Most everyone understands that an annual physical checkup is the best way to stay fit and guard against potentially harmful illnesses. Or that taking your car in for periodic tune ups is the most effective way to ensure your vehicle runs reliably over the long haul. The same concept applies to your IT infrastructure.

IT leaders striving to protect their organizations from outside threats are increasingly looking to optimize their security with a centralized integrated management system based on open architecture. A centrally managed approach makes the enterprise security infrastructure more agile, effective, and proactive. It improves the efficiency of security teams and drives down the overall costs of security management.

Increasingly, organizations have turned to McAfee’s ePolicy Orchestrator (ePO) as their centralized security management platform. While that’s a good start, you need to be vigilant in ensuring your ePO is providing the threat defense you need. The best way to do that is with a comprehensive ePO health check.

DG Technology’s ePO Health Check Service provides an analysis of your existing ePO environment to make sure it is operating effectively and to identify any possible misconfigurations. When configured and deployed correctly, your ePO delivers a coordinated, proactive defense against malicious threats and attacks, and helps keep protection up to date.

Reducing your attack surface

A health check often results in “quick wins” that reduce your attack surface and capture some payloads and techniques that hadn’t been identified before. The checkup covers the ePO console, associated ePO components, Virus scan (VSE), and Intel Security Encryption.

The key tasks performed during the check include:

In addition, you will get a complete review of your existing ePO deployment, defined best practices for AV policies, complete documentation of your ePO configuration, and identification of any pain points or non-functioning features.

Provides a go-forward road map

Following the checkup, you will receive a detailed roadmap to help you move forward and ensure the stability of your security infrastructure. The report will identify your bandwidth utilization by Web 2.0 applications, potentially risky applications and anonymizers, malware downloads, malicious sites, and bot-net activity, vulnerability exploits (IPS) and Advance Evasion Techniques, and a documented set of remediation recommendations.

You have taken an important first step by implementing McAfee’s ePO as your security foundation. Make sure it is still delivering the level of security you expect. Contact DG Technology to set up your free network security health check.

Most organizations have been vigilant about implementing security applications and procedures for their cloud-based endpoints and other components of their distributed networks. But what about the trusted, traditional mainframes that may make up much of your IT infrastructure?

In many cases, mainframes were self-contained within the organization and the traditional tight security surrounding them insulated them from outside threats to a large degree. But as businesses have begun integrating their mainframes into the connected cloud environment, they have become susceptible to the same threats as other elements of the network. Ensuring the same level of threat detection and protection for mainframes has therefore become a key concern for IT leaders.

You likely have event management technology in place to help you address and mitigate incidents as they occur from your distributed servers, network devices, or other endpoints. DG Technology has developed a solution that now incorporates your mainframe under the same security umbrella.

The Mainframe Event Acquisition System (MEAS) from DG Technology enables real-time collection of information involving security, database-related, and transaction events that could be threatening your mainframe. MEAS integrates with Security Information and Event Management (SIEM) technologies from Splunk, IBM, CA, Symantec, ArcSight, Dell, RSA, McAfee, and LogRhythm to enable you to collect, store, report, and initiate corrective action against threats to your mainframe data.

MEAS allows you to respond to mainframe events and leverage SIEM technologies to email or text the appropriate users to ensure security policies surrounding your mainframes are being followed.

MEAS listens for events on your mainframe within each LPAR, selecting only those required by the client. When a targeted event is detected, MEAS captures the event and details and converts the data to expose the event to your SIEM application. MEAS then documents a history of events in an SQL database which you can use to execute queries, perform event correlation, and send additional events to your SIEM software for action.

With real-time access to your mainframe events, you are better able to react to situations as they occur. There is no longer a need to run time-consuming batch jobs to search through your SMF data and wait a day to discover an event has occurred. MEAS immediately notifies you when a potential negative event is happening allowing you to act fast to prevent a negative impact on your security and compliance requirements.

As your mainframes begin to play a more prominent role in your connected network, you need to increase your visibility and security protection. MEAS can provide that layer of protection.

