NetConnect Blog - Your Resource For IT Tips, Tricks and News

It's Not If, It's When

Posted by Jeremy Hostrup on Jan 25, 2017 8:15:00 AM

It today’s world, it’s a stark reality, odds are that at some point you will get hacked. This may come in many forms and fashions. Sometimes it’s just annoying like pop-ups in your browser and others can be more severe like ransomware. There are other types that are way more concerning. Consider this, a user receives an email that appears like it’s from someone inside your company with an excel document. They click on the document and they get an annoying bar that says click here to enable macros. They click the enable button and nothing happens from what the end user can see. What the user can’t see is that they’ve just connected their PC to a hacker that now has complete access to the user’s computer. From there, they can log keystrokes and gain information from the user. They can also pivot and try to find an administrator username and password and if they can do this, they now have complete administrative access to your systems.

So what can you do? Well, what do you do if you’re cold? If you’re like me and you get cold, you put on another layer of clothes. Still cold, add another layer. Cyber security is similar to that. You can add as many layers as you need until you’re no longer “cold”. Cisco has a family of products that when used in conjunction with each other, provide layers of security that prevent most hackers from gaining access and exploiting your systems.

pexels-photo2.jpgThe most important first layer is AMP for endpoint. This is hardware agnostic and recommended for any customer. This is an anti-malware program that runs on computers and servers that provides a layer of protection to identify and block dangerous traffic. I’ve seen the benefits of this firsthand when I tried to open an attachment that I thought was from a known sender but after looking further was not. Essentially, I got a pop from AMP that said what was wrong with the file and didn’t allow me to open it. Like most Cisco security products, AMP for endpoint relies on the Talos database to protect you from zero day threats. Another very important feature of AMP for endpoint is that it will prevent malware from spreading host to host.

The second layer I’d recommend for any customer with any hardware would be OpenDNS. OpenDNS works on the DNS level and prevents the attack before it could even happen. If OpenDNS blocks a DNS request for information from the Internet, the attack cannot possibly happen. Another added benefit of OpenDNS is that you can do URL filtering as well.

The third layer I’d recommend, especially if you have the X series of ASA’s, is Sourcefire. Sourcefire provides intelligence to your firewall and allows you to do things like URL filtering, advanced malware protection, heuristics, inline SSL decryption, geo-blocking, alerting, and more.

pexels-photo-90333.jpegNow, what about the situation where a user needs to send an encrypted email or you’re receiving multiple phishing emails? Cisco has a solution for that as well. Cisco email security provides you the ability to do encrypted emails, filter out unwanted emails, scan attachments, prevent ransomware, and more.

Have you ever thought about what would happen if an employee was getting ready to leave the company and started uploading all their files to an HTTPS site? Would you know, what would you do, how could this impact you? Cisco has a product called Stealthwatch that watches the network and can catch anomalies.

I know that’s many different products doing a multitude of things but in a perfect world, those would be my layers. Not everyone lives in a perfect world with an unlimited budget so at a minimum, I think everyone should have AMP for endpoint running on all systems that can run it. Add OpenDNS to that and they make a perfect team to identify and stop threats inside and outside your network. Also, if you already run the new X series of ASA’s, it’s a minimal investment to reap the benefits of Sourcefire.

NCI Contact Us Button

Topics: Cyber Security

In Security, There is No Silver Bullet

Posted by Rob Lammert on Dec 22, 2016 12:47:48 PM

computer-security-threats.jpgNo one is above being breached. There are many ways that a breach can happen and there is no one piece of technology that can safeguard your organization, but, there are steps you can take to make sure you are not an easy target. Keep in mind, you don’t have to spend massive amounts of capital on your “cyber defense” posture; it is all about the policies put into place and the enforcement of those policies with your users. 

Rob Lammert from our partner, ESET breaks it down into these four important steps: 

1. Educate Your Users

Many studies show that the weakest link in your technology environment is actually human error. In their day to day activities, users are bombarded with many infiltration attempts such as phishing scams, infected email attachments or even unsolicited “help desk” phone calls. Educating your users on your security policies and procedures is a big step in preventing an infiltration. Many companies provide educational sessions like “Security Awareness Power Hour” on a regular basis to help users stay educated on how they are to identify and handle threat attempts.

2. Maintain Multiple Layers

secure-email.jpgYears ago, only having an antivirus product on your endpoints or servers seemed to be all you needed to be secure. In today’s threat landscape, having a multiple-layered approach helps safeguard against holes in one line of defense or another. For example, allowing multiple detection engines and styles, such as Anti-Spam, Anti-Phishing and Anti-Malware, to scan emails prior to them reaching their destination can be quick and easy way to safeguard against many spam or infected emails. This can be done by having an external scanning engine assess the email before it reaches your company gateway, with a final line of defense being on the endpoint to detect anything remaining. Multiple layers of security in each of your data entry and exit points helps make your environment unappealing to hackers, as security layers increase the time needed to infiltrate your infrastructure. Key items to consider for layers are encryption, authentication methods, data loss prevention, and endpoint security products, all of which can work independently or in unison to lock down your infrastructure.

3. Patching & Updating

Operating system and application exploits are among the most common infiltration points for malware and yet are the simplest to prevent. There are many products in the marketplace that can help you with patching your systems and can be deployed within a small time frame. Patching and updating products is not only limited to the common products that you think of such as Microsoft Windows or Microsoft Office, but really all products that your users might interact with such as Adobe Acrobat, Adobe Flash or Java. Keeping your environment up-to-date will go a long way in keeping your environment safe from external attacks.

4. Wash, Rinse & Repeat

security-key.jpgSecuring your infrastructