access to the network.

Once the network was secured and infected servers / workstations cleared of any viruses / malware, SCSE started the remediation of the damaged and compromised systems. SCSE discovered the only tape backups that had not been deleted were a couple of weeks old. SCSE rebuilt the Veeam proxy server since the server was compromised during the attack. Once the Veeam proxy server rebuild had been completed, the remaining compromised or damaged servers were restored using the available backup files.

SCSE deployed Cisco AMP for Endpoint on every server to help block / prevent malware at the point of entry. Cisco AMP was also deployed to gain visibility into file and executable-level activity so malware could be removed at this level.

SCSE deployed additional security measures throughout the customer’s environment to significantly improve protection, detection, and recovery capabilities.

SCSE started by working with the company’s IT team to harden the password requirements and reset all user passwords to meet these requirements. This provided an additional level of security, so in the event of another brute force attack these more complex passwords would be tougher and take much longer to crack.

SCSE also implemented Cisco Duo for multi-factor authentication. Duo requires users to confirm their identities before granting them access to corporate applications. Controls allow the company to make application access decisions based on the user’s identity and the trustworthiness of their device(s) rather than the networks from where access originates.

Cisco Identity Services Engine (ISE) was also deployed by the SCSE to provide identity access to switches, wireless, and VPN connections. The additional layer of security created by ISE enabled the organization to better determine which corporate issued or approved outside devices should have the ability to log in to the company’s private network and which ones should be restricted to the guest-only public Internet. SCSE also implemented additional ASA firewall rules to harden access to and from the Internet.

SCSE implemented Sentinel’s Backup as a Service (BaaS) to provide air gapped backups through Veeam. Sentinel’s BaaS enables organizations to efficiently protect, locate, and recover critical data across all types of environments and platforms so they can return to business quickly and with minimal disruption following a data loss event. Sentinel’s Security Operation Center (SOC) was also deployed to provide security monitoring and strategic security guidance. Sentinel’s 24x7x365 SOC keeps a close eye on the company’s critical infrastructure elements to ensure their sensitive data and applications remain protected and satisfy performance metrics.

Conclusion

The SCSE team was able to determine the state of the network during the attack and identify the penetration points used by the attacker(s). Sentinel engineers were able to disable the rogue access within the network and begin the remediation. Restoration was completed using the remaining stable backups as necessary, along with any additional updates required to secure the network. SCSE implemented multiple solutions designed to enhance the security within the network and VPN access. The final portion enabled off-site, air gapped backups to add an extra layer of security and allow for faster and easier restoration should the network become compromised again at some point in the future.

About Sentinel SecuritySelect™

Sentinel’s SecuritySelect™ offerings are designed to handle today’s complex business and IT landscape, closely engaging with your organization to develop and implement a comprehensive security strategy suited to your company’s unique needs. Our SecuritySelect™ portfolio includes:

     +Assessment and Prevention
     +Security as a Service (SECaaS) via Sentinel CloudSelect™
     +Security Operations Center (SOC) 24x7x365 Monitoring
     +Application Security
     +Identity Access & Endpoint Security
     +Network & Perimeter Security
     +Physical Security

If you are interested in learning more about Sentinel SecuritySelect™ and how we can help protect your environment, please contact us for additional information.

By Michael Soule, Sentinel Strategic Solutions Advisor

Recently, Sentinel Strategic Solutions Advisor Michael Soule wrote a lengthy, in-depth tutorial for the IT site Adam the Automator surrounding the challenges involved with managing certificates through Microsoft Windows. It is more technical than what we typically feature on this blog and may not be easy for some people to understand, but we wanted to share an edited excerpt from it anyway in case anyone is interested in learning more. If this interests you, the full tutorial can be read here.

--

If you're a Windows system administrator, you might have been forced to work with certificates. Working with certificates in Windows is typically one of those extra hats a sysadmin has to take on. Certificates are notoriously complex and hard to understand, but my hope is that by the time you're done reading you'll realize that certificates aren't that scary in Windows!

Within Windows, all certificates exist in logical storage locations referred to as certificate stores. Certificate stores are "buckets" where Windows keeps all certificates that are currently installed and a certificate can be in more than one store.

Unfortunately, certificate stores are not the most intuitive concept with which to work. Each store is located in the Windows Registry and on the file system. When working with a certificate in a store, you are interfacing with the logical store; not directly modifying the registry or file system. This simpler manner lets you work with a single object while Windows takes care of how to represent that object on disk.

