Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sentinel Celebrates Employee Appreciation Month 2018
At Sentinel, we appreciate our employees and do our best to show that on a daily basis. Chair massages, health and wellness programs, holiday gatherings, take your child to work day, and celebrations of special life events are just a few of the special things provided to Sentinel employees. It is our belief that happy and productive employees lead to happy and productive customers. With that in mind, Sentinel once again held a series of fun social events for staff at all of our locations to help celebrate Employee Appreciation Month this past September. Here are some of the highlights:
Downers Grove and Chicago
The Downers Grove and Chicago offices gathered together for a special BBQ lunch on Wednesday, September 12th. Managers grilled up hot dogs, veggie dogs, and burgers as everyone relaxed around the outdoor patio for a couple of hours. As an extra bonus, the folks at Kimmer’s ice cream were also on hand to offer up single and double scoops of their delicious frozen treats. It was the perfect addition to a warm, late summer afternoon!
It was another nice Wednesday a couple of weeks later when the Downers Grove and Chicago offices once again joined forces for an Employee Social Hour on September 26th. Everybody wrapped up work a little early to spend some time chatting and playing games in our parking lot. Drinks and light snacks were served, and more than a dozen teams participated in a bags tournament. The competition was fierce, but a great time was had by all.
Springfield
While Downers Grove and Chicago faced warm and sunny weather for their Employee Appreciation Month events, downstate at our Springfield office Mother Nature wasn’t quite as willing to cooperate. Their planned outdoor BBQ had to be cancelled due to rain, so the team went out for some Mexican food instead. After that, they went from refried beans to beanbags as they held an indoor bags tournament.
Milwaukee
Before the Milwaukee Brewers earned their spot in the MLB playoffs, our Wisconsin branch got together at Miller Park on Tuesday, September 18th for some tailgating and to watch the team face off against the Cincinnati Reds. Unfortunately the Brewers lost the game, but everyone from Sentinel in attendance had a great time anyway as the conversation was lively, the snacks were delicious, and the life-sized Jenga games were intense.
Ann Arbor
Up in Michigan, our Ann Arbor office got together for a little friendly competition and social hour at Whirly Ball. It was a bumper car battle for the ages as teams faced off trying to score the most points by hitting a small target with a wiffle ball. While one team was crowned the ultimate champion, the real winners were all the new friends they made along the way.
Lansing
The Lansing office enjoyed a social hour of their own by heading out to a local bar for some drinks at the end of a long day. Many great conversations were had, and somewhere along the line a darts tournament reignited some old rivalries and started up some new ones. It was all in good fun though, and this event wound up being a real bullseye.
Grand Rapids
Our Grand Rapids branch decided to live up to the name of their city by having an Employee Appreciation Month event at a go kart track. It was indeed a grand afternoon of high speed fun as our team put the pedal to the metal in a high stakes race to reach the finish line first. Everyone had a blast, even those who finished last.
Phoenix
It’s become a yearly Employee Appreciation Month tradition for our Phoenix office to host a special breakfast for the staff that’s cooked up by the management team. Everyone sat down and enjoyed some delicious eggs, bacon, waffles, donuts, and more to help get invigorated and motivated for the work day ahead.
Denver
After their wild pedal pub adventure last year, our Denver team decided to move a little more slowly this year with a simple afternoon cookout employee event. There were plenty of grilled meats, snacks, and other treats to enjoy along with some delightful conversations and camaraderie. They also had a very contentious and intense bags tournament that ultimately ended with some good sportsmanship and a firm handshake.
Fun events such as these for Employee Appreciation Month are just a small part of the reason why Sentinel has been named one of the Top Places to Work in Chicago, Milwaukee, Michigan, and Arizona. If you’d like to join our team, make sure to check out our job openings!
A Three Part Phishing Protection Strategy
By Dr. Mike Strnad, Sentinel Strategic Solutions Advisor
A recent alert from the FBI says that new social engineering techniques are being implemented by hackers to conduct payroll diversion. Cyber criminals are targeting employees through phishing emails designed to capture their corporate login credentials. Once those credentials have been stolen, they are being used to access the employee’s payroll account and change their bank account information.
