Atlantic Business Technologies, Inc.

Author: Eric Lloyd

  • The Urgent Need for Vulnerability Scanning

    One might think that IT system vulnerabilities are decreasing. With the spread of virtualization and cloud adoption, we assume that security is getting stronger. Configuration and hardening technologies continue to evolve, resulting in a lower surface vulnerability – right? 

    Wrong! Not even close.

    Hackers are finding new ways to target and exploit your organization’s vulnerabilities. The National Vulnerability Database maintains over 110,000 common vulnerabilities entries. In fact, by January 4th 2019, and the NVB has already logged 39 new vulnerabilities entries for 2019.

    Why You Need Vulnerability Management

    Vulnerability Scanning is vital; it protects the hygiene of your systems by reducing attack surfaces. This protection can (and should) take a number of forms:

    External Protection

    An external attack is one done from the outside. A hacker tries to gain access to your organization’s devices and systems via the Internet. Oftentimes, your environment will have unnecessary ports open. Since they’re not in use, they are easy-to-miss open doors for a potential breach. When a breach occurs, you should disable these ports and any other insecure communications protocols.

    Internal Protection

    An internal attack is when a hacker tries to gain access through your organization’s personal wired and wireless networks. Password credentials can be one of the main issues here. They often allow for more access to systems than is necessary for that user’s role. Your organization should be leveraging identity management tools. These provide the appropriate level of access to systems needed, typically based on an employee’s position.

    Phishing Protection

    No explanation needed here, right? Hackers today are taking advantage of multiple ways to socially engineer access to your organization, and they’re doing it through your employees! Phishing’s reputation precedes it, keeping everyone on high alert. Unfortunately, the majority of breaches still happen at the human level. Educating your employees on phishing remains critical, but you can take this a step farther. Increase awareness by gaining actual business insight with testing results.

    Application Pen Testing

    Whether your application is for your internal operations or customer-facing, pen testing is essential. Vulnerabilities are often present in all application code. Best practices for development involve SecDevOps, or having security built into the development life cycle. If your company has developed an application for client use, be ready. Legal negligence will be your fault if you’re not rigorously performing security testing. While Equifax is a prime example, this can happen to organizations of any size. Hackers don’t care about the general scope of your company. They’re after the data!

    How Vulnerability Scanning Works

    With proper planning, you can do these types of testing in a non-disruptive way. It’s important to notify any Cloud providers when you schedule scans to run. They should be aware of when the scans will take place. Good deliverables should contain specific details about the vulnerabilities. This would include a ranking according to severity. Each vulnerability should have a recommended remediation approach. This is a productive action that your IT teams can tackle. When remediation is not viable, you must stay up to date with documentation. This is especially important if your organization must comply with specific Cybersecurity Frameworks.

    At Atlantic BT, we’re always ready and alert. Our Managed Vulnerability Scanning service is dependable and efficient. It provides our clients with an ongoing peace of mind. Their technical vulnerabilities and security issues are being identified. Best practice remediation is being suggested. Even better, risks are actively minimized around data loss and disruption.

    Security From Top to Bottom and Beyond

    ABT’s Security Solutions leadership and engineers have over 20 years of field experience. Our range of work includes:

    • Information Security Consulting
    • Security Operations
    • Incident Response
    • Managed Security Services

    We would never tell a client to do something we wouldn’t do ourselves. Therefore, we’ve integrated security best practices into our own daily operations. We’ve also navigated a variety of scenarios that our clients have faced. While doing so, we’ve utilized cybersecurity tools that continue to evolve in the marketplace.

    Our security team has helped many customers assess their security posture. We ensure they are covered by implementing security layers around every access point. Protection includes access controls and permissions, data encryption (both on-premise and in the cloud), and in-depth analysis to pinpoint cracks in the wall. To learn the ins and outs of your security needs, contact us today for a security assessment. 

  • Is Your Data Encrypted? It Better Be

    October is National Cybersecurity Awareness Month. Keeping data safe has always been critical. But as threats continue to increase, as well as the scope of the damage and the impact it has on consumers, knowledge and vigilance must become habitual to any organization online. This month we’ll be sharing our experiences, the stories that have our attention, and plenty of advice on how to navigate the current world of cybersecurity.

    There are unknown experts in cybersecurity running about and it’s time we took some notes out of their playbook. Who are these covert coders of data?

    Kids. Of course.