“You'll sometimes see certificate stores referred to as physical or logical stores. Physical stores reference the actual file system or registry location where the registry key(s) and/or file(s) are stored. Logical stores are dynamic references that reference one or more physical stores. Logical stores are much easier to work with than physical stores for most common use cases.”

Windows stores certificates in two different areas - a user and computer context. A certificate is placed in one of these two contexts depending on if the certificate should be used by a single user, multiple users, or the computer itself.

User Certificates

If you intend for a certificate to be used by a single user, then a user certificate store is ideal. This is the common use case for certificate-based authentication processes such as wired IEEE 802.1x.

User certificates are located within the current user's profile and are only logically mapped within that user's context. User certificates are "mapped" and are unique for each user, even on the same systems.

Computer Certificates

If a certificate will be used by all users on a computer or a system process, it should be placed inside of a store in the computer context. For example, if a certificate will be used on a web server to encrypt communication for all clients, placing a certificate in a store in the computer context would be ideal.

You'll see that a computer's certificate store is logically mapped for all user contexts. This allows for certificates in a computer certificate store to be used by all users, depending on the permissions configured for the private key.

Computer certificates are located in the Local Machine Registry hives and the Program Data folder. User certificates are located in the Current User Registry hives and the App Data folder.

PowerShell vs. the Windows Security Certificate Manager

Since certificates can be managed a few different ways in Windows, which one do you choose? Should you go the GUI (MMC) route or command-line with PowerShell?

First, consider the lifecycle of a certificate. If you only intend to install or remove a single certificate once, consider using the MMC. But if you're managing multiple certificates or find yourself performing the same task over and over again, the command-line route may be the way to go. Even if you don't know how to write PowerShell scripts, it'd be worth learning if you have many different certificates to manage.

Let's first take a look at how to discover the certificates installed on Windows using both the Certificate Manager and PowerShell.

Using the Windows Certificate Manager

To view certificates with the MMC, open up the Certificate Manager open your Start menu and type certmgr.msc. This will bring up the Windows Certificates MMC. This initial view will provide an overview of all the logical stores displayed in the left window.

Inspecting Attributes

There are many attributes of a certificate you can see when viewing them with the MMC. For example, you will likely want to select specific certificates.

The easiest way for you to accomplish this is by referencing the certificate's Serial Number or Thumbprint extension value. If the certificate was signed by a certificate authority (CA), it will have a serial number when issued. The Thumbprint is calculated every time the certificate is viewed.

One important feature to point out is embedded private keys. Certificates in Windows can also have a corresponding private key. These private keys are stored in corresponding physical stores as encrypted files.

To quickly distinguish a certificate with and without a corresponding private key, look at the certificate icon. In the MMC, if the icon simply looks like a piece of paper with a ribbon, there is no corresponding private key. If a certificate does have a private key, you will see a key in the MMC icon, and you will see a key at the bottom of the General tab when you open the certificate.

Using PowerShell

As with the MMC, you can view and manage certificates with PowerShell as well. Let's first inspect certificates in their physical stores (the registry and file system).

By Physical Store

Using the Get-ChildItem PowerShell cmdlet, you can enumerate all of the keys and values inside of the parent HKCU:\Software\Microsoft\SystemCertificates\CA\Certificates\ registry key path.

Each entry in the Registry hive you see will correspond to the Thumbprint of the certificate for a trusted CA and it's certificate in the corresponding property.

Another common store is the Personal store. Your certificates for this store are located on the file system rather than the Registry.

By Logical Store

Since working with certificates in their physical paths is uncommon, you will be working with the logical stores for the rest of the examples.

PowerShell can access Windows logical stores using the Cert: PSDrive. The Cert: PSDrive maps certificates to the physical stores much like the MMC does.

Unfortunately, the MMC and the Cert PSDrive do not label the logical stores the same.

--

If you are interested in reading the complete tutorial, along with examples, screenshots, and graphics, please click here. As evidenced by this excerpt, Sentinel can help your organization manage its certificates, or aid in demystifying the process so your IT team can handle it without much trouble. Please contact us if you would like additional information.

As the year comes to a close and everyone starts looking ahead to 2020, we wanted to take a brief moment to reflect on a few of the technology developments that helped shape 2019. The IT industry has come a long way in such a short time, and while in many respects we’re still talking about a lot of the same topics from year to year, there have still been plenty of noteworthy innovations that have showcased significant growth and positioned us for even greater achievements throughout the next decade. Here are five key technology highlights from 2019.