While technology is needed to help prevent and detect intrusions, management must shift more of their attention to the weakest link, the end users. Educating all employees on how to properly identify and prevent phishing attacks is a strong place to start. I recommend putting together a sweeping security strategy to protect your organization before, during, and after a phishing attack. This includes dual authentication sign in technology through Duo, cyber security training for end user support through Wombat, as well as the secure removal of any identified phishing emails through Proof Point. It makes for a great a one-two-three punch from a security standpoint.
Additionally, vendors who supply security technology solutions should also be training their customers on how to use it properly and build it into any continuity or recovery plans following an attack or disaster. This helps organizations develop a much more well-rounded approach to their security posture, which is essential as attack methods continue to shift and evolve.
If you are interested in learning more about the latest security solutions and how end user training can benefit your organization, please contact us for additional information.
Sentinel Fall 2018 Event Calendar
As the fall season kicks into gear in the coming weeks and months, Sentinel will be hosting several fun and educational events for our customers around the country. The goal is to develop a closer and more personal relationship with those in attendance, and lend our unique expertise to highlight new and emerging technologies designed to optimize and protect the way you do business. If your organization has an office in or near one of the cities where these events are being held, we hope you’ll join us! Please visit the individual event pages or contact us to RSVP and learn more!
**Wednesday, September 26**
Visit Sentinel’s Wisconsin office in Wauwatosa (just outside of Milwaukee) for a lunch and learn with our friends from Duo. They’ll highlight the latest innovations in endpoint and application security, and dive deeper into how your organization can improve secure access beyond traditional perimeter-based network security. Discover new ways to control what specific users and devices have the ability to access your network without exposing it to potential threats.
**Thursday, September 27**
Join Veeam and Sentinel at The Capital Grille in Phoenix for a special lunch and educational event! Experts from Veeam will discuss the importance of having high quality, always available, and seamlessly integrated backup and disaster recovery solutions as part of today's data-heavy and diverse environments. Whether you have Office 365, a hybrid cloud, hyperconverged infrastructure or any other type of configuration, we’ll help you find the backup and DR solutions that are right for your organization. Click here to RSVP.
**Tuesday, October 16**
The Business Solutions Center (BSC) at Sentinel’s Downers Grove, IL headquarters will be hosting a lunch and educational session with our partners at Aerohive on the topic of high efficiency wireless. Get all the details on their new 802.11ax Access Point, which is designed to enhance Wi-Fi performance and management in high density work environments. This is great for any organization dealing with too many devices accessing or attempting to access their wireless network, creating slower speeds and other issues.
**Thursday, October 18**
Our customers in Arizona are getting a treat as we host a very special Tech Summit at Cisco’s Phoenix offices this October. Our top experts will be on hand to talk about the latest security and cloud solutions, as well as help prepare you for new advancements and innovations in the years ahead. If you’re starting to develop your IT strategy for the coming year, this is the perfect way to get your questions answered and learn more about what your focus should be for the future. There will be multiple presentations, along with a Q&A, panel discussion, and happy hour afterward. Click here to RSVP.
**Wednesday, October 24 **
The future’s so bright, we’ve got to wear shades, which is why we’re teaming up with our friends at Dell EMC to host a special event at the Sunglass Hut in Oak Brook, IL. We’ll be looking straight at the sunny future of VxRail, and how this hyperconverged infrastructure solution can help simplify your environment, reduce costs, and enhance overall operations.
Video: Sentinel's Security Offerings
Sentinel is committed to providing our customers with complete
end-to-end protection across their entire environment at the best possible
value. Our SecuritySelect
portfolio was built on this idea, and we continue to partner with a wide
variety of industry-best and innovative organizations to expand our security offerings
while also adding new features and protection techniques to our own “as-a-Service”
platforms such as the Network Operations Center (NOC) and Security Operations
Center (SOC). Everything from endpoint security to intrusion prevention systems
(IPS) comes together under a single pane of glass that enables customers to
have greater visibility into their environment and make more informed decisions
regarding the safety of their data, systems, and employees.
The video below showcases Sentinel’s unique approach to security,
and how our strong combination of people, processes, and technology leads to
enhanced protection and value for customers. You’ll hear directly from some of
Sentinel’s top experts as they detail our SOC services and the proactive tactics
taken by our analysts to identify new threats and dangerous trends before they reach
and infect our customers’ environments.
If you’re interested in learning more about
Sentinel’s SecuritySelect portfolio and how we can help enhance the protection
of your organization, please contact
us.