    Little budding encryption geniuses are everywhere, making up their own languages or creating codes to share secret messages right under their parents’ noses. It’s an obvious idea to them. So why isn’t it an obvious idea to us? Why do companies let their data go unencrypted?

    Cybersecurity has never been more vital than it is now. Facebook’s recent debacle shows us that no one is immune. Every security measure counts. As you build a security system for your company’s data, you must include encryption. But, it’s not a task to take on lightly. A thorough understanding of the data you’re aiming to protect will help you develop the strongest plan. Here’s how to do it best.

    Scramble it Up

    Data encryption is preventative security. It’s ready for a hacker to break through the walls. But, it ensures that they won’t be able to decipher the data, rendering it unreadable. How? By the magic of math. Encryption uses an algorithm to transform plain text into cipher text. The only way to revert it back to its original form is with an encryption key.

    Tokenization is a different form of encryption. It adds another layer of protection by randomly scrambling the data. Decoding it requires more direct access to the database. There is no easily shareable key. Instead, tokens are created as a reference point to the original data. However, they can not translate that data into readable information. The real data is stored in a vault, encrypted and safe.

    Discover Data Holistically

    There are right and wrong ways to go about the encryption process. If you want to make sure you’ve covered your bases, you need to have a plan. The best and most important way to start is with scoping and identification. You need to have a thorough understanding of the data you have, where it is, and how it is shared. Identify each piece of data in every transactional state. Whether it’s in transit, at rest, or in long term storage, data must be encrypted at each stage.

    Consider what methods of encryption work best for the kind of data you have. You may think that a standard algorithm is enough for all of the information your organization maintains. But, not all data is created equal. Passwords, for example, can benefit from One Way Encryption. This makes it nearly impossible to reverse the data back to its original form. Other sensitive data, such as social security numbers or bank accounts, can find security via Tokenization. As you discover exactly what you have and where it is, you’ll be able to prioritize accordingly. You must encrypt all your data. Implementing the best type of encryption for each form of data will elevate your security strategy.

    Why You Need Encryption

    The Facebook breach is staggering for many reasons. Most notable is the glaring mistake the security team made with their encryption. They missed the mark and the consequences are mammoth. If Facebook can’t keep their consumer’s data safe, is there hope for anyone?

    Sure there is. The most important thing to keep in mind, with regards to cybersecurity, is that it’s not a matter of if. It’s a matter of when. If you are online, you are vulnerable. Taking steps to protect your online presence, at any stage of development, is the right thing to do. At Atlantic BT, we partner with Arctic Wolf to provide clients with a best in class network monitoring solution and a strategy driven roadmap. Investing in security at the onset can save your company plenty of money down the road. Most importantly, you’re showing your consumers that they were right to trust you with personal information.  

    Care Over Fear

    It’s very easy to scare clients into investing in cybersecurity. To be sure, there is plenty out there to be scared of. But as you consider your encryption needs and options, remember your prime motivation. It’s not a fear of loss. It’s the care you have for your customers.

    Providing service to others is what your organization was founded on. A customer’s success is your success. Protect their data. Protect your Intellectual Property. Act on the beliefs you claim. The best way to value your customer’s trust is to ensure it. Encryption prioritizes the safety of your consumer’s data and your company’s integrity.

    Take a Step Forward

    At Atlantic BT, we know that safety is tantamount to our client’s well-being. When you’ve designed and developed an online presence you’re proud of, cybersecurity allows it to thrive. Contact our security team today to discuss your options and evaluate what strategies are best for you.  

  • Network Security Monitoring Demands Your Attention Now

    October is National Cybersecurity Awareness Month. Keeping data safe has always been critical. But as threats continue to increase, as well as the scope of the damage and the impact it has on consumers, knowledge and vigilance must become habitual to any organization online. This month we’ll be sharing our experiences, the stories that have our attention, and plenty of advice on how to navigate the current world of cybersecurity.

    Every Breath You Take by The Police is a disturbing song in every way but one. When applied to the context of cybersecurity, it makes a lot more sense. Your security systems should be watching everything within your network, around the clock. The best way to accomplish this is with a Security Operations Center (SOC). This program’s sole purpose in life is to protect your business operations and data. With the right approach, it’s the strongest tool at your disposal when it comes to Network Security Monitoring.