Hybrid Cloud and Multicloud

As organizations continued to shift more of their infrastructure into the cloud this year, they quickly discovered that not all clouds are created equal. The connectivity, user access control, activity logging and monitoring, automation services, application offerings, and pricing all varied widely depending on the provider. Amazon Web Services (AWS) and Microsoft Azure remained the two most prevalent public cloud offerings, and many businesses chose to invest in both as they satisfied different needs. The resulting hybrid and multicloud environments helped most of these organizations increase their agility and efficiency while keeping costs to a minimum.

Meraki Cameras

This year the folks at Cisco Meraki released their most advanced security cameras to date: cloud-hosted devices that consume only a fraction of the network bandwidth of most other security cameras. They’re easy to install and manage too, with a secure dashboard tool that allows users to stream footage, adjust quality settings, quickly jump to specific times, identify motion events in user-defined areas, and share videos as needed. There are also advanced analytics tools that enable organizations to learn more about the environments the cameras are monitoring, including traffic flows and secure area entrances. Since they can only be accessed by Meraki dashboard administrators, these cameras also can’t be hacked by outsiders. If you’re curious about how the Meraki Cameras will operate in your environment, ask your Sentinel rep to send you a few to test out!

Safer Schools and Workplaces

When an emergency occurs at your office or school that puts your safety and/or the safety of others at risk, what do you do? Is there a system in place to let employees, visitors, and students know what’s happening? Sentinel began offering a number of different mass notification devices and systems this year, designed to help raise public awareness and contact emergency personnel during dangerous events such as severe weather, medical emergencies, lockdowns, and intruder alerts. The goal is to use audio and visual elements including panic buttons, video surveillance systems, phone systems, strobe lights, digital signage, overhead speakers, and text messages to keep people safe and informed about a particular situation.

Tetration

Security continues to be an extremely hot topic, and one of the most talked about pieces of that particular puzzle this year has been tetration. In case you’re not familiar, tetration provides workload protection for data centers, cloud, and multicloud environments through the use of segmentation. It gives IT departments greater visibility throughout their infrastructure, enabling them to reduce the attack surface, detect software vulnerabilities, and identify security incidents faster. Things like application dependency and mapping tools help identify which workflows are talking to which servers, which also proves quite useful for troubleshooting purposes. Tetration also offers insight into a number of other areas: What process owns what port? What is the root cause of a specific network communication? Who installed that software? Why is that software running there? What is that software’s purpose? Does this process need to be talking to this server? These are the sorts of things that can start a discussion and lead to network and infrastructure improvements. If nothing else, tetration is useful as a tool to better understand what is happening inside your organization.

SD-WAN

One of the biggest and arguably most important developments of 2019 was the sharp increase in the number of organizations deploying software-defined wide-area networks (SD-WAN) into their environments. SD-WAN creates a common network infrastructure that has security, multipathing, resiliency, and redundancy all built into it, so that way you’re properly routing your network and your traffic to different areas of the cloud. In the near future we’ll likely have cloud, core, and edge infrastructures all interlinking with each other, and SD-WAN will function as the plumbing for that. The main benefit of SD-WAN for most organizations is going to be network redundancy, along with using the transport layer however they want. The best SD-WAN solutions reduce the cost of expensive circuits such as MPLS, use direct internet access at the edge to enable technology at small or remote offices, and bring those things together so your network connectivity, from your end user to your core data center to your cloud service, remains highly secure. So SD-WAN is really the marriage of not only your traditional routing and VPN services across your WAN and end users, but it also incorporates security into that model too. It takes an overlay, puts it across the wide area network, and makes sure that everything routes and functions properly through automated and orchestrated means.

If your organization has yet to embrace some (or all) of these technology highlights, don’t worry! Everyone moves at a different pace based around need and budget. Plus, what’s right for one organization might not be right for another. Talk with your Sentinel rep about your business goals, and we’ll work with you to find the right IT solutions and services to achieve them. As always, feel free to contact us for more information. Thanks to our customers and employees for a wonderful 2019! We can’t wait to continue this technology journey with you in 2020 and beyond!

We’re once again deep into the holiday season, and if you’re still on the hunt for some fun and smart gifts to give friends and family this year, allow Sentinel to help you out with a few smart, technology-focused ideas designed to enhance the lives of anyone who receives them. These cover a variety of different categories and price points, so hopefully you can find something for everyone on your list!