Contact DG Technology to see how the MEAS solution fits into your overall security plan.

An out-of-the-box anti-virus solution no longer works for enterprise security. Employees are working outside of firewalls with multiple, connected devices that rely on web applications to deliver operational efficiency. Even when devices work inside the firewall, vulnerabilities exist that may not be reflected in a governance plan. Because different business departments require an assortment of apps, services, and devices to meet business goals, macro and micro level endpoint solutions are required for complete systems safety.

If you haven’t adopted or evaluated your endpoint solutions recently, here are 6 reasons why you should today.

Anti-virus Solutions Are Frustrating for Your Enterprise
48% of technology and process managers report that their current anti-virus solutions hinder the performance of their endpoint systems. When anti-virus software is seen as a challenge, it’s less likely to be adopted and embraced across your enterprise. In addition, traditional signature-based AV solutions no longer protect organizations from advanced threats.

Enterprise Management Still Isn’t Happy with Endpoint Response
Endpoint detection and response is a critical component for subduing and eliminating security threats. It’s also can be the most frustrating. Endpoint solutions need to be familiar and flexible to information security professionals and a range of employees who aren’t information security experts. Unfortunately, most endpoint solutions aren’t configured and deployed with the non-infosec professional in mind. This leads to only half of enterprise organizations report being satisfied with endpoint detection response.

Endpoint Ignorance Still Causes the Most Damage
Employees are likely to be the primary cause of security breaches. Employee negligence in following outlined security practices is the most probable cause of a cyber breach, but ignorance shouldn’t be ignored, either. Endpoint security products evolve parallel to the intelligence and capabilities of new system threats, causing each iteration of your security product to be more complex than it was before. Employees can get caught up in this confusion when trying to follow your security protocols. Attackers are also aware that employees are likely to let the breach in, and their methods of choice reflect that opportunity.

Mobile Endpoints are Fast Growing and Unsecure
Mobile devices empower enterprises to scale their operational reach by deploying fully connected remote workers. However, there is a clear, and often unrecognized, tradeoff between mobile scalability and security. Many information security professionals struggle with securing mobile devices. In some cases, the enterprise may allow remote workers to use their own devices across potentially unsecured networks. But even if devices are owned by the enterprise, information security departments may not be able to justify a budget increase or budget reallocation to secure mobile infrastructure.

Your Endpoint Governance Plan May Not be Responsive
Endpoint governance plans often aren’t updated fast enough to combat smarter and more frequent cyber attacks. The end result is an outdated governance plan that is difficult to follow and even more difficult to enforce. The different layers of processes and operations that make up your enterprise may also find an endpoint governance plan to slow down core operations, putting untrained managers in the difficult situation of deciding when business reward outweighs the potential risk.

Endpoint Security Products Aren’t Consolidated
Your enterprise most likely purchases multiple endpoint security products from multiple vendors, leading to increased management costs and lack of cohesive oversight of total endpoint security. Products sourced and licensed through different vendors tend to cause endpoint performance issues. Even worse, the products essentially work in isolation, reducing the effectiveness of your security policies and leaving your system open to the individual flaws of each solution, and the inefficiencies caused by lack of synergy.

Total Endpoint Security With DG Technology
Cyber criminals want nothing more than to disrupt your system and compromise your data. Individual endpoints are there way in. Enterprises need an endpoint security solution that quickly adapts to the methods used by cyber criminals. From malware to ransomware, DG Technology can secure your endpoint with a single solution that offers preventative layers of security, forward-thinking insights, and rapid response options.

Contact DG Technology today for your endpoint security assessment.

Malware threats continue to be a major source of concern for business leaders. According to a report from Nationwide, nearly 60 percent of small businesses have been victims of a cyberattack over the past year. Even more startling, most weren’t even aware that they had been breached. These attacks include computer viruses, phishing scams, Trojan horses, hacking, data breaches, and ransomware.

