Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
A Tale of Technology Terror
Most of the time, we think of technology as a tool that can be used to enhance productivity and make our lives easier. Innovations seem to happen on a daily basis, and it’s exciting but can also be a bit challenging for your IT team to maintain a steady grip. Only adding to those challenges are the ever-evolving threats that seem to come from everywhere yet nowhere at the same time. While Sentinel likes to focus on all of the positive things industry-best technology and services can do for your organization, in honor of Halloween week we wanted to share a story that looks at the scary side of IT. So turn out all the lights, grab a snack to nervously much on, and take a few minutes to read this harrowing tale of technology terror!
Tim loved his job. As an insurance agent, he was responsible for helping folks stay financially protected from all types of losses – such as medical expenses, car crashes, house fires, and …accidental deaths. He took comfort in the idea that the people who purchased policies from him were making a smart investment in their future, so they could more easily bounce back on one of the worst days of their lives. Unfortunately, he spent so much of his time focused on clients that he wasn’t fully prepared when a nightmare finally arrived at his doorstep. Or should I say inbox?
One cold and stormy weekday afternoon in late January, Tim received an email from his boss. “Xtra Vacation Days” was the subject line. He hadn’t heard anything about the company giving employees more vacation time, but was certainly eager to learn more. The body of the email contained a couple of minor spelling and grammatical errors, which seemed a little odd for an email that was reportedly sent out to the entire company, but those sorts of mistakes happened all the time. After all, they were an insurance company and not a news organization.
Near the bottom of the email there was a link to an external site where employees could log in with their corporate ID and verify that two extra days had been added to their vacation time allotment for the year. Tim diligently clicked the link and entered his corporate user ID and password at the login screen, but upon doing so was redirected to an error page saying the site was currently down and to check back again later.
After two more failed login attempts, Tim asked his co-worker Becky if she was able to access the site and confirm her two new vacation dates. Becky told Tim she had no idea what he was talking about. That seemed weird, so Tim went directly to his boss to talk about it. As a similarly quizzical look came across his boss’s face, Tim began to panic. If his boss hadn’t sent that email, who did? Also, does this mean he wasn’t getting two extra days of vacation?
Just as the company’s IT Director was being informed of the situation, the monitors and screens of every computer in the office turned to black. A skull then appeared, accompanied by a short message: “WE HAVE CONTROL OF YOUR NETWORK, DATA, AND BACKUPS. PAY US $100,000 OR LOSE IT FOREVER.” All users were locked out of their networked devices as the organization faced a terrifying Ransomware situation.
The insurance company that Tim worked for had strong security solutions in place to help stop attacks and prevent breaches, but unfortunately it couldn’t quite account for human error. A large number of cyber criminals use fake emails and other phishing scams in an attempt to trick people into clicking on malicious links or opening malicious attachments, and what happens as a result is certainly no treat. Organizations can take steps to prevent this by providing security training for employees. If everyone knows common tactics used in social engineering and phishing attempts, they can more easily spot and report them to the proper authorities, increasing the overall safety of the business. Think of it like an insurance policy for your security. Sentinel offers a number of different security training services, so please contact us for more information!
National Cybersecurity Awareness Month 2019
In case you weren’t already aware, October is National Cybersecurity Awareness Month. It’s the perfect time to examine the security posture of your organization and determine whether or not your IT team is doing everything necessary to ensure users and critical data remain safe from both external and internal threats. Personal accountability plays a large role in staying secure both in the workplace and at home, along with taking proactive steps to ensure end-to-end protection as attacks continue to evolve.
The overall theme of National Cybersecurity Awareness Month for 2019 is “OWN IT. SECURE IT. PROTECT IT.” There are a number of different ways both you and your organization can put this theme into practice not just this month but throughout the year. A great way to get started is by taking a closer look at what devices and applications you use. Thanks to our increasingly digital world, we interact with a large number of internet-connected things on a daily basis. That not only includes smartphones, laptops, and tablets, but also virtual assistants and other smart devices.
It’s important to understand that while these connections make it easier to interact and innovate with one another, they also create more entry points for cyber criminals to attack. If just one of those devices isn’t fully secure, it can create a pathway allowing your personal or key business information to be compromised. Check your privacy settings to restrict excessive permissions for your apps and delete the ones you no longer use. Only download apps from trusted sources and vendors. Make sure every smart device you own stays updated with the latest bug fixes and security patches. Turn on automatic updates if available. Avoid sharing too many private details in applications and on social media sites.