Sentinel's Robert Keblusek and Rick Spatafore Guest on the Cylance InSecurity Podcast
Sentinel is proud to partner with the rapidly growing cybersecurity
company Cylance to offer their solutions
as part of our SecuritySelect
portfolio. Cylance’s innovative and robust security solutions utilize
artificial intelligence and machine learning to take a proactive and predictive
role in endpoint protection. They are redefining the approach to cybersecurity,
and their technology has already been deployed in hundreds of enterprise organizations
around the world, from Fortune 100 companies to government institutions.
As part of their commitment to all things cybersecurity,
Cylance also puts together a weekly podcast on the topic. It’s called InSecurity,
and features interviews with industry experts on a wide variety of topics that
include risk management, threat intelligence, social engineering, government
protection, and more.
In this
week’s episode, Sentinel’s Chief Technology Officer Robert Keblusek and Sentinel’s
Advisory Services Manager Rick Spatafore
are special guests in a discussion with podcast hosts Matt Stephenson and
Edward Preston about the growing role of Managed Services, and the levels of
trust required for organizations to cede control of critical and operational
aspects of their security infrastructure to a third party. Stream or download
it below!
If you are interested in learning more about
cybersecurity and how Cylance can help protect your organization, please contact us for more information.
Sentinel SecuritySelect: Breaking the SamSam Attack (Part 4 of 4)
By Robert Keblusek, Sentinel Chief Technology Officer
Thank you for reading the fourth and final part of this blog
series on breaking the attack. As noted in part 3, 48% of attacks featured
hacking, and 30% included malware as part of the attack (source: Verizon Breach
Report). The focus of Part 4 is the system compromise portion of the attack.
Hopefully you have stopped or detected the bad actors prior to this stage, but
if not, you have very little time remaining before your system becomes compromised!
To reach system compromise a number of steps normally occur as documented in the far left section of the photo below. Instead of going through each of these however, it might be better just to show you a real world example.
Penetration Test Example Video
This video was created by one of Sentinel’s lead security
advisors using penetration testing (PEN testing) techniques. Sentinel performs
a number of security assessments for customers, and the most thorough of all is
our PEN testing service, which goes beyond evaluating risks and vulnerabilities
by actually performing ethical hacking to truly test your protection and
detection abilities.
The video shows how the attack delivers command and control
(C&C) of a targeted environment to the attacker in UNDER NINE MINUTES! Considering that the Marsh & McLennan
Cyber Risk Report from 2017 shows that the global average dwell time for the
bad actor to operate within your network undetected is 146 days, they are very
likely to succeed without solid detection and response. Industry experts
suggest that it isn’t possible to keep all attacks out, which is why it is
critical for organizations to invest in improving detection and response.
The video shows the attacker gaining root access to a server
using the Apache Struts vulnerability. This is the same vulnerability used to
access the personal information of 143 million US consumers in the highly
publicized 2017 Equifax breach.
Below is an alarm example from Sentinel’s SOC service that
shows a host under attack with a similar vulnerability. As you can see, our
detection was able to identify the attack coming from Canada attempting to
access a host under our monitoring service.
In this case our team was able to respond because the system
had lateral detection and response in place. Without these services, the attack
could have been a success and the attacker might have moved laterally through
the network to monetize the attack, disrupt business, and possibly even create
a serious cyber breach.
Another approach to lateral detection is decoy technology.
With decoy technology we set traps for attackers and they almost always take
the bait. In this case, the PEN tester was not aware of the decoy services on
the network and got caught as a result. Decoys make it look like a host, share,
server image, application image, pump, phone, or other IoT image is completely
genuine so the attackers treat it like any other asset on the network. However
this particular asset doesn’t actually provide access as it is fake! This
offers nearly 100% reliability of detection. If the asset is being accessed it
is likely due to an outside attack, an inside attack, an overly curious
employee, or a PEN tester (as is the case here).
The PEN test triggered a number of alarms. Here are a couple
of examples of the decoy alarms from the attacker. If this were a real attack,
you would have a choice. You could immediately kick the attacker out of the
network and perform forensics throughout your systems to remove any remaining
elements from the attack, or you could watch the attack on the decoy, determine
the methods used, possibly determine who the attacker is, or engage the
authorities. A decoy can even automatically deploy more decoys around the
original to keep the attacker busy while the attack is reverse engineered to
ideally determine the purpose behind it as well as the identity of the attacker.