The report also says lack of preparedness was a significant issue for the attacked businesses with more than half saying they didn’t have a dedicated employee or vendor monitoring for cyberattacks.

Malware and threat detection is a key to preventing the theft of intellectual property and customer data as well as reducing the cost and efforts of dealing with attacks. Higher threat detection effectiveness increases the speed with which you can detect, block, contain, and remediate threats. It reduces false positives which allows staff to better focus on real threats.

There are three key areas to focus on as you implement your Malware defense plan.

Endpoint Security

The best way to defend against Malware is to stop it before it gets into your system. That requires setting a foundation of integration, automation, and orchestration of both your consumer and enterprise endpoints. The key is using a single agent architecture that breaks down silos between isolated capabilities to enhance efficiency and protection. A single platform that combines firewall, reputation, and heuristics with the latest in machine learning technology is the best way to stop zero-day malware before it can infect your endpoints.

Data Center Intrusion Prevention

Effective network security means continually evolving to mean the advanced attacks you now face. Protecting against dangerous intrusions requires intelligent threat prevention with intuitive security management. The most effective threat prevention relies on next generation inspection architecture designed to perform deep inspection of network traffic while at the same time maintaining line-rate speeds. The ideal platform combines full protocol analysis, threat reputation, behavior analysis, and advanced malware analysis to detect and prevent known and zero-day attacks on your network.

Mobile Security

As more organizations move to a mobile workforce, more people are connecting to your network from home computers, laptops, tablets, and smartphones. Theft of mobile devices and malware targeted specifically for remote devices is on the rise. Your security plan must incorporate ways to prevent hackers from using them as unauthorized portals into your system. The most effective mobile security includes kernel-level security extensions that helps block and secure devices from malware delivered through malicious applications and websites while minimizing impact to performance and conserving battery power.

McAfee has been awarded the AV-Test Best Usability Award which is given annually to the most user-friendly enterprise-class product for defending against malware threats. The award is largely based on minimizing false positives while still protecting the endpoint. Contact DG Technology to discover how you can leverage McAfee’s award winning suite of security tools to protect your business from dangerous malware.

Increased breaches and growing threats have put data protection at the top of the list of IT leaders’ issues list. Governments around the world are joining the fray by mandating data security safeguards for businesses. One of the most prominent is the E.U. General Data Protection Regulation (GDPR) which is set to take affect for the 28 E.U. member countries in May of 2018.

The GDPR will certainly drive implementation of tighter controls surrounding data security, but compliance with government regulations is not the only reason organizations are stepping up data security. Business leaders are beginning to recognize that not only is protecting customer data good policy, when handled effectively, it can also be a competitive advantage.

According to a report from McAfee developed from a survey of 800 senior business professionals across eight countries, nearly three out of four respondents can quantify the value of security to their business and are using data protection to attract new customers.

Here are four ways enhanced data protection can be a competitive advantage.

Increased client trust

With news of another breach breaking nearly every week, people are increasingly worried about the security of their data. Being able to demonstrate how your organization is taking extra precautions to protect their data could end up being a differentiator when it comes to buying decisions.

Improved data analytics

More companies are now using Big Data to evaluate their businesses and make decisions involving product development, customer service, and organizational efficiency. With clean, secure data, you can be confident that the results coming from your analysis efforts are accurate and can be relied on when making key decisions.

Enhancing the business culture

The McAfee report points out that an ancillary benefit of effectively securing your data is helping to establish an ethical approach to business. This perception can be important when it comes to not only attracting new customers, but in finding and acquiring talent that can help your business thrive. The millennial generation in particular is more interested in working for companies that feature those types of values.

Tightened IP Security

Most businesses operate today in fiercely competitive environments. A properly secured data environment protects not only customer data but valuable intellectual property information as well. Keeping proprietary data from falling into the wrong hands can help ensure that you stay ahead of the competition.

As a McAfee Partner, DG Technology has deep expertise in architecting, implementing, and supporting integrated security solutions leveraging the McAfee product portfolio. To learn more about how DG Technology and McAfee can help you secure your data and provide you with a competitive advantage, check out our Enterprise Security Solutions.