Beyond those suggestions, one of the most important ways to secure your accounts and devices is by using stronger passwords. A password combination of letters, numbers, and symbols no shorter than 15 total characters makes it exceptionally difficult for hackers to figure out. There are password managers available to help you generate and remember complex passwords if needed. Similarly, deploying multi-factor authentication, which sends an approval notification to your smartphone when logging in to things like email, banking, and social media, go an extra step to confirm that the only person with access to your account is you. Sentinel partners Duo offer a great multi-factor authentication services for organizations as well as individuals and their families.
One common tactic employed by cyber criminals are phishing attacks, which are designed to fool unsuspecting people into clicking malicious links or opening dangerous attachments. These are often disguised as emails sent by a boss, co-worker, or friend to help pass it off as authentic. If most of the details seem to be accurate but one or two things seem slightly off, you might want to contact the sender in person or via phone to confirm its legitimacy. Make sure to flag any suspicious items as junk or spam, then block the sender as a safety precaution.
Always be wary when accessing any public wireless hotspot. Plenty of places currently offer free Wi-Fi, including airports, hotels, and restaurants. Cyber criminals will sometimes create their own wireless networks in these places to trick or confuse people into connecting to the wrong one, then grab your private login or credit card information when you think it’s safe. When using free public Wi-Fi, make sure to confirm the network name and exact login procedure with the staff to ensure it’s legitimate. While on any unsecured network, always avoid logging in to password protected sites or applications that contain sensitive information (such as online banking), and don’t make any online purchases using a credit card if you can help it. Use your own personal wireless hotspot if you have one rather than a public wireless network, because it’s more secure.
Those are just a few tips and tricks to help keep individuals and businesses safe from targeted cyber attacks. Following these proactive guidelines not just during National Cybersecurity Awareness Month, but all year-round, and it will go a long way toward establishing strong protections moving forward. Of course there are plenty of other, more advanced security solutions available to organizations as part of Sentinel’s SecuritySelect portfolio. If you are interested in learning more, please contact us.
Comparing the Core Pieces of the Public Cloud
Everyone’s cloud journey is different. There is no single, catch-all solution or standard path to take. What is right for one organization might not be right for another. It is about examining your resources, establishing business goals for future growth, and determining exactly how the cloud can help you get there on time and on budget. There are already multitudes of cloud solutions available to satisfy nearly every sort of environment and need, and the process of picking the ones best suited to your unique situation creates an entirely new set of challenges. Sentinel has the knowledge and experience to help guide your organization through every step, from the analysis and strategy of our Advisory Services through the continued maintenance and support of our Managed Services. Here is a closer look at the primary pieces of the cloud puzzle, and where different services can provide benefits.
The two primary cloud service providers today are Amazon Web Services (AWS) and Microsoft Azure. They offer the necessary public cloud framework through which you can add applications, workloads, backup/recovery systems, data, and many other use cases. There are minimum requirements to get started in each. AWS recommends using multi-account architectures with at least three separate accounts to handle Audit, Master/Identity, and per project responsibilities. While Microsoft initially suggests having a single Azure Active Directory (AD) tenant, Sentinel understands that can be exclusionary of certain customer scenarios, as multiple Azure AD tenants are often worth consideration for shared services. Businesses can also improve their cost management by investing in Azure on a per project or per team basis.
Advanced account features such as policy enforcement are provided by both AWS and Azure, though again there are differences in terms of their capabilities and management of resources. AWS Organization’s Service Control Policies (SCP) create centralized organizational units that allow administrators to maintain maximum access limits for users and roles throughout all their accounts. Identity & Access Management (IAM) policies also fall under AWS and use very similar syntax, though an SCP never grants permissions while an IAM does. The two work in tandem to establish secure boundaries on multiple levels for the policies of your organization. Azure has a comparable policy enforcement solution that includes Azure AD Role Based Access Control (RBAC) and Azure Policy. RBAC helps organizations manage who has access to Azure resources, what they can do with those resources, along with what Azure services or products they have access to. Azure Policy enables you to create, assign, and manage policies across various Azure resources providing centralized auditing or enforcement.
One of the other benefits of cloud frameworks like AWS and Azure are their automation capabilities. AWS has CloudFormation (CFN), which standardizes infrastructure components across your entire environment to create configuration compliance and faster troubleshooting. Resources are provisioned in a safe and repeatable manner, so your infrastructure and applications can be built or changed without the need for manual actions or custom scripts. The Azure Resource Manager (ARM) has a similar function for Azure customers, enabling organizations to manage their infrastructure through specialized templates instead of scripts. This makes additions and changes easier to deploy and monitor, and they can be distributed across an entire group rather than on an individual basis.