The Mirror [$1,495]

It’s always a little tricky when giving anything fitness-related as a gift. Unless you’re a woman in a Peloton commercial, most people don’t like gifts that imply they need to get into better shape. Of course it’s a different story if they ask for equipment to help them exercise. As one of the latest innovations in fitness, The Mirror provides much more than a simple reflective surface you can stare at and check your outfit or makeup. It’s a home gym disguised as a traditional mirror. You can take a wide variety of classes (yoga, kickboxing, weight training, cardio, barre, etc.) with certified expert trainers either live or on demand, with customized adjustments and tips provided based on your own set of goals and preferences. It connects to Spotify for custom playlists, and can sync with Bluetooth heart monitors such as the Apple Watch to track your heart rate. The Mirror also provides performance metrics to keep an eye on personal improvements and help you achieve certain benchmarks. Yes, it’s an expensive piece of equipment, but the price reflects the level of features provided.

goTenna Mesh Off-Grid Devices [$125 for two]

If you know someone who loves to travel or regularly spends time outdoors hiking or camping, they could probably benefit from devices that enable them to stay connected just about anywhere in the world. Mesh Off-Grid devices connect to your smartphone and provide GPS location details as well as the ability to send encrypted chat/text messages to any other Mesh devices within a four mile radius. It can also send out public emergency alerts to any smartphones in the area should the situation require it. It’s a perfect way to stay connected in areas where cell service is unreliable or nonexistent, or to avoid roaming/international data charges when traveling abroad. The devices also include access to the goTenna app, which features detailed offline maps of any region in the world just in case you happen to get lost.

Neo Smartpen M1 with Transcribing Notebook [$115]

Blur the lines between analog and digital with a smartpen able to convert your handwriting and drawings into data you can download, edit, and share through all of your devices. The Neo Smartpen M1 works exactly like a normal pen, so you can take notes in meetings or jot down ideas onto a pad of paper whenever the mood should strike you. Using an internal memory card, the smartpen keeps track of every stroke and scribble up to 1,000 size A4 pages, which can then be sent to a phone, tablet, or laptop exactly as they appear on the page via the Neo Notes app. The app can also convert your handwriting to plain text, though you may need to make some minor corrections if the program has trouble deciphering your particular brand of chicken scratch. From there, notes can be edited and shared with others through common services such as Microsoft OneNote, Adobe Cloud, and Google Drive.

Hidrate Spark 3 Smart Water Bottle [$60]

Most doctors advise people to drink anywhere from six to eight 8-ounce glasses of water every day. That’s a lot of water, but essential to our survival as dehydration can leave you sluggish and create a whole host of other problems in the human body. Unfortunately a majority of people don’t quite reach the recommended daily water consumption benchmark, though it’s not for lack of effort. Days get busy, and taking regular sips from a water bottle might not be the first thing on our minds. That’s where the Hidrate Spark 3 Smart Water Bottle comes in. You fill it with water, connect it to your smartphone via Bluetooth, and keep track of exactly how much you’re drinking. Set hydration goals for yourself with the free hydration app, compete with friends and co-workers to see who can drink the most water, and receive push notification reminders encouraging you to take a sip periodically throughout the day. Oh, and it also glows to show you the water level as well as occasionally blinks to catch your attention when it’s time for a drink. You can even sync it to most fitness apps so your hydration goals can properly adjust based on your activity levels throughout the day. If you know someone who wants to drink more water but struggles to do so, this might be the perfect gift for them!

Wyze Cam Pan [$35]

While Cisco’s Meraki Cameras might be an ideal choice to keep an eye on secure areas of your business, they’re probably not the right fit for personal use around the house. That would be the equivalent of using a flamethrower to light a birthday cake candle. Thankfully there are plenty of high quality and affordable home security cameras available to help protect all types of rooms and indoor areas. Developed by former Amazon employees, the Wyze Cam Pan offers a compact security camera with the ability to pan, tilt, and zoom in 1080p HD video. Users can live stream video from anywhere through their smartphones, and even talk to others through two-way audio. The camera also has infrared night vision up to 30 feet, plus motion and sound detectors so it only records when there’s action. You can set the camera to send push notifications to your phone in certain situations, and can control certain features using a voice assistant such as Alexa or Google. All video is stored for free in the cloud for 14 days, or owners have the option of buying a separate MicroSD card to save video that way. Basically, this camera is packed with all of the advanced settings and security features you could want in an easy-to-use and inexpensive package.

Of course if your company is interested in picking up something nice to enhance technology across the organization, Sentinel would be more than happy to help make that holiday wish come true. Please contact us if you are interested in learning more!