    Throwing up a wall and hoping it will hold doesn’t cut it anymore in today’s world of cyberthreats. Far too often, we see cybersecurity dismissed as a “would be nice to have” bonus feature. But only if the budget allows for it. Or security measures appear at the end of a large project as an afterthought. The lack of concern and urgency surrounding data protection is flabbergasting. Tech titans, massive banks, and our own system of government fall victim to data breaches and hacking with alarming frequency. We must make the choice to be better and stronger.

    Network Security Monitoring

    At Atlantic BT, we partner with Arctic Wolf to provide our clients with a 24/7 fully managed SOC that we trust and believe in. The trust your consumers give you is tantamount to lasting brand success. An effective SOC establishes a dependable relationship between you and your clients. The respect you demonstrate for their personal information and intellectual property is evident. Clients can see that you value the safety of their data as much as you do your own. As we discuss the benefits of Network Security Monitoring and SOCs, don’t worry if you notice an increase in your heart rate. When faced with the reality of what the safety of your data is up against, palpitations are normal. Take a deep breath and keep moving forward.

    As broad as it may sound, Network Security Monitoring is more than just a watchful gaze from above. It utilizes an SOC to consistently investigate every log transaction in your network. They’s on the lookout for potential threats and irregularities. Not only will it sound the alarm the instant it finds something nefarious, it will also alert a real live human being (a value unique to Arctic Wolf). Cybersecurity experts cannot recommend this practice enough. But before diving into why that’s true, let’s address one of the biggest factors companies use to balk on security.

    The Cost of Safety

    Cybersecurity is not cheap.

    There. We said it. We’ve seen the strained looks on the faces of clients when they consider the costs of protecting their data. We know it’s not what anyone wants to hear. Alas, sometimes the truth hurts. And the truth here is that effective cybersecurity will cost you, but it’s a drop in the bucket compared to the financial strain of a data breach. 

    The average cost of each stolen record of sensitive information is $148. If you run a law office, consider how many cases and clients you currently have. Perhaps you work for a university. How many students attend? Should a data breach occur, you can expect to dedicate around $148 for every single individual involved. And this is just the starting point. The Equifax breach price tag came in at a whopping $600 million in damages. That’s not a typo. That’s reality.

    Cyberattacks are not going away any time soon. In fact, they’re on the rise. They will continue to be as we put more and more of our lives into computers and the internet. Effective security systems maintained by a team you can trust is an invaluable asset to your organization.

    A Critical Need

    Passivity, with regards to cybersecurity, is frustrating. It’s difficult for us to see a lack of concern from a client as they discuss the safety of their data. As each day brings more news of cyberthieves and their alarming success rate, few changes take place on the battleground. While you may have some security measures in place, there are many gaps and vulnerabilities in your system that lack protection.

    SOCs are designed to seek out those cracks in the walls and advise the appropriate teams how to fill them in. Sophisticated attacks take advantage of every sliver of light. They hunt down non-compliant vulnerabilities. They take advantage of weaknesses missed in a complex infrastructure. SOCs never rest. They continuously ingest and correlate logs all day, every day to ensure no breaches are underway. They also simplify root cause analysis, quickly getting to the source. 

    Visibility and Security

    In order for every corner of your network to be properly protected, it first has to be seen and understood, inside and out. Network Security Monitoring is all encompassing. It’s a solution that provides in-depth insights for every part of your infrastructure. It also allows for the discovery of new devices as they join the network. The SOC accepts those that should be there and rejects suspicious activity. App servers, routers, and switches are all secured through SOCs.
     
    A strong SOC will alert the organization and help minimize dwell time and downtime. It will be able to differentiate legitimate requests from malicious ones and act accordingly. The success of the SOC is largely owed to the amount of information it is able to gather on a regular basis. The more a security system can know about your network, the easier it is for it to be protected in a manner specific to your data. Likewise, knowing as much as possible about the exposure your network has to potential hackers, is a tool. It becomes easier for you to make stronger business decisions regarding security.

    Safety First

    SOCs are expensive yet necessary components of enterprises at any size. Building a team and developing the processes requires focus and effort. SOCs are time-consuming to operate as they cover every inch of an entire network. However, when looking at the big picture, the optimal solution is clear. Any mid-sized business can rely on the lower Total Cost of Ownership and Operational expense of a Managed Service

    The security team at Atlantic BT is ready to answer any questions you may have concerning Network Security Monitoring. SOCs can strengthen and protect your organization’s data and IP. We want you to feel secure in the choices you make on behalf of the consumers you serve.