Connectivity to the cloud is another important topic where organizations often struggle to determine the solution that fits their specific needs just because there are so many options available on the market today. That is particularly the case as businesses get into utilizing a third party for more complex scenarios, because that brings even more options into the picture. This is why it is so important your organization creates and sticks with a cloud adoption strategy, especially one aligning with critical business goals and processes. Will this specific type of connection help you get the most from your software-defined wide area network (SD-WAN) solution, or will it better integrate with your software-defined data center strategy? What effect would this new connection have on the security of your organization? These are the sorts of questions that organizations often forget to ask, and it becomes a pain point as they attempt to grow and figure out choices that will enable them to move further into the cloud.
AWS and Azure both have multiple methods of connectivity, each one designed to serve a different purpose in a cloud environment. The Virtual Private Gateway offered by AWS enables your organization to set up an encrypted VPN through the cloud that connects with physical appliances and other clouds. Another AWS options is an Internet Gateway, which connects the Virtual Private Cloud to the Internet so resources can be accessed from anywhere. There is also Direct Connect, which establishes a dedicated private network between an AWS cloud and a data center, office, or colocation environment. Because Direct Connect does not use the public Internet, they are often faster and more reliable, with lower latencies than a standard connection. These types of connectivity are similar in Azure, listed under the slightly different names of VPN Gateway, Internet Access, and ExpressRoute, respectively.
There are dozens more options for cloud connectivity that go well beyond what AWS and Azure currently offer, and each has its own set of benefits and drawbacks. For example, Cisco has their own collection of connectivity solutions that include Cloud Application Policy Infrastructure Controller (APIC) as part of the Application Centric Infrastructure (ACI) solution, along with Viptela, Cloud Services Router (CSR), and next-generation firewalls. If you are feeling overwhelmed by the sheer number of choices available on the market today, Sentinel’s Advisory Services can help you navigate these challenges. Our experts will work closely with your organization to find a cloud connectivity solution that both satisfies your long-term needs and positions you to meet critical business objectives.
One of the biggest challenges associated with working in the cloud involves security and accessibility. What users should have access to what areas of your clouds, and what types of restrictions can keep sensitive data safe? In a traditional premises environment you may be accustomed to Active Directory (AD) users and AD groups, but suddenly with the cloud there are multiple tenant spaces to manage along with granular elements like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). Attribute-Based Access Control allows you to create a policy that utilizes tags to change access rights for associated user accounts dynamically. It requires more complex thinking compared to the traditional protocols and architecture, but offers greater flexibility and protection as a result.
When it comes to identity and access authentication in the cloud, some different solutions are applicable across all types of environments. They stretch beyond platforms like AWS and Azure and are designed to help make it easier for users to login securely. Security Assertion Markup Language (SAML) is one of the open standards for exchanging identity and security information between applications and service providers. It allows users to establish a single sign-on (SSO) for all SAML associated applications so they are not forced to provide login credentials for each one individually. For example, you can use your corporate credentials to sign in to Microsoft Active Directory as well as applications stored in the AWS cloud without needing to re-enter any information.
The cloud also makes it easier to share access to certain resources and applications across multiple accounts. This applies to users and administrators who may use different accounts for different roles or purposes (for example, one for production and one for development) but don’t want the hassle of signing out of one account and signing into another in order to access specific elements that may not be available in both. This can also work with different teams and in a business-to-business (B2B) context, meaning groups have the ability to collaborate or make changes using a shared set or resources. It is as simple as an administrator creating a role, specifying which account(s) have the ability to access it, and determining the levels of permissions to either limit or expand specific user capabilities.
When it comes to monitoring your cloud environment, many organizations remain focused on legacy solutions such as Simple Network Management Protocol (SNMP) and Internet Control Message Protocol (ICMP). Unfortunately, both SNMP and ICMP offer minimal to no network support outside of a traditional Infrastructure as a Service (IaaS) operating system, providing just enough information to let you know if your network is up or down. If you do encounter issues, they would not be able to tell you what elements are up, what elements are down, what the root cause of the problem might be, or what has changed in your environment.
So how do you get this type of monitoring information in the cloud? There are some native tools available through your cloud provider, along with application program interfaces (APIs) that provide more in-depth monitoring for those particular elements. AWS offers CloudWatch, which collects monitoring and operational data such as logs, metrics, and CloudTrail system changes into a single platform for a comprehensive view of resources, applications, and services on AWS and on premises servers. Azure Monitor occupies a similar space, using the collected data from your cloud and on premises environments to analyze the performance and health of applications, workloads, and virtual machines (VMs). A fantastic third party monitoring solution that works across all types of cloud environments is Splunk, which has all of the same features as the other services along with data encryption, automation, and potential machine learning integrations designed to help you avoid performance issues and unnecessary alerts.