Sentinel’s Decoy as a Service solution also integrates with
our SOC, providing immediate notification to our security analysts that a
breach is in process. If this were a real attack, we would have detected it early
and been able to stop it prior to command and control, or allowed for command
and control of the decoy in order to either analyze the attack or improve the
possibility of authorities catching the attacker.
Conclusion
I hope that if you have read all four parts of this blog
series you have taken away some approaches applicable to your organization and
its security posture. All organizations have some level of protection in place,
from firewalls to endpoint anti-virus and beyond, but many lack the detection tools
necessary to identify a compromise once inside the network. Sentinel has
responded to a number of incidents this year, and in each case the customer
lacked appropriate detection technologies to catch the attackers once inside
the network. In addition, the networks were mostly open and lacked technologies
such as micro-segmentation, Cisco ISE for network enforcement, or other
containment approaches designed to isolate and protect critical assets.
Most networks lack cyber security detection that identifies
threats moving laterally within the network. Hackers and malware will get into
your network one way or another, and when they do you must be prepared. In the
worst case, if you don’t detect and stop the attack, you will be forced to
recover. Recovery is also an often overlooked aspect to a complete cyber
security program. Companies often rely on backups to recover their data and
systems, however many of today’s attackers know this and destroy snapshots and
backups so they can’t be restored.
Where do you go from here? I recommend NIST. If you haven’t
heard of the NIST Framework, reach out to Sentinel’s Advisory team to learn
more. This is a great framework to align any security program as well as
measure ongoing alignment over time.
Sentinel offers a NIST alignment workshop that is a
self-report service and only takes about 2 hours for any organization to
complete.
Aligning your security program around a framework such as
NIST will help to improve your security posture over time. It will also enable
you to identify weak areas where your organization should consider spending
time and resources. As stated previously, trends indicate that organizations
will continue to invest in protection technologies, but the need for detection
will increase at a greater rate. Talk
to Sentinel today about your risk and how we can help you get the most from
your cyber security investments!
If you haven’t already, make sure to read Part 1, Part 2, and Part 3 of the Breaking the SamSam
Attack series. You can follow Robert Keblusek on Twitter, @RKeblusek
Sentinel's Summer of Success
It’s been a fun and fantastic summer for Sentinel, packed
with such a wide variety of different events, awards, and other small victories
that we wanted to take a moment to share some of them with you. Our intent is
not to boast about these things, but instead to keep our customers and potential
customers informed about what we’re doing, the growth we’re experiencing, and
the steps we’re taking to remain an Always Leading organization focused on
providing the highest quality IT solutions and services. So here are a few
highlights from the last couple of months that we hope will give you a greater
sense of how things are going at Sentinel.
Back in June, Sentinel was once again included in
Channel Futures’ annual MSP 501 Worldwide Company Rankings. The list is the
largest and most comprehensive ranking of leading managed services providers (MSPs)
in the world, and Sentinel was honored to finish at #17 this year. There are
several factors that go into their selection process, including weighing
revenue figures in accordance with how well a company’s business strategy anticipates
trends in the rapidly evolving managed services ecosystem. We are looking
forward to being formally recognized with the rest of the winners at the
Channel Futures Evolution conference this October. In the meantime, our number
of Managed Services offerings and the areas that support them continues to
expand. Last month we welcomed our first Managed Services customers from
Florida and Colorado!
In July, Sentinel held our annual Security Summit at
Arlington International Racecourse. Many of our security experts were on hand
to answer questions and provide insight on current and future security trends
for the more than 100 customers in attendance. Our partners from Cisco, Attivo,
AlienVault, and Duo also spoke about their different security offerings and
solutions as well, bringing a greater variety of perspectives and innovative
ideas to the event. Here is a
summary of the day, which features plenty of advice on how to properly
protect your environment against ever-evolving threats. Here is a special Q&A that was
part of our discussion panel of experts.
Sentinel is also very excited about the expansion of our Milwaukee
office. We’ve hired additional staff to provide better service and support to
our customers in southern Wisconsin, and hope to continue the strong growth
throughout the region in the coming months and years. Speaking of growth, we
can’t thank our customers enough to helping us achieve the biggest July ever
for all of our sales teams around the country. That includes our Eastern Region
offices in Michigan as well as our Western Region offices in Arizona and
Colorado. We are so incredibly grateful to have the trust and support of our
customers as we work to ensure they stay protected and have the best technology
solutions and services to achieve their many business goals.
