Last month during our Security Summit event at Arlington International Racecourse, several experts from Sentinel and our partners at Cisco, Attivo, AlienVault, and Duo gathered together to answer some interesting questions about security from any customers in attendance. Here are a few of the questions that were asked, along with the answers given by our panelists.

If you’re at a business (such as Starbucks) or public place that offers free wireless internet and want to use it for your device, how do you avoid accidentally joining dummy wireless networks set up by hackers intended to look like the real thing?
Create a Virtual Private Network (VPN) if you can, as it will encrypt all of your traffic. Train your employees on how to identify fake wireless networks and protect any corporate devices from becoming compromised when they are not on your network. There should be a “splash” page on any free wireless network to let you know you’re connected, so be sure to look for that along with the domain name to help confirm it’s legitimate.

What percentage of your overall IT budget should be spent on security?
Security takes up an average of 11% of the IT budget for most organizations, but it depends on the industry and type of data you’re protecting. Do a risk analysis with Sentinel to determine the value of your data and the cost if it were stolen, then base your security budget on that.

Since many Ransomware attacks today also include the destruction backups so organizations have no chance to circumvent the process and recover their data, what would you recommend for backup security?
Sentinel’s Backup as a Service (BaaS) offers air gapped protection located off your network, so your backups will remain safe if an attack occurs.

What’s the difference between Umbrella and a web filter? Do you need both?
Umbrella has a web filter built into its architecture. It offers a variety of different security features to help protect your organization’s network and devices. For example, your endpoints remain protected by Umbrella whether you’re on the corporate network or not. Still, it might be a good idea to have both Umbrella and a separate web filter, just to ensure you’re identifying and stopping as many threats as possible. You should consult with Sentinel’s Advisory Services team to determine the best solution for your specific environment.

In three sentences or less, what should organizations be thinking about for the future of their security?
- Mark Combs, Sentinel Strategic Solutions Advisor – Regular assessments and advisory services will continue to increase steadily in popularity and performance. They help your organization to analyze risk and develop a strong security strategy.

- Rick Spatafore, Sentinel Advisory Services Manager – Follow best security practices to help protect your sensitive data. It doesn’t need to be tough.

- Odell Waters, Sentinel Senior Solutions Architect – AI and machine learning is the future. Start thinking about how to best integrate it into your environment.

- Bob Keblusek, Sentinel Chief Technology Officer – Make sure you’re fully aware of the risks to your organization, and talk to executives so they understand the importance of security.

- Bill O’Malley, Consulting Systems Engineer for Cisco – Security is a necessity. Have a strong policies in place and make sure to encrypt your data.

- Gregg Kalman, AVP of Sales for Attivo – Balance your security posture to protect from the outside and detect on the inside to prevent and minimize losses in the event of an attack.

- Adam Barr, Partner Relationship Manager for AlienVault – People, processes, and technology are the three most essential pieces to any strong security setup. Educate your staff about security measures, implement procedures to properly protect your data, and invest in the right solutions for your environment.

- McKay Brown, Account Executive for Duo – Passwords will soon be a thing of the past as biometrics (facial recognition, fingerprint ID) become part of standard login procedures for most devices and applications.

If you have any questions about your security, Sentinel and our partners have the answers! Please contact us and we’ll be happy to provide guidance and solutions as requested.

by Quade Kayle, Software Development Intern

Greetings reader, my name is Quade and I am an incoming senior at Carthage College. I hail from the lovely suburban town of Libertyville, Illinois, just about an hour outside of Chicago. I have been studying Computer Science at Carthage for three years now, and I am very excited to be finishing my last year with such a rigorous and well-developed program. This summer, I am employed as a software development intern at Sentinel Technologies.

It was a mid-afternoon in March when I received a call from Sentinel with an offer to spend my summer with them as an intern on their software development team. I jumped around my dorm room trying to contain my excitement. After I accepted, I let it set in that I would be spending a summer in Downers Grove doing what I love: development.

Development, however, involved more than just my fingers hitting the keyboard in repeated patterns to produce a desired result. To me, this summer was about development in a variety of ways: as an application developer, a young professional, a runner, and a human being. With support from my professors and mentors, I soon learned the ins and outs of the development process. Beyond that, I also picked up valuable life skills such as how to best manage my time, how to properly conduct myself in a business environment, and how to minimize my stress levels.

When I started at Sentinel we had orientation, where the first lesson was to be ready to learn every day. I hit the ground running by studying the many different applications and frameworks the company uses on a regular basis. That included ASP.NET, JavaScript, JQuery, Bootstrap, and a plethora of related tools. My intent was to start making an impact right away, but just like development, it was going to be a process. You need to know how to walk before you can run.