There is incredible value in taking a ‘back to basics’ approach to endpoint security. Focusing efforts on the fundamental aspects of security helps create a rock-solid, network foundation without the costs associated with procuring new hardware or software.

In the previous two articles, we discussed the importance of network visibility and data protection, that is, knowing exactly what’s on the network from servers to endpoints to data, and how to protect critical data with backup and recovery. The third tenet of a back to basics approach involves user roles.

Today, users are often on the front lines of the cybersecurity battle because they are some of the easiest targets. Instead of attacking a complex software vulnerability, using social engineering techniques, hackers can create extremely convincing email messages to users, which contain files designed to infect machines with malware or links to compromised websites used to extract information.

IT can help protect vulnerable users and secure data from social engineering and malware by placing a strong emphasis on assigning proper roles to each user – and removing administrator privileges – so that malware cannot be executed.

How account management helps

Typically, when a device becomes infected with malware it’s because the malicious code was able to be executed on a machine with administrator privileges or exploited a vulnerability. It’s much simpler to target user machines and hope they have right level of privileges rather than try to exploit an advanced (and unpatched) vulnerability. In fact, when leveraged by cyber criminals, user privileges can act as a key vulnerability, granting intruders access to execute malicious software and gaining a foothold for a larger attack. Limiting user privileges on company hardware helps keep networks safe because it can help limit the scale of potential breaches, isolating them to a single device, or hopefully prevent them before they even start.

It goes without saying that in highly regulated environments such as the public sector, controlling user privileges should be a top priority. However, this basic IT function should not be overlooked by other organizations.

Make the most of your IT team’s time

In a recent McAfee Labs Threat Report, 67 percent of organizations indicated they had seen an increase in attacks and 93 percent reported they were unable to triage all relevant threats, a clear sign they are overwhelmed by the sheer number of security incidents. The recent Intel Security Cloud Report also suggests there is a shortage of security professionals, with 49 percent of organizations saying they had slow adoption of cloud services because of a lack of security skills.

A back to basics approach to security can help ease the burden of a rise in security incidents on IT teams by preventing many issues from happening. From network visibility to data protection and user management, the three tenets of this approach focus on the fundamentals of a secure enterprise network.

A fourth pillar: education

In many ways, education is just as important as network visibility, data protection and user management, but it is often a longer-term project. Teaching users about security best practices is an excellent preventative measure and worth the investment, because users can help identify sensitive data, and help prevent breaches.

Educating users in security best-practices is also an ongoing, long-term strategy and requires executive-level support to be truly effective, but is a worthwhile pursuit.

Get back to basics with DG Technology

In this three-part blog series, we’ve identified the three fundamentals that every security strategy should get right: network visibilitydata protection and backup and user management. Now, get the right security strategy in place for your organization with a complimentary consultation with DG Technology’s team of security specialists.

It cannot be overstated: a “back to basics” approach to system security can reduce the number of administrative tasks and improve the overall security of an organization’s network. Those in charge of managing the day-to-day IT operations or C-level strategy for IT can often be in reactive mode – especially in the wake of a security incident – which can lead to a constant feeling of being overwhelmed and unnecessary purchases.

Going back to basics is about making sure priorities are focused. For example, instead of trying to protect every device on a network, organizations should focus on data protection best practices. Data protection through backup and recovery is an essential best practice and if the worst does occur it can make all the difference.

Identify prime backup targets

Data protection is not a ‘set-it-and-forget-it’ type of function. Often, it’s a complex undertaking that requires many steps. However, it’s a critical, basic IT function that comprises one of the three fundamental pillars of a back to basics IT security approach (the others being network visibility and account management).

When it comes to data protection, because many IT teams work in reactive modes they believe purchasing firewalls or attempting to protect an entire organization’s network using hardware or endpoint software is the best strategy. While there is value in threat prevention appliances such as firewalls, the first priority should actually be to understand where the most sensitive data on the network resides and how it should be protected (View http://www.dgtechllc.com/blog/why-you-need-a-back-to-basics-approach-for-network-security).