If you are interested in building a relationship
with Sentinel or simply want to learn more about us, please don’t hesitate to reach out! We are always happy to
help with any of your IT-related needs.
A Brief Security Q&A with Sentinel and Other Industry Experts
Last month during our Security Summit event at Arlington
International Racecourse, several experts from Sentinel and our partners at
Cisco, Attivo, AlienVault, and Duo gathered together to answer some interesting
questions about security from any customers in attendance. Here are a few of
the questions that were asked, along with the answers given by our panelists.
If you’re at a
business (such as Starbucks) or public place that offers free wireless internet
and want to use it for your device, how do you avoid accidentally joining dummy
wireless networks set up by hackers intended to look like the real thing?
Create a Virtual Private Network (VPN) if you can, as it will encrypt all
of your traffic. Train your employees on how to identify fake wireless networks
and protect any corporate devices from becoming compromised when they are not
on your network. There should be a “splash” page on any free wireless network
to let you know you’re connected, so be sure to look for that along with the
domain name to help confirm it’s legitimate.
What percentage of
your overall IT budget should be spent on security?
Security takes up an average of 11% of the IT budget for most
organizations, but it depends on the industry and type of data you’re
protecting. Do a risk analysis with Sentinel to determine the value of your
data and the cost if it were stolen, then base your security budget on that.
Since many Ransomware
attacks today also include the destruction backups so organizations have no
chance to circumvent the process and recover their data, what would you
recommend for backup security?
Sentinel’s Backup as a Service (BaaS) offers air gapped protection located
off your network, so your backups will remain safe if an attack occurs.
What’s the difference
between Umbrella and a web filter? Do you need both?
Umbrella has a web filter built into its architecture. It offers a variety
of different security features to help protect your organization’s network and
devices. For example, your endpoints remain protected by Umbrella whether
you’re on the corporate network or not. Still, it might be a good idea to have
both Umbrella and a separate web filter, just to ensure you’re identifying and
stopping as many threats as possible. You should consult with Sentinel’s
Advisory Services team to determine the best solution for your specific
environment.
In three sentences or
less, what should organizations be thinking about for the future of their
security?
- Mark Combs, Sentinel Strategic
Solutions Advisor – Regular assessments and advisory services will continue
to increase steadily in popularity and performance. They help your organization
to analyze risk and develop a strong security strategy.
- Rick Spatafore, Sentinel Advisory
Services Manager – Follow best security practices to help protect your
sensitive data. It doesn’t need to be tough.
- Odell Waters, Sentinel Senior Solutions
Architect – AI and machine learning is the future. Start thinking about how
to best integrate it into your environment.
- Bob Keblusek, Sentinel Chief Technology
Officer – Make sure you’re fully aware of the risks to your organization, and
talk to executives so they understand the importance of security.
- Bill O’Malley, Consulting Systems
Engineer for Cisco – Security is a necessity. Have a strong policies in
place and make sure to encrypt your data.
- Gregg Kalman, AVP of Sales for Attivo
– Balance your security posture to protect from the outside and detect on the
inside to prevent and minimize losses in the event of an attack.
- Adam Barr, Partner Relationship Manager
for AlienVault – People, processes, and technology are the three most
essential pieces to any strong security setup. Educate your staff about
security measures, implement procedures to properly protect your data, and
invest in the right solutions for your environment.
- McKay Brown, Account Executive for Duo
– Passwords will soon be a thing of the past as biometrics (facial recognition,
fingerprint ID) become part of standard login procedures for most devices and
applications.
If you have any questions about your security,
Sentinel and our partners have the answers! Please contact us and we’ll be happy to
provide guidance and solutions as requested.
Reflections of a Sentinel Intern
by Quade Kayle, Software Development Intern
Greetings reader, my name is Quade and I am an
incoming senior at Carthage College. I hail from the lovely suburban town of
Libertyville, Illinois, just about an hour outside of Chicago. I have been
studying Computer Science at Carthage for three years now, and I am very
excited to be finishing my last year with such a rigorous and well-developed
program. This summer, I am employed as a software development intern at
Sentinel Technologies.
