Thursday, December 19, 2013

Keeping Your Systems Safe from Holiday Phishing Scams

It’s the most wonderful time of the year… for seasonal phishing scams and cyber campaigns. Unfortunately, the holiday season is prime time for cyber criminals. The increased volume of online consumers makes it ideal for cyber criminals to try and exploit those who are unaware of cyber risks so that they can gain access to their personal information.

Not only are people targeted at home during their personal shopping, but employees are targeted at work as well.  Unfortunately, everyone with an email account is a potential target for cyber criminals.  Their attempts are deceptive because the email looks like it comes from a legitimate source, say FedEx, but it is actually a scam to get their targets to open malicious attachments or follow links to fake sites. Once the employee has clicked or followed the link, they’ve enabled a security breach through which cyber criminals can capture corporate information.

Some common examples of holiday phishing scams include:
•    Carrier service delivery notifications
•    Requests to wire transfer money
•    Credit card application forms
•    Fraud alert notifications
•    Requests for charitable contributions
•    Holiday-themed downloads (screensavers, e-cards, etc.)

The best advice for employees trying to keep systems safe during the holidays is not to click on links or open attachments from any retailer. If the email is legitimate, you should be able to get the same information by directly going to their website and signing into your account. Also, advise them not to give out corporate information via email unless they are 100% sure of the source. The tiniest bit of doubt should stop them from sending the email, and finding an alternative way to verify the source, then sending the information in a secure format.

And it’s not just on the employees that need to work to keep systems safe. From an organizational standpoint, it’s absolutely critical to keep all of your corporate devices, whether they are computers, laptops, tablets, or Smartphones, up-to-date with the latest patches and fixes, as well as installing anti-virus software and firewalls to protect the data on your corporate network.

So boys and girls, ‘tis the season to protect your company against “Grinch-like” phishing scams. And the best gift your corporation can receive is peace of mind.

Thursday, December 12, 2013

Nimble Storage Named Best Hybrid Flash Storage Solution

In an award selected by Modern Infrastructure readers, iSCSI Nimble Storage CS-Series arrays have been chosen as the top hybrid flash storage product on the market. Nimble Storage was selected because readers found them to be “a great addition to their data centers, providing the right levels of performance and capacity and extensive software features, all at a reasonable cost.”

The unique performance and capacity benefits offered by Nimble Storage are the result of their patented Cache Accelerated Sequential Layout (CASL) architecture, which leverages dynamic, flash-based read caching as well as a unique write-optimized data layout. CASL also incorporates innovative features such as inline variable-block compression, integrated snapshots and zero-copy clones.

When it comes to software features, Nimble Storage offers an all-inclusive licensing model that incorporates all of the features an enterprise might need to consolidate and manage their data. Their InfoSight portal was particularly noted by readers as an impressive and powerful tool that provides administrators with a single pane-of-glass through which they can perform functions such as: viewing alerts and triggers, running reports, and proactive planning for capacity growth.

Nimble Storage won this award over these other hybrid flash storage products:

Coraid EtherDrive SRX6300
Dell Compellent flash-optimized solution
HP 3PAR StoreServ 7400 Storage
IBM StorWize
NetApp FAS
Oracle ZFS Storage Appliance, ZS3 Series
Tegile Zebi
Tintri VMStore

For those considering Nimble Storage, you can further explore the features and benefits of Nimble Storage here.

Thursday, December 5, 2013

Protecting Your Network: Incident Management

In network security, one of the questions we frequently ask our clients and colleagues is, “if you had been hacked, would you know it?”  The answer is surprisingly not the one it should be.  Some of the largest Enterprise companies still place too much faith in the security of legacy systems. They place trust in hardware based on a name and the mindset that their data isn’t worth anything to anyone but them.  However, the reality is that systems are, and always will be, insecure.  No matter what we do, there will always be someone, somewhere, looking for a way to access information, data, and systems that they shouldn’t be accessing. 

As Network Security Engineers, we do our best to stop them with firewalls, intrusion prevention systems, intrusion deception systems, malware and botnet detection, traffic monitoring, application layer firewalls, and end user education.  But the attacks keep coming and, in spite of our best efforts, some are still successful and go unnoticed.  Sometimes for days, weeks, or months.  Even a security conscious company that logs EVERYTHING may not notice the intruder right away if they aren’t reviewing each and every log file every single day and looking for specific things.

That’s what makes Event Correlation so important.  Event Correlation looks at all of the log files from all of the systems in your network that are being sent to the SIEM and determines exactly what’s happening and when.  Event Correlation is generally a feature built into a good SIEM (Security Incident & Event Management System).  A good SIEM can examine flows, event logs from application servers, events from switches, firewalls, IPS and web filters.  With all of that information, the SIEM creates a complete profile of everything an attacker touches.  This is all great for a response AFTER an attack to remediate a security issue, but how can this help during an incident?

A good SIEM with an Event Correlation engine will also be capable of generating alerts based on certain behaviors that might indicate a possible security issue.  For example, if User A logs into a database from the office at 11:30am EST and a few minutes later logs into the same database from a remote location 10,000 miles away, there’s a very good chance that one of those is a possible security breach.  When that remote session is initiated, the process of tracking the session begins and an alert can be sent to the proper admin to disable access or revoke a connection.  Some SIEMs can even automatically do this when used with certain security devices.

Make sure that when your network is breached, you’re able to act quickly and that you have the proper Security Incident & Event Management System in place to help you both stop the attacker in their tracks and prevent them from accessing your systems again.