Beyond your data and applications, one other critical area that requires monitoring are your cloud expenses. Because the cloud uses an Operating Expenditure (OpEx) model and your organization gets charged based on the amount of resources it uses, it is important to keep an eye on those details as you set a budget and plan for the future. Both AWS Billing and Azure Cost Management are tools that monitor usage and provide analysis and reports to forecast costs so you can properly estimate how much you will be spending on cloud and receive alerts when you approach or exceed budgeted amounts. Of course, if you are looking for an independent tool to help you maximize your cloud value and keep track of expenses, CloudCheckr offers cost analysis and cloud security recommendations while meeting the strictest of regulatory compliance requirements. It is particularly helpful if you are invested in the cloud through multiple vendors and are looking for a single dashboard to tie them together for easier management.
If you are interested in learning more about the many different cloud offerings available and figuring out which would fit best with your organization and business goals, please contact Sentinel for additional information.
Sentinel's Employee Appreciation Month 2019
At Sentinel, we appreciate our employees and do our best to show that on a daily basis. Chair massages, health and wellness programs, holiday gatherings, take your child to work day, and celebrations of special life events are just a few of the special things provided to Sentinel employees. It is our belief that happy and productive employees lead to happy and productive customers. With that in mind, Sentinel once again held a series of fun social events for staff at all of our locations to help celebrate Employee Appreciation Month this past September. Here are some of the highlights:
Downers Grove and Chicago
Sentinel’s Operations Management Team pulled out the charcoal grills and hosted a BBQ lunch for Downers Grove and Chicago employees on Wednesday, September 11th. Burgers, turkey dogs, and veggie dogs were the main dish options, along with potato salad and bags of chips as sides, as well as cookies for dessert. It was a gorgeous day outside, and represented a great way for all of the various departments to socialize and get to know one another better over a lunch hour.
Speaking of socializing, the Downers Grove Sales Management Team held their annual Social Hour and Bags Tournament event on Thursday, September 26th. It was another lovely early fall day, as pairs of teams battled to win the coveted bags tournament trophy and bragging rights for the next year. Congratulations to the team of Solutions Specialist Kevin Mondry and VP of Enterprise Technical Resources Jon Rimkus on their victory! The Social Hour event also included a live music performance, a beer tasting from local craft brewery Garage Band, plus an assortment of appetizers and tasty frozen treats from Kimmer’s Ice Cream.
The folks from Sentinel’s Springfield office in central Illinois decided to have a bit of an outdoor adventure for their Employee Appreciation event. They gathered a couple of motorboats and spent a warm, sunny afternoon relaxing on Lake Shelbyville. There were food and drinks, along with some light swimming and tubing to help keep cool.
Our Milwaukee office continued their tradition of attending a Brewers game to celebrate Employee Appreciation Month. This year they spent the evening of September 16th watching the Brew Crew earn their way into a National League Wild Card spot in a face-off against the San Diego Padres. They tailgated before the game, and wore their rally hats to help guide the Brewers to a victory!
Speaking of baseball, members of Sentinel’s Michigan team got together to watch a little minor league action at the Lansing Lugnuts game. The team faced off against the Dayton Dragons, who were apparently on fire that night because they handily beat the Lugnuts. Even though the final score wasn’t ideal, everyone still had a fun time.
Breakfast is the most important meal of the day, and the managers at our Phoenix office know this better than just about anyone. They wanted to make sure everyone had the necessary fuel to power through the day, so a special breakfast was held on Monday, September 9th. There were counters and tables packed with everything from cereal and donuts to bacon and eggs. It marked a fun and delicious start to the week! Coming up in November, our Phoenix location will also host a special family picnic as a bonus Employee Appreciation event.
If there’s one thing our Denver office is known for, it’s their ability to problem solve. They’re virtual wizards when it comes to uncovering the right solutions to help our customers achieve their goals, but those skills were truly put to the test recently when the team spent an afternoon trying to find their way out of an escape room. They were trapped inside of a lab where laughing gas (and thanks to an office lunch of tacos, one other type of gas) was leaking in, and only had an hour to shut it off before running out of oxygen. Thankfully, they completed a series of complex puzzles and made it out in time. Celebratory drinks at happy hour were enjoyed after.
Fun events such as these for Employee Appreciation Month are just a small part of the reason why Sentinel has been named one of the Top Places to Work in Chicago, Milwaukee, Michigan, and Arizona. If you’d like to join our team, make sure to check out our job openings!