Once I was assigned my first project, things began to move very quickly. I was eager to see my project start from nothing and blossom into something truly great. One of my goals was to be proud of my work, and that was putting it mildly. I added in features and tried new and interesting solutions to problems that otherwise seemed impossible. My supervisors began laying out new prompts and additions to my projects, but as the list grew, so did my anxiety. I worried about how I was going to make it all work. But just as quickly as those thoughts came, they disappeared as I told my supervisors I’d get it done.

I am very fortunate to be blessed with supervisors that are eager to teach me as well. What I value the most from my relationship with them is they don’t feel the need to hold my hand and guide me through every little thing. Instead, they point me in the direction I need to head and then let me discover the path to get there. Their methods are incredible and I feel lucky to work with such strong leaders. The lesson I learned is a universal one: do not expect to be coddled. Situations just like this one are helpful for the development of my character. It's a very important lesson I will take with me forever.

Unfortunately, not all my days were personal journeys with valuable lessons to learn. Some days were the typical 8:30 to 5:00 day where I accomplished very little and felt very discouraged. I am driven by success, and on the days where I failed to achieve what I needed to, I would drive home quietly contemplating how I could have done better. The first couple of times this happened, I wasn’t sure how to react. I soon learned that this valuable time can be used for self-reflection and growth. Instead of neglecting my feelings, I wrote them down, went for a run, and thought hard about what made the day unsuccessful in my opinion. The day didn’t have to end at 5:00; I could always come up with an idea or activity to shift things in a positive direction.

While the bad days came, the amount of good days outnumbered them. I have been working on four different projects this summer, three of them being considered complete. A couple have been with another intern on my team named Ryan. My supervisor has to inspect them and prepare them for production before they can be used, but fortunately enough, I have already had one of my projects pushed to production! It is a wallboard that is displayed in different areas around Sentinel, and the day that it was pushed to production I got to see a real project I developed being put to practical use. It was a great feeling, and I am very excited for when my other completed projects get moved to production and are used by the staff at Sentinel. As an intern, it is rewarding know I am responsible for products that are being utilized.

My continuing summer project has been very rigorous, and as the summer goes on, my supervisors have asked me to add more and more difficult features. These have been great learning experiences, and each time I complete a feature, I am eager to complete another one. I refuse to stop until a feature is done. It’s almost as if you can accomplish anything if you are willing to work hard enough.

Each day there is a takeaway, whether it be learning how to drive in rush hour traffic or understanding how to conduct myself on a bad day. While my growth as an adult started when I stepped foot onto the Carthage campus, my internship at Sentinel is responsible for an incredible amount of exposure and discovery, not only professionally as a developer but as a young adult figuring out the world. I have a couple weeks left at Sentinel before my time is done here, but remain excited for the new lessons I will continue to learn.

Last Thursday, Sentinel held our annual Security Summit at Arlington International Racecourse in Arlington Heights, IL. We were joined by more than 100 of our customers, who came to learn more about the many different types of security solutions available to help protect their organizations, as well as get their most pressing security questions answered by our panel of industry experts. It was a great day, and we hope everyone that attended came away with a better understanding of the current security landscape and steps they can take to improve their own security posture.

In case you missed it or were unable to attend, we wanted to share a brief summary of some of the topics that were discussed and questions that were asked during the event. If you are interested in learning more about any of these things, please don’t hesitate to contact us. A special thank you to our partners at Cisco, Attivo, AlienVault, and Duo for their hard work and expertise that helped make this day a success!

Endpoint Security

-The top two attack vectors today are email and malicious websites. Hackers will send a targeted phishing email that looks like it was sent by a friend, family member, co-worker, or boss, which contains harmful content or links designed to infect your system or obtain key personal information.

-Regular assessments, at least one or two every year, are essential to make sure your security is doing its job. Penetration tests are strongly recommended as well.

-Sentinel strongly recommends organizations have at least two endpoint security solutions installed in their environment, such as Cisco AMP with Umbrella. Multiple endpoint security solutions create layers of protection, as each one looks at different aspects of the environment.

-Segmentation in your environment is of paramount importance. If you have a server farm, for example, segment it. Segment as many things as you can, because it makes it much more difficult for attackers to move around and gain access to sensitive data.

-You not only need security to identify and help stop threats, but also to remediate and patch after an attack. If you don’t currently have a patching cycle already in place, you are already in danger. There are new vulnerabilities emerging every day/week, and regularly patching keeps your protection solutions up to date.