It was a mid-afternoon in March when I
received a call from Sentinel with an offer to spend my summer with them as an
intern on their software development team. I jumped around my dorm room trying
to contain my excitement. After I accepted, I let it set in that I would be
spending a summer in Downers Grove doing what I love: development.
Development, however, involved more than just my fingers hitting the keyboard
in repeated patterns to produce a desired result. To me, this summer was about development
in a variety of ways: as an application developer, a young professional, a
runner, and a human being. With support from my professors and mentors, I soon
learned the ins and outs of the development process. Beyond that, I also picked
up valuable life skills such as how to best manage my time, how to properly
conduct myself in a business environment, and how to minimize my stress levels.
When I started at Sentinel we had orientation,
where the first lesson was to be ready to learn every day. I hit the ground
running by studying the many different applications and frameworks the company
uses on a regular basis. That included ASP.NET, JavaScript, JQuery, Bootstrap,
and a plethora of related tools. My intent was to start making an impact right
away, but just like development, it was going to be a process. You need to know
how to walk before you can run.
Once I was assigned my first project, things began to move very quickly. I was
eager to see my project start from nothing and blossom into something truly
great. One of my goals was to be proud of my work, and that was putting it
mildly. I added in features and tried new and interesting solutions to problems
that otherwise seemed impossible. My supervisors began laying out new prompts and
additions to my projects, but as the list grew, so did my anxiety. I worried
about how I was going to make it all work. But just as quickly as those
thoughts came, they disappeared as I told my supervisors I’d get it done.
I am very fortunate to be blessed with supervisors that are eager to teach me as well. What I value the most from my relationship with them is they don’t feel the need to hold my hand and guide me through every little thing. Instead, they point me in the direction I need to head and then let me discover the path to get there. Their methods are incredible and I feel lucky to work with such strong leaders. The lesson I learned is a universal one: do not expect to be coddled. Situations just like this one are helpful for the development of my character. It's a very important lesson I will take with me forever.
Unfortunately, not all my days were personal
journeys with valuable lessons to learn. Some days were the typical 8:30 to
5:00 day where I accomplished very little and felt very discouraged. I am driven
by success, and on the days where I failed to achieve what I needed to, I would
drive home quietly contemplating how I could have done better. The first couple
of times this happened, I wasn’t sure how to react. I soon learned that this
valuable time can be used for self-reflection and growth. Instead of neglecting
my feelings, I wrote them down, went for a run, and thought hard about what
made the day unsuccessful in my opinion. The day didn’t have to end at 5:00; I
could always come up with an idea or activity to shift things in a positive
direction.
While the bad days came, the amount of good days outnumbered them. I have been
working on four different projects this summer, three of them being considered
complete. A couple have been with another intern on my team named Ryan. My
supervisor has to inspect them and prepare them for production before they can
be used, but fortunately enough, I have already had one of my projects pushed
to production! It is a wallboard that is displayed in different areas around
Sentinel, and the day that it was pushed to production I got to see a real project
I developed being put to practical use. It was a great feeling, and I am very
excited for when my other completed projects get moved to production and are used
by the staff at Sentinel. As an intern, it is rewarding know I am responsible
for products that are being utilized.
My continuing summer project has been very
rigorous, and as the summer goes on, my supervisors have asked me to add more
and more difficult features. These have been great learning experiences, and each
time I complete a feature, I am eager to complete another one. I refuse to stop
until a feature is done. It’s almost as if you can accomplish anything if you
are willing to work hard enough.
Each day there is a takeaway, whether it be learning
how to drive in rush hour traffic or understanding how to conduct myself on a
bad day. While my growth as an adult started when I stepped foot onto the
Carthage campus, my internship at Sentinel is responsible for an incredible
amount of exposure and discovery, not only professionally as a developer but as
a young adult figuring out the world. I have a couple weeks left at Sentinel
before my time is done here, but remain excited for the new lessons I will continue
to learn.
A Recap of Sentinel's 2018 Security Summit
Last Thursday, Sentinel held our annual Security Summit at
Arlington International Racecourse in Arlington Heights, IL. We were joined by
more than 100 of our customers, who came to learn more about the many different
types of security solutions available to help protect their organizations, as
well as get their most pressing security questions answered by our panel of
industry experts. It was a great day, and we hope everyone that attended came
away with a better understanding of the current security landscape and steps
they can take to improve their own security posture.