An In-Depth Look at Meraki's New Security Cameras
Compared to a traditional security camera system, the recently introduced Meraki cameras are a bit different. One of the primary things that sets them apart is that they’re cloud-hosted cameras, but don’t actually use a lot of your network bandwidth. Despite the fact that they run 24/7, only kilobytes of data get used on the network. The reason why is because they combine the security camera and storage together on the same device so it can operate all on its own. Beyond that, there’s a really low barrier to entry with these cameras. There are no minimums or maximums, so your organization can buy them one at a time if it chooses. If you’re not sure how well they’ll work in your environment, ask Sentinel to send you a few to test out as they’re easy to install.
Once the Meraki security cameras have been installed in your environment, you can manage them via a dashboard tool. All cameras are listed, and you can communicate with them directly by selecting one. This will give you the ability to stream the footage and adjust video quality settings. If you’re working remotely from a different network, your connection will be established through the cloud using the same secure tunneling used for the Meraki dashboard. There will be a little cloud logo at the bottom left side of any video you stream if you are watching remotely, along with a few seconds of delay from the live feed. Since you’re only able to access the camera by being a dashboard admin, there are no issues of security because outsiders can’t type in an IP address and try to figure out a username and password. That doesn’t exist.
There is no Network Video Recorder (NVR) or Digital Video Recorder (DVR) with any Meraki security camera, so all of those features that would normally be available inside of the appliance are available via the dashboard instead. If you want to view a specific point in the timeline, you can just click on it and it’ll jump to that spot. If you want to get a little more granular, there’s a text-based search function available. Say somebody reported an incident that happened last Tuesday at 3PM, but they were a little off and the time it occurred was actually 3:30. Normally you’d have to scrub through all the footage to find the right time. Instead, the motion search feature can help. You can create a small box within the camera’s field of view and ask it to find moments when motion occurred within that area. The search results will show up as composite images of motion events that took place, so in addition to getting a visual overview of what happened, you can hover over it, select it, and then see the entire motion event. At that point you can download the composite image and share it with the necessary people, or click “Play Video” and it will hop to that point in the timeline so you can watch as a person or people walk into the small box you drew. In short, unlike a standard physical security system where you’re taking an extensive amount of time manually scrubbing through footage to find the moment you’re looking for, Meraki cameras make it super easy to find footage that matters thanks to tools like motion search.
When it comes to sharing footage, it’s important to remember that nobody except network administrators have access to Meraki security cameras. Admins can manually export footage and pass it on to others if desired. It creates an mp4 file that works via just about any kind of media player so nobody will have any trouble viewing the footage. If you want to give somebody access to a camera or cameras without granting them administrative privileges, there are camera-only admin permissions available. Somebody gets their own login, but only has the ability to do specific things on specific cameras. No footage can be downloaded or exported, just viewed to help ensure it stays secure and only the right people can access it.
A Meraki camera is more than just a security device. It’s a sensor in your environment that can give you more data than just what’s happening in a particular area. There’s an analytics tab available in the Meraki dashboard that includes features like people detection, which provides information about how many people entered a frame, how long they stayed there, and what was the maximum number of people that stood within the frame at any given time. There’s a timeline that marks every time a person enters a frame, and a per-minute heat map that you can click on and jump to a specific moment to get a better idea of why it counted that many people. Object detection beyond just people is also under development.
Retail shops can benefit from these analytics so they can determine how many people are coming in and out of their store and when. Alternatively, organizations can find out where people are spending their time while inside a building. If there’s an area of a museum or warehouse that’s not being visited or used very often, maybe things need to be moved around or the layout should be reconfigured to improve foot traffic. Businesses preparing to start construction on a new location can also use the cameras to analyze how they’re using their current location and what can be done with the design to ensure the most effective usage of the space. These are things IT managers can send to the COO of the company and assist with whatever is being planned, going beyond simple security footage for incidents and police reports.
The data collected from Meraki camera analytics can then be leveraged for third party integration using application programming interfaces (APIs) via Cisco’s DevNet portal. These are applications created by outside developers from other companies that you can license or purchase to use in conjunction with your cameras. For example, a company called Secure has built their own dashboard that combines physical door badge security and Meraki cameras for people detection and motion events. When a person uses their ID badge to access a secure space, a screenshot from the door camera gets sent to administrators and a video of the event gets downloaded so you know exactly who badged in and when. If you want analytics data from your Meraki cameras to be exported so you can monetize it, that requires an additional license available using MV Sense. It’s an API similar to Meraki Insight and only available as a per-device license, so you would need to select which cameras can send data to whatever collector you might be working with.
There are plenty more features and uses for Meraki cameras beyond what has been detailed here. If you are interested in learning more about Meraki cameras or would like to request a trial to see how they are compatible with your organization, please contact Sentinel.