Thanksgiving represents a time to reflect on the ways we have grown over the past year, and gratefully acknowledge the people, the events, the tools, and other factors that have helped us along the way. We have so much to be thankful for at Sentinel every single day – our customers, our partners, our employees, and beyond. It remains our greatest pleasure to work and collaborate with all of you in an effort to provide technology solutions and services that enhance the way business is conducted.

In honor of the Thanksgiving holiday, we asked Sentinel employees to highlight some of the things they’re most grateful for this year. We received a wide range of responses, and have been sharing many of them via Facebook, Twitter, Instagram and LinkedIn. Below are some of our favorites. Let us know what you’re #ThankfulFor via our social media channels!

Earlier this month, several members of Sentinel’s management team flew to Las Vegas for Cisco’s annual Partner Summit. This invite-only three-day conference gathers Cisco partners from around the globe for educational sessions, product announcements, and networking opportunities with Cisco executives and other industry thought leaders. While much of the focus revolves around the new and expanding slate of Cisco offerings, the ultimate purpose of the event is to highlight fresh ideas and trends throughout the IT industry. Here are a few highlights from this year’s Partner Summit.

Own Your Edge

The official tagline for this year’s Cisco Partner Summit was “Own Your Edge”. It was Cisco’s way of encouraging partners to further explore the things that make them special, and to focus on developing unique assets that will provide additional value to customers. Sentinel is proud to offer a number of different solutions and services that go well beyond the scope of our partners. They include (but are not limited to) 24x7x365 network and security monitoring through our NOC and SOC, Advisory Services to properly align technology with your environment, Managed Services to handle IT maintenance and updates, as well as comprehensive and highly attentive customer service. Our mission is to ensure your organization has all of the right technology and support throughout the entire lifecycle to achieve more and establish a pattern of strong growth.

Collaboration Tools

Cisco used the Partner Summit to make some announcements regarding new innovations and updates to their collaboration offerings. Webex Desk Pro is a 27-inch 4K monitor featuring an HD camera, premium sound system, and advanced noise-cancelling microphone. It seamlessly integrates with Webex Meetings for video conferencing, uses a dedicated stylus for digital whiteboarding that automatically saves to Webex Teams, includes advanced artificial intelligence (AI) for facial recognition and Webex Assistant, plus it can function as a primary monitor with USB-C ports and various touch sensitive capabilities.

In addition to Webex Desk Pro, Cisco revealed that Webex Calling will soon feature advanced calling options for users. The Unified Webex client will also begin to offer complete integration with applications and tools from Microsoft, Google, Apple, and other vendors as a way to improve the user experience across diverse types of environments. Cisco’s recent acquisition of Voicea will bring AI-assisted transcription and voice recognition technologies to the Webex platform as well.

Enterprise Networking and Data Center

As organizations continue to struggle with exponential increases in data usage and network demands, Cisco has started to place a greater emphasis on their Application Centric Infrastructure Anywhere (ACI Anywhere) multicloud solution. It’s designed to help manage complexity by enabling workloads to be easily deployed in any location and on any cloud. It’s an advanced yet cost-effective way to keep critical data flexible, available, and secure. This fits perfectly with Cisco’s recent focus on multi-domain controller architecture, which helps unify the many different types of networks utilized by many organizations today.

Software-defined networking (SD-WAN) also continues to attract a lot of attention today, which is one reason why Cisco is integrating AI and machine learning into their DNA platform. Considering the amount of data generated by your average enterprise network, these tools have the ability to analyze and resolve problems much faster than a traditional network engineer. It can also help arrange network issues by severity and the number of users/devices affected so administrators know where to devote their time and focus. Beyond that, machine learning can create a baseline for network activity, detailing common errors, abnormal user behavior, and performance metrics so it’s easier to make improvements. AI also connects with Cisco’s Worldwide Data Platform, which pools anonymous data from organizations of similar sizes and configurations to track and automatically fix common issues while offering suggestions for optimization and cost-saving opportunities.

Security

Security remains a hot topic throughout the IT industry, so it understandably played a large role at this year’s Partner Summit. Cisco announced they’re planning to simplify their approach security by making it easier to integrate individual protection products into a complete security solution. In other words, your business will require fewer Cisco security pieces to keep your network and data safe, and the ones you do have will be easier to adapt into diverse types of environments. The addition of analytics and automation will simplify Cisco’s security operations as well, reducing the number of alerts and alarms IT administrators have to deal with on a daily basis.