Cloud Security

-A public cloud uses the resources of outside organizations (such as Azure and AWS) to store and operate portions of your environment. Your business won’t be able to manage and adjust every aspect of the public cloud, but above all else you need to maintain control over who has access to private and sensitive data. Private cloud is fully controlled by your organization, meaning all responsibilities are yours, including security and access to data.

-A strong cloud security posture should emphasize visibility so you who has access to what. For example, if an employee downloads a tool or app, they might agree to terms of service that includes access to their private accounts or email and not realize it. Proper cloud security is designed to spot these vulnerabilities and make sure nobody is granting permissions that can open your organization up to danger.

-Cisco Umbrella offers cloud security to help identify what other security products are missing. It is a great add-on for all types of environments, including Microsoft Office 365.

-Cisco Stealthwatch Cloud will monitor your cloud environment using behavioral analytics and keep an eye on any strange activity that deviates from standard operations.

-Cisco Identity Services Engine (ISE) controls endpoint access to the corporate environment. If a user tries to log in to your network using an unapproved, non-corporate device, they may be denied access out of concern that device may not be secure.

Security Assessments and Security Advisory

-Your organization needs a security strategy and roadmap. Assessments, gap analysis, and penetration tests are so important. Vulnerability scans help identify dangers in your environment.

-If your organization is PCI compliant, quarterly vulnerability scans are required, though Sentinel recommends monthly vulnerability scans. If you’re non-PCI compliant, your organization should get security and risk assessments at least once or twice a year.

-If an attacker obtains your system administrator’s username and password, your whole network is likely going down, because they can exploit that to gain access anywhere and cause catastrophic damage across servers and systems.

-Having a two-factor authentication system in place is very important to protecting access and preventing attacks from spreading. A platform like Duo verifies the identities of users and the security health of their devices before they are allowed to log in to your environment.

Security Incident Event Management (SIEM) and Security Operations Center (SOC)

-High costs and a lack of manpower are the two primary reasons why many organizations haven’t yet adopted a SIEM. Those that do are often overwhelmed with SIEM products, which have all kinds of alerts and false positives that take too much time and energy to go through.  Sentinel offers a managed SIEM option that is inexpensive and only sends important alerts and updates to your IT team to help improve the focus on the security of your environment.

-Sentinel’s SOC monitors your environment 24x7x365 to ensure your critical data remains secure. Once an alarm is triggered, our SOC works closely with your organization to help shut down the attack.

-Quarterly quality assurance meetings for our SIEM and SOC offerings enable the Sentinel team to talk with you about security incidents and make recommendations on next steps and ways to improve your security posture. Sentinel wants to help you achieve your security goals, even if it takes years to build, piece by piece.

-In the event your environment is compromised, Attivo offers deception technology that creates decoys and other lures for attackers to follow, pulling them away from your critical data and systems so you can minimize their access and any potential damage.

It’s no secret that at Sentinel we place a high value on our employees. Their unparalleled expertise, strong work ethic, and dynamic personalities help us maintain our status as an Always Leading IT solutions and services provider. We are proud of the work they do on a daily basis, and hope our customers recognize the Sentinel difference.

Kelly is an Advanced Regional Territory Coordinator for Sentinel, and has been a valued member of our team since 1995. She got her start in the Parts department, helping in our warehouse to supply Sentinel technicians with the pieces needed to fix broken or malfunctioning computers, printers, and other technology assets. A desire to learn more about how all of those different parts worked drove Kelly to advance her education by taking classes at a local college. That eventually led to a position where she was able to interact with customers in the field and actively participate in equipment repairs.

Beyond the various jobs she’s held during her time at the company, Kelly appreciates that Sentinel encourages employees to further their education and apply for positions they want internally. She views Sentinel as an extension of her own family, as everyone is willing to do what it takes to help you succeed and maintain a strong work-life balance. Learn more about Kelly’s experiences and find out her advice for women in the technology industry by watching her “My Sentinel Story” below.

If you are passionate, motivated, and interested in joining the Sentinel team, you can learn more about our corporate culture and browse our current job openings by visiting our Careers page.

As your IT department continues to get bogged down by an ever-growing list of new duties and challenges, finding the time to achieve innovation and other business technology goals has become an extremely difficult task. Sentinel wants to help make everyone’s lives easier with our Managed Services offerings. We handle day-to-day monitoring, maintenance, optimization, and repair of your environment to help improve system health, stabilize costs, and ease the burden on your IT team. Learn more about the unique benefits of Sentinel’s Managed Services via the infographics below.