Protect Your Local Government and School District from Cyber Attacks
By Dr. Mike Strnad, Sentinel Strategic Business Advisor
As the number of cyber attacks continues to rise, small towns, districts, and municipalities have become just as likely to be targeted by hackers as larger cities. For every massive security breach that's taken place in a major metropolitan area like Baltimore and Atlanta, there have been many more in areas like Lake County (indiana), Fargo (North Dakota), and Naperville (Illinois).
The local governments and school districts in these smaller cities and towns are easier targets because they often don't have the proper budget or personnel to properly protect their sensitive data. It's how 51,000 students and staff from the Indian Prairie School District all had their personal information exposed in a recent breach. That’s just one recent example from the thousands of ransomware and other cyber attacks that have taken place in the first half of 2019.
The fallout from these security incidents tends to be catastrophic on multiple levels. In a ransomware situation, many government and educational institutions wind up paying exorbitant amounts to regain access to their encrypted data. This is money they don't have or that's already earmarked for other things intended to benefit local citizens and students. Plus, it helps ensure they can't afford to spend additional capital on quickly improving their security posture for the future. People also expect their personal information to remain safe in the hands of a government or school district, so when a breach occurs and that information gets stolen, it marks a significant violation of trust that's nearly impossible to recover.
Sentinel wants to equip your organization with the right training and solutions to fend off cyber attacks and avoid breaches. It starts with our Advisory Services team, who can run assessments and tests to uncover the gaps or weak points within your environment. We also offer security training for employees, because so many attacks succeed due to user error. These are relatively inexpensive ways to improve your security posture.
The Sentinel team has more than 2,300 technology certifications, many of them in the security field. We also specialize in government, education, and healthcare organizations no matter how large or small they might be. In addition to our many security solutions, Sentinel also offers 24x7x365 security monitoring through our Security Operations Center, plus network monitoring, maintenance, and support via our Network Operations Center. Our goal is to ensure customers can innovate and achieve growth while keeping their data, employees, and other assets safe.
If you are interested in learning more about Sentinel’s Advisory Services or SecuritySelect offerings, please contact us!
The Importance of Identity Management and Two-Factor Authentication
By Mark Combs, Sentinel Strategic Solutions Advisory
If your organization is looking to either refresh or expand its security posture, identity management is the perfect place to start. A lot of companies have either already invested in Microsoft Office 365 or are planning to transition into Office 365, and if you fall into either of those categories I hope you have some sort of two-factor authentication in place. Leverage your Microsoft tools and investments with a two-factor authentication product like Duo for proper identity management. If you don’t, it’s not a matter of if a breach will occur within your environment, but when. You are 100% going to get your email accounts compromised at some point in time. It’s just going to happen. Insider threats are just too great. One of your users will accidentally click on a phishing attack or have their password stolen. Passwords like Summer2019 or Winter2018 might meet most password complexity requirements, but they’re easily guessable.
As part of a standard Sentinel pen test, I download billions and billions of usernames and passwords from the dark web. They’re out there and available to just about anyone if you know where to look. Most people use the same password across multiple accounts for things like Google Docs, their online banking portal, and their corporate network. Users are relying on the security of those companies to keep that information safe. But maybe you download a white paper from a questionable site and it leads to your account getting compromised. Your passwords get leaked onto the dark web and wind up in my database. During the pen test, I can search through customer names on the database, and find their email and password. Maybe their password was abc123, then abc1231, then abc1232, and that’s clearly a pattern, right? So even if the compromised passwords listed on the database are no longer current, it’s not difficult to come up with ideas as to what the newest password might be. I’ve been extremely successful in pen tests only using that dark web password database to gain access into Outlook web accounts. Once I get into someone’s Outlook web account, I can then look at other protected sites they visit and reset those passwords because the “Forgot Password” link gets sent to the email account I’ve already gained access to.
Even when Sentinel does something like an Active Directory assessment, we’ll still check to see how many user passwords for Active Directory have been compromised. Recently we completed an Active Directory assessment for a school district where we walked in on the first day and were able to access 15,000 user accounts using the stolen password database. So we essentially had 15,000 different paths to try and figure out how to move laterally through their network. As another example, I did a pen test recently at a small company where the head of Human Resources was also the Chief Financial Officer. So she was dealing with highly sensitive information on a daily basis. Her password was listed in the stolen password database. Once I got into her account, it was pretty much game over for the entire company just because of all the access it gave me.
These and many more reasons are why secure identity management is so incredibly important. If your organization uses two-factor authentication, it provides a second line of defense against stolen passwords and requires users to approve account logins via a separate device such as a personal smartphone. A user can decline to authorize a login via their device and prevent an attacker from gaining access to their account. That same user can then change their password to ensure the attacker can no longer continue to exploit it.