Cisco’s new Threat Response service aims to make the breach experience less painful for IT security teams. It pulls intelligence from an organization’s emails, endpoints, and firewalls to help create a better understanding of what kinds of threats are present across the entire environment. As Zero Trust becomes an industry standard, Cisco wants to take a more comprehensive approach to the concept rather than adding it to their individual offerings. Zero Trust is a security framework that requires verification when someone or something requests access to specific assets. In an effort to better protect the workforce, workloads, and workplace, adopting Zero Trust creates a set of policy-based controls that provide additional visibility into users, devices, and components within an environment. This means multi-factor authentication for users, tetration and segmentation of your workloads, and software-defined access (SD-Access) protection for all endpoints and IoT devices.

If you are interested in learning more about any of the trends, solutions, or services outlined at the 2019 Cisco Partner Summit, please contact Sentinel for more information.

Sentinel is proud to employ veterans and military families at our locations across the country. We are honored they have chosen to bring their valuable skills, knowledge, leadership, and passion to Sentinel. For Veterans Day this past Monday, we asked U.S. Marines Veteran and Sentinel Sales Executive Kyle Donnelly to share some reflections on his time serving and offer tips on ways to honor our men and women in uniform.

On November 10, the United States Marine Corps celebrated its 244th birthday. I was an active duty Marine for four short years of that long 244.  Every year on that date, I am flooded with the memories of my service which, even after 9 years, remains as fresh in my mind as ever.  It’s not just the memories, but also the lessons learned; the things that molded me and continue to mold the man I am today. 

I joined the Marines at a young age, and left for recruit training two days after my 18th birthday. There were an abundance of lessons learned while in the 13 weeks of recruit training, but one that did not stick right away was leadership. Being so young, I was more than happy to be a follower. The drill instructors seemed to be extra hard on the squad leaders and our platoon “guide,” so I was content with hanging in the shadows and merely following the orders passed down to me to avoid the extra attention.

It wasn’t until I was in the “fleet” that I learned the lesson of leadership. You see, contrary to popular belief, the Marines don’t want mindless drones who just follow orders with no thought. They want leaders; Marines who can make split-second decisions in stressful situations and then handle the consequence of that decision to achieve a successful outcome. In my young Marine career, I was guided by some great leaders, who pushed me to step up and fill that leadership role. They taught me how to stand up and be that figurehead people could look towards to make that split-second decision – to follow through, overcome and adapt. 

This was put to the test during my deployment in Afghanistan. I was a 20-year-old Marine who was a squad leader and vehicle commander for the rear security vehicle in a platoon. Every day, my decision making would have ripple effects that affected things much larger than I could understand. Honestly, everyone’s decisions over there did. When you are out on a mission, you don’t have time to call in every threat to the people in command. You have to make those split-second decisions based on what you were trained to do. You have to step up and be a leader, if only for yourself. 

The leadership skills I learned while serving have shaped my life after pretty profoundly. They’re also the type of skills that align perfectly with the Sentinel culture. Sentinel’s motto is “Always Leading”. Our customers trust us to always be in front of not only the latest technologies and industry trends, but also the latest threats. Our 24x7x365 Network Operations Center (NOC) and Security Operations Center (SOC) monitoring services teams have to make those split-second decisions on a daily basis on behalf of our customers. In the field, our engineers have to make those split-second decisions on behalf of the customer. And the customer has to place an incredible amount of trust in us to take care of their technology and security needs.

Furthermore, our customers don’t want us sitting around waiting for direction from them. Sentinel leads from the front with its expertise in all things IT. We don’t plan for tomorrow at Sentinel, we plan for the next year, the next 5 years, and the next decade. Our customers count on that guidance to stay on the path that will result in continued growth and achievement of their goals. This is a process that Sentinel has been developing and mastering since it was founded in 1982, through decades upon decades of combined experience from all of its leaders.  Everyone at Sentinel embodies that “Always Leading” mentality, and it makes me so proud to apply many of the foundational skills acquired from my time serving in new and interesting ways as part of this team.

Last month, several members of Sentinel’s Michigan team attended the annual MAEDS (Michigan Association for Educational Data Systems) fall conference hosted at the Shanty Creek Resort in Bellaire, Michigan. MAEDS is a non-profit organization that provides, promotes, encourages, advises and cooperates in the use of technology to support educational institutions and systems. The purpose of the conference is to gather teachers, school administrators, and technology vendors of all types to network with one another and learn more about the trends and advances being made within the education industry.