In case you missed it or were unable to attend, we wanted to
share a brief summary of some of the topics that were discussed and questions
that were asked during the event. If you are interested in learning more about
any of these things, please don’t hesitate to contact us. A special thank you
to our partners at Cisco, Attivo, AlienVault, and Duo for their hard work and
expertise that helped make this day a success!
Endpoint Security
-The top two attack vectors today are email and malicious
websites. Hackers will send a targeted phishing email that looks like it was
sent by a friend, family member, co-worker, or boss, which contains harmful
content or links designed to infect your system or obtain key personal
information.
-Regular assessments, at least one or two every year, are
essential to make sure your security is doing its job. Penetration tests are
strongly recommended as well.
-Sentinel strongly recommends organizations have at least
two endpoint security solutions installed in their environment, such as Cisco
AMP with Umbrella. Multiple endpoint security solutions create layers of
protection, as each one looks at different aspects of the environment.
-Segmentation in your environment is of paramount
importance. If you have a server farm, for example, segment it. Segment as many
things as you can, because it makes it much more difficult for attackers to
move around and gain access to sensitive data.
-You not only need security to identify and help stop
threats, but also to remediate and patch after an attack. If you don’t
currently have a patching cycle already in place, you are already in danger.
There are new vulnerabilities emerging every day/week, and regularly patching
keeps your protection solutions up to date.
Cloud Security
-A public cloud uses the resources of outside organizations
(such as Azure and AWS) to store and operate portions of your environment. Your
business won’t be able to manage and adjust every aspect of the public cloud,
but above all else you need to maintain control over who has access to private
and sensitive data. Private cloud is fully controlled by your organization,
meaning all responsibilities are yours, including security and access to data.
-A strong cloud security posture should emphasize visibility
so you who has access to what. For example, if an employee downloads a tool or
app, they might agree to terms of service that includes access to their private
accounts or email and not realize it. Proper cloud security is designed to spot
these vulnerabilities and make sure nobody is granting permissions that can
open your organization up to danger.
-Cisco Umbrella offers cloud security to help identify what other
security products are missing. It is a great add-on for all types of
environments, including Microsoft Office 365.
-Cisco Stealthwatch Cloud will monitor your cloud
environment using behavioral analytics and keep an eye on any strange activity
that deviates from standard operations.
-Cisco Identity Services Engine (ISE) controls endpoint
access to the corporate environment. If a user tries to log in to your network
using an unapproved, non-corporate device, they may be denied access out of
concern that device may not be secure.
Security Assessments and Security Advisory
-Your organization needs a security strategy and roadmap.
Assessments, gap analysis, and penetration tests are so important.
Vulnerability scans help identify dangers in your environment.
-If your organization is PCI compliant, quarterly
vulnerability scans are required, though Sentinel recommends monthly
vulnerability scans. If you’re non-PCI compliant, your organization should get
security and risk assessments at least once or twice a year.
-If an attacker obtains your system administrator’s username
and password, your whole network is likely going down, because they can exploit
that to gain access anywhere and cause catastrophic damage across servers and
systems.
-Having a two-factor authentication system in place is very
important to protecting access and preventing attacks from spreading. A
platform like Duo verifies the identities of users and the security health of
their devices before they are allowed to log in to your environment.
Security Incident Event Management (SIEM) and Security
Operations Center (SOC)
-High costs and a lack of manpower are the two primary
reasons why many organizations haven’t yet adopted a SIEM. Those that do are
often overwhelmed with SIEM products, which have all kinds of alerts and false
positives that take too much time and energy to go through. Sentinel offers a managed SIEM option that is
inexpensive and only sends important alerts and updates to your IT team to help
improve the focus on the security of your environment.
-Sentinel’s SOC monitors your environment 24x7x365 to ensure
your critical data remains secure. Once an alarm is triggered, our SOC works
closely with your organization to help shut down the attack.
-Quarterly quality assurance meetings for our SIEM and SOC
offerings enable the Sentinel team to talk with you about security incidents
and make recommendations on next steps and ways to improve your security
posture. Sentinel wants to help you achieve your security goals, even if it
takes years to build, piece by piece.
-In the event your environment is compromised,
Attivo offers deception technology that creates decoys and other lures for
attackers to follow, pulling them away from your critical data and systems so
you can minimize their access and any potential damage.