If you are interested in learning more about how Sentinel’s penetration tests, security assessments, and two-factor authentication solutions can help protect your organization, please contact us for additional information.
Sentinel's August Event Calendar
Sentinel’s “Always Leading” approach means that we keep a close eye on trends and new developments throughout the IT industry and pass that knowledge along to our customers so they can make the most informed decisions when it comes to their technology investments.
One of the ways we like to keep our customers educated is by hosting events. Not only do events provide an opportunity to learn more about a specific topic or solution with some of our experts, but they also allow us to get to know our customers and their needs better while building a stronger relationship. No matter if you’re a long-time Sentinel customer or are brand new to us and have never attended a Sentinel event before, we’d love to see you! Here are some fun and interesting events we have coming up over the month of August. Please visit the Events page on our website or click the individual event links below if you would like to learn more and RSVP!
Wednesday, August 14
SD-WAN and Cisco DNA Lunch and Learn [Register]
We're very excited to host a lunch and learn for our Chicago area customers at Gibsons Steakhouse in Oak Brook, where there will be a special presentation and demo focused on SD-WAN and Cisco DNA.
If you're not already familiar with SD-WAN (software-defined wide area network), now's the time to start learning more! It's become an increasingly popular solution for organizations eager to build a next generation network able to accommodate the complexity and high demands of today's cloud, application, and mobile-centric environments. SD-WAN can simplify the management of your network, improve the overall user experience, and increase security, all while lowering operational costs.
SD-WAN plays a central role in Cisco DNA (Digital Network Architecture), which is an open, software-driven platform designed to learn and adapt as the needs of users and the business change. It combines policy, automation, artificial intelligence, and analytics to simplify and scale operations as needed while protecting against attacks and the steady decline often associated with similar software. The goal is to unlock the full potential of your network and foster growth and innovation for the future.
Tuesday, August 20
Multicloud Topgolf Event [Register]
Many organizations are still just getting started on their cloud journey, so the mere idea of multicloud probably seems like things are going too far, too fast. We totally understand that, and want to help provide some clarity and insight into the world of multicloud with a fun event for our Chicago area customers at Topgolf in Naperville.
If your organization has more than one public or private cloud deployment from different vendors (for example, AWS and Azure), then you're already working from a multicloud environment. Some Software as a Service (SaaS) solutions such as Office 365 and Salesforce also have their own separate clouds as well. So how do you manage and secure multiple clouds while maintaining compliance and financial control? How can tools like automation help create additional visibility into your overall infrastructure? Sentinel experts will explore this topic in-depth so you can find the right path to streamlining and optimizing your cloud operations.
Thursday, August 22
Flashstack Converged Infrastructure Webinar [Register]
Sentinel partners Cisco and Pure Storage teamed up to create a new converged infrastructure solution called FlashStack. We're very excited to host a webinar so our customers from around the country can learn more about this highly agile and innovative platform. FlashStack essentially takes some of the best features from Pure Storage and Cisco (computing, network, all-flash storage, virtualization) and combines them into a single, integrated architecture that improves time to deployment while lowering costs and deployment risk. If you're looking to transform your infrastructure with a streamlined and flexible solution that fully supports all types of applications and cloud services, definitely join us for this one!
Of course, if you're unable to make any of these events due to timing or location, please don’t hesitate to contact us if you'd like additional information.
A Closer Look at Tetration
By Mark Combs, Sentinel Strategic Solutions Advisor
One of the hottest topics discussed at Sentinel’s Security and Multicloud Summit last week was tetration. In case you’re not familiar, tetration provides workload protection for data centers, cloud, and multicloud environments through the use of segmentation. It gives IT departments greater visibility throughout their infrastructure, enabling them to reduce the attack surface, detect software vulnerabilities, and identify security incidents faster. Here’s more information from Sentinel Strategic Solutions Advisor Mark Combs:
Tetration plays an important role when troubleshooting within your environment. Say you work at a healthcare organization and they’re having an issue with the Epic medical records system that quickly becomes a crisis. An Epic server is talking to who knows how many different network servers. You don’t know if it’s just this one Epic server talking to this one database, or if it’s a larger network issue. Thanks to the application dependency and mapping tools that are part of tetration however, you can figure out exactly which workflows are talking to which servers, which helps with troubleshooting. So whether you have an Epic issue or a database issue, you’ve got a better idea of what’s causing slowness or other complaints about an app.