Presentations at MAEDS 2019 focused on a number of different topics, but primarily focused on three main areas:

     +Cloud Technologies – Google G-Suite Heath, AWS, Microsoft 365 and Microsoft Intune

     +Student Devices – Chromebooks in Education and One-to-One Initiatives

     +Cyber Security – Ransomware, Cyber Security, Stop the Breach and Hacking Demystified

Sentinel was proud to have our own booth at this year’s MAEDS conference, and we decorated it with a college football theme that included University of Michigan jerseys, game highlight videos, a nachos station, water bottles, and miniature football stress balls. The nachos were a big hit with conference attendees and helped draw a crowd to the Sentinel booth.

As people stopped by the Sentinel booth, members of our team engaged with them in lively discussions to learn more about their technology needs and interests, as well as how we might be able to help. Some areas of particular focus included:

An Overview of Sentinel – Many of the MAEDS attendees were aware of Sentinel but did not fully understand the breadth of our service offerings. We introduced those people to Sentinel by telling them about the comprehensive service offerings that make us unique, such as Managed Services, our 24x7x365 Network Operation Center (NOC), Sentinel CloudSelect and our Advisory Services.

Multi-Cloud Offerings – Quite a few people were pleasantly surprised to learn that Sentinel was up to speed on all the latest cloud technologies. We explained that Sentinel has a full collection of “as a service” cloud-based solutions available for public, private, hybrid, and multi-cloud environments, including (but not limited to) security, backup, disaster recovery, collaboration, and wireless. The Sentinel team also has certified experts equipped to work with mainstream cloud services such as Azure, AWS, and Google. Our Advisory Services can provide assessments, planning, and deployment of any cloud solutions to ensure they seamlessly integrate into any environment.

Cyber Security – A number of MAEDS participants voiced concerns about their ability to deploy and maintain a cyber security environment on their own. Many had suffered Ransomware attacks and data breaches in the past and worried about the possibility of it happening again. We told them that Sentinel had the ability to constantly monitor or augment their network protection through our Security Operations Center (SOC) service offering. Since a majority of breaches occur due to poorly trained staff, we also provided information on security training for employees and how it could be used to significantly reduce risk and breaches throughout the organization.

On behalf of Sentinel’s Michigan team, it was a pleasure to attend the 2019 MAEDS conference and spend three exciting days networking with attendees and learning more about how technology continues to improve the education industry as a whole. If you are interested in learning more about Sentinel’s solutions and services for all types of educational institutions, please contact us for more information.

Most of the time, we think of technology as a tool that can be used to enhance productivity and make our lives easier. Innovations seem to happen on a daily basis, and it’s exciting but can also be a bit challenging for your IT team to maintain a steady grip. Only adding to those challenges are the ever-evolving threats that seem to come from everywhere yet nowhere at the same time. While Sentinel likes to focus on all of the positive things industry-best technology and services can do for your organization, in honor of Halloween week we wanted to share a story that looks at the scary side of IT. So turn out all the lights, grab a snack to nervously much on, and take a few minutes to read this harrowing tale of technology terror!

Gone Phishin’

Tim loved his job. As an insurance agent, he was responsible for helping folks stay financially protected from all types of losses – such as medical expenses, car crashes, house fires, and …accidental deaths. He took comfort in the idea that the people who purchased policies from him were making a smart investment in their future, so they could more easily bounce back on one of the worst days of their lives. Unfortunately, he spent so much of his time focused on clients that he wasn’t fully prepared when a nightmare finally arrived at his doorstep. Or should I say inbox?

One cold and stormy weekday afternoon in late January, Tim received an email from his boss. “Xtra Vacation Days” was the subject line. He hadn’t heard anything about the company giving employees more vacation time, but was certainly eager to learn more. The body of the email contained a couple of minor spelling and grammatical errors, which seemed a little odd for an email that was reportedly sent out to the entire company, but those sorts of mistakes happened all the time. After all, they were an insurance company and not a news organization.

Near the bottom of the email there was a link to an external site where employees could log in with their corporate ID and verify that two extra days had been added to their vacation time allotment for the year. Tim diligently clicked the link and entered his corporate user ID and password at the login screen, but upon doing so was redirected to an error page saying the site was currently down and to check back again later.