The first step in a data protection strategy should be identifying which data is most sensitive to an organization (beyond the requirements laid out by industry-specific rules and regulations). Tapping into the knowledge of users, typically employees, can be hugely beneficial. Users often know more about the data being used than IT simply because they are the ones consistently using it. This type of data identification can be especially beneficial when looking at unstructured data.

Create a backup and recovery strategy

Once sensitive data has been identified, the second step is to create a comprehensive backup and recovery strategy with scheduled backups of critical data. Most large organizations with an IT team will already have backup in place and a schedule for periodic backups. While it’s important to include any new sensitive information in a revised backup strategy, the emphasis for those with established plans should be on the recovery side (the next step).

The third step is to ensure backups are always tested. Many well-intentioned IT teams have very good backup strategies but fail to test their backups. If you can’t recover a backup, the entire exercise is unproductive. Backups must be reliable and easy to recover. It’s critical to perform routine tests of backups and if backups are encrypted it’s doubly important simply because in case of emergency – such as a ransomware attack – recovery of a previous backup could be the only solution.

It goes without saying that backups also need to be stored off-site in case of a physical security breach, fire or other natural disaster where hardware is lost. Having backups in multiple locations also increases their security.

Create a comprehensive security strategy

Data protection through backup and recovery is a basic IT function, one that most IT teams should already be performing, yet many backups go untested which can lead to disaster should they ever be called into service. With the abundance of unstructured data on most corporate networks, it’s possible that critical data also goes unprotected.

Creating an extensive backup and recovery strategy can protect you in case of an attack, and it does not have to be complicated. DG Technology helps you secure your critical data, appliances and infrastructure, from the mainframe to the endpoint. Schedule a complimentary consultation with DG’s team of security specialists and get started on a back to basics approach to backup and recovery.

Also, view our infographic on how to get back to basics with your cyber security program.

With the abundance of cybersecurity threats and vulnerabilities today, it can be tempting to see purchasing the latest security appliances and software as the light at the end of the tunnel. But even the most advanced network security system cannot completely secure an organization that has not built its security strategy on the fundamental best practices.

In fact, instead of rushing to vet the latest firewalls or buy licences for endpoint protection, IT teams should go back to basics. Specifically focusing on three basic tenets of a strong baseline security strategy: visibility, data protection and user management. Beginning with visibility, we’ll discuss each of these in a separate blog.

Why back to basics?

In a recent McAfee Threat Report (December 2016), 26 percent of security practitioners acknowledge operating in a reactive mode despite having a plan for a proactive security operation (https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-dec-2016.pdf). In other words, it’s hard to keep up with the sheer volume of security concerns. From data breaches to ransomware, for those in charge of locking down networks it seems as if there is no escape from the cyberthreats of our modern, connected workplaces. With many security vendors offering network appliances and security software that promise to protect data, it’s easy to feel like the only way out is to “spend to secure.” The trouble is IT budgets (let alone security budgets) are already limited. Getting back to the basics – addressing the fundamental pain points of most networks – can help stretch budgets, create efficiencies and build a more secure IT environment overall.

Know your network

The most basic aspect of securing your network is knowing exactly what is running on it. Being able to identify every system and application is essential to providing comprehensive security. In other words, if you don’t know what’s supposed to be on the network, there’s no way to completely secure it. Good visibility means being able to see the logs coming from the systems and knowing everything is configured correctly.

Increase simplicity

The more devices and applications running on a network, the more difficult it is to track down potential vulnerabilities and the harder it becomes to identify threats. Today’s networks are complex, especially given how likely organizations are to be deploying public, private or hybrid cloud environments, so without exceptional network visibility, security is a challenge. Having visibility into the entire network increases the ability of IT to respond to any potential threats.