The primary purpose of tetration is to help with security throughout your environment. One of our customers recently went through a ransomware attack. Every domain controller and all their backups were completely encrypted by this dangerous ransomware known as Ryuk. But the attack actually originated with a phishing attempt using malware known as Emotet. A user opened up an email attachment that looked normal, and didn’t even know they had been infected. Once Emotet had access to the user’s system, it began to set up secure tunnels over SSH and 443. Once those outbound connections had been built, it downloaded the Ryuk ransomware onto multiple PCs and spread laterally to encrypt the entire network from there. Since we’re all well past using Windows 3.1 where there was file sharing or mapping drives between PCs, there’s no reason why a laptop should be mapping server message block (SMB) shares to other machines. We use file servers and cloud for those things today. Tetration detects those sorts of anomalies on your network and stops them from spreading. If our customer had a product like tetration, maybe one or two of their servers would have gotten encrypted, but the Ryuk ransomware wouldn’t have been able to spread laterally. The damage would have been very controlled and mitigated in that aspect.
It is one thing to be able to see which server is talking to which workflows on your network, but tetration also offers insight into a number of other areas: What process owns what port? What is the root cause of a specific network communication? Who installed that software? Why is that software running there? What is that software’s purpose? Does this process need to be talking to this server? These are the sorts of things that can start a discussion and lead to network and infrastructure improvements. If nothing else, tetration is useful as a tool to better understand what is happening inside your organization.
Tetration is not just limited to on premise environments, it extends into the cloud too. No matter the location of your infrastructure elements, they need to communicate with one another and you need to be able to access your workloads. There could be portions of your on premise environment that have no business talking to your workloads in the cloud. Would you notice that? It’s a problem if you don’t know that someone is spinning up a bunch of virtual machines (VMs) in your environment automatically. Use tetration to gain greater clarity and control throughout your environment, so you can uncover and stop any issues or attacks before they have the chance to cause significant damage to your organization.
If you would like to learn more about tetration and how Sentinel can help keep your environment secure, please contact us.
A Preview of Sentinel's 2019 Security and Multicloud Summit
This Thursday, Sentinel and Cisco will be hosting a security and multicloud summit for our customers at Arlington International Racecourse in Arlington Heights, IL. A few of Sentinel’s subject matter experts will be on hand to share details about the latest security innovations and trends designed to keep users and sensitive data safe. Those in attendance will also have the opportunity to learn more about multicloud and how it can help foster business growth in new and exciting ways.
There will be a Q&A portion so people can address any specific technology needs or concerns they might have, as well as a “Vendor Row” where partners including Cisco Security, Meraki, Attivo, Cloudian, and Varonis will have tables with information and maybe even a few giveaways. It’s one of our biggest events of the year, and we hope you can join us! If you’re unable to attend or simply need a little extra motivation to RSVP at the last minute, here’s a preview of some things we’ll be talking about:
Cloud adoption continues to accelerate for businesses of all types. Interest in Infrastructure as a Service (IaaS) is expected to grow more than 25% over the next five years, while overall public cloud investments will increase by 18% across the globe during that same time period. As public cloud spending balloons to around $370 billion, around 40% of that will go toward various different Software as a Service (SaaS) solutions such as Salesforce and Dropbox. Multicloud is simply when you have portions of your environment hosted in more than one type of cloud or through more than one cloud vendor. For example, if your IaaS is hosted via AWS and your Office 365 is hosted via Azure, that qualifies as a multicloud environment.
When organizations invest more in public cloud services such as IaaS they also need to ensure the data and workloads being stored there stays secure. Gartner has adopted the term “cloud workload protection platforms” (CWPP) to describe these emerging security solutions designed specifically for public cloud IaaS. Cisco Tetration and Microsoft Azure Security Center are two examples of CWPPs, which provide enhanced visibility and control management across all types of cloud and multicloud environments. Overall CWPP capabilities vary depending on the specific vendor, but most include system hardening, host-based segmentation, system integrity monitoring, vulnerability management, and application whitelisting.
No matter where your organization is at currently with its cloud or multicloud posture, Sentinel wants to help ensure you have the right solutions to optimize and secure your environment. Our Advisory Services offer a variety of cloud-focused engagements designed to keep your IT team on the path to growth and success, including strategy development, readiness assessments, workload consulting, governance reviews, as well as security analysis and training. Many of these things can be tied to Sentinel’s Advisory Impact Methodology (AIM), a four-step approach focused on aligning technology with business processes to achieve specific goals.
This is just a quick snapshot of what to expect at Thursday’s security and multicloud summit. If you’re planning to attend, we’re excited to see you! It’s going to be a very fun and informative day. If you can’t make it to the event but are interested in learning more about the latest developments in security and multicloud technologies, please contact us for additional information.