After two more failed login attempts, Tim asked his co-worker Becky if she was able to access the site and confirm her two new vacation dates. Becky told Tim she had no idea what he was talking about. That seemed weird, so Tim went directly to his boss to talk about it. As a similarly quizzical look came across his boss’s face, Tim began to panic. If his boss hadn’t sent that email, who did? Also, does this mean he wasn’t getting two extra days of vacation?

Just as the company’s IT Director was being informed of the situation, the monitors and screens of every computer in the office turned to black. A skull then appeared, accompanied by a short message: “WE HAVE CONTROL OF YOUR NETWORK, DATA, AND BACKUPS. PAY US $100,000 OR LOSE IT FOREVER.” All users were locked out of their networked devices as the organization faced a terrifying Ransomware situation.

The insurance company that Tim worked for had strong security solutions in place to help stop attacks and prevent breaches, but unfortunately it couldn’t quite account for human error. A large number of cyber criminals use fake emails and other phishing scams in an attempt to trick people into clicking on malicious links or opening malicious attachments, and what happens as a result is certainly no treat. Organizations can take steps to prevent this by providing security training for employees. If everyone knows common tactics used in social engineering and phishing attempts, they can more easily spot and report them to the proper authorities, increasing the overall safety of the business. Think of it like an insurance policy for your security. Sentinel offers a number of different security training services, so please contact us for more information!

In case you weren’t already aware, October is National Cybersecurity Awareness Month. It’s the perfect time to examine the security posture of your organization and determine whether or not your IT team is doing everything necessary to ensure users and critical data remain safe from both external and internal threats. Personal accountability plays a large role in staying secure both in the workplace and at home, along with taking proactive steps to ensure end-to-end protection as attacks continue to evolve.

The overall theme of National Cybersecurity Awareness Month for 2019 is “OWN IT. SECURE IT. PROTECT IT.” There are a number of different ways both you and your organization can put this theme into practice not just this month but throughout the year. A great way to get started is by taking a closer look at what devices and applications you use. Thanks to our increasingly digital world, we interact with a large number of internet-connected things on a daily basis. That not only includes smartphones, laptops, and tablets, but also virtual assistants and other smart devices.

It’s important to understand that while these connections make it easier to interact and innovate with one another, they also create more entry points for cyber criminals to attack. If just one of those devices isn’t fully secure, it can create a pathway allowing your personal or key business information to be compromised. Check your privacy settings to restrict excessive permissions for your apps and delete the ones you no longer use. Only download apps from trusted sources and vendors. Make sure every smart device you own stays updated with the latest bug fixes and security patches. Turn on automatic updates if available. Avoid sharing too many private details in applications and on social media sites.

Beyond those suggestions, one of the most important ways to secure your accounts and devices is by using stronger passwords. A password combination of letters, numbers, and symbols no shorter than 15 total characters makes it exceptionally difficult for hackers to figure out. There are password managers available to help you generate and remember complex passwords if needed. Similarly, deploying multi-factor authentication, which sends an approval notification to your smartphone when logging in to things like email, banking, and social media, go an extra step to confirm that the only person with access to your account is you. Sentinel partners Duo offer a great multi-factor authentication services for organizations as well as individuals and their families.

One common tactic employed by cyber criminals are phishing attacks, which are designed to fool unsuspecting people into clicking malicious links or opening dangerous attachments. These are often disguised as emails sent by a boss, co-worker, or friend to help pass it off as authentic. If most of the details seem to be accurate but one or two things seem slightly off, you might want to contact the sender in person or via phone to confirm its legitimacy. Make sure to flag any suspicious items as junk or spam, then block the sender as a safety precaution.

Always be wary when accessing any public wireless hotspot. Plenty of places currently offer free Wi-Fi, including airports, hotels, and restaurants. Cyber criminals will sometimes create their own wireless networks in these places to trick or confuse people into connecting to the wrong one, then grab your private login or credit card information when you think it’s safe. When using free public Wi-Fi, make sure to confirm the network name and exact login procedure with the staff to ensure it’s legitimate. While on any unsecured network, always avoid logging in to password protected sites or applications that contain sensitive information (such as online banking), and don’t make any online purchases using a credit card if you can help it. Use your own personal wireless hotspot if you have one rather than a public wireless network, because it’s more secure.

Those are just a few tips and tricks to help keep individuals and businesses safe from targeted cyber attacks. Following these proactive guidelines not just during National Cybersecurity Awareness Month, but all year-round, and it will go a long way toward establishing strong protections moving forward. Of course there are plenty of other, more advanced security solutions available to organizations as part of Sentinel’s SecuritySelect portfolio. If you are interested in learning more, please contact us.