Reduce downtime

IT’s ability to see the network it needs to manage can be a difference-maker, not only for security management but in maintaining network availability. High visibility is critical to troubleshooting and resolving any potential issues that could arise and lead to network downtime. Maintaining network visibility therefore becomes not only a good IT security decision, but a strong business decision as downtime can mean lost revenue.

Support your existing security investments

Network security appliances and tools are only able to protect what they know is out there. Without network visibility, it’s impossible for existing security tools to be as effective as possible.

The first tenet of a best-in-class security strategy is network visibility. Knowing exactly how a network is set up helps IT respond to the ever-changing threat landscape, allowing administrators to protect networks with much of the same agility potential attackers use. In this way, visibility is not only about security, it’s about IT performance.

Look for upcoming blogs that address the next steps in the back-to-basics approach: data protection and user account management.  Also, view our infographic on how to get back to basics with your cyber security program.

Ready to have DG help you get back to basics? Contact us today and schedule a complimentary consultation with our team of security specialists.

Today’s cybersecurity threat landscape is constantly changing. With IT budgets stretched to the limit and new threats emerging every day, it’s essential for organizations to ground their technology use with security best practices.

DG Technology recommends implementing a “back-to-basics” cybersecurity program to mitigate common threats. Described in the infographic below, IT should focus on the three pillars of visibility, data protection and user management. This three-phase approach addresses many of the most common security concerns without the need to increase IT budgets or procure new, expensive security appliances.

Underpinning these three pillars should be a commitment to education. Users are on the front lines of the cybersecurity and teaching them the basics of security – from identifying potential threats to safe browsing techniques – can be an effective means of protecting critical data.

Get started implementing a back-to-basics cybersecurity program by contacting DG Technology.

 

On May 12, 2017, the powerful WannaCry ransomware infected more than 300,000 computers in over 150 countries in less than 24 hours. Six weeks after the WannaCry attack, a variant of the ransomware called Petya arrived on the scene and began to spread rapidly.

WannaCry uses command-line instructions to quietly delete any shadow volumes, delete backup catalogs, and disable automatic repair at boot time. With the backups gone, it writes itself into tasksche.exe or mssecsv.exe in a randomly generated folder and gives itself full access to all files. Petya overcomes some of the safeguards put in to battle WannaCry such as stealing administrator credentials with a password dump tool to run wmic.exe to execute the malware directly on a remote machine.

The McAfee Labs Threats Report: September 2017 outlines several best practices to defend your organization against these two insidious malware threats.

Be vigilant in your software and file management

WannaCry and Petya exposed the continued use of old and unsupported operating systems and lax patch-update processes followed by some organizations. Set up a rigorous program to maintain and update your software applications, particularly those involved with your operating systems. It’s also a good idea to regularly backup data files and verify network restore procedures.

Impose key restrictions

Since ransomware is usually designed to run under well-known operating system folders, restrict code execution to prevent it from reaching them and blocking it from encrypting data. You should also restrict administrative and system access which can create an extra layer of protection by preventing malware from using default accounts to perform their operations. Consider removing local administrative rights to prevent ransomware from running on a local system. This will also block access to any critical system resources and files that ransomware targets for encryption.

Implement strict email policies

Securing email communication is key to preventing malware from infecting your system. Filter email content to limit spam emails and reduce the potential for attacks. Block attachments to reduce the attack surface. Implement a policy that restricts certain file extensions from being sent by email. Analyze those attachments with a sandboxing solution and remove them with an email security appliance.

Always be monitoring

Continually monitor and inspect network traffic to help identify abnormal traffic associated with malware behaviors. Use threat intelligence data feeds to help detect threats faster.

Conduct ongoing training

Ransomware often infects a system through phishing attacks using email attachments, downloads, and cross-scripting web browsing. Educate your network users on the dangers of malware threats and things to look for to guard against allowing an attack.

DG Technology is a certified McAfee partner and can help you leverage the full line of McAfee security solutions. Contact DG Technology to learn how we can help you implement an integrated approach to defense against malware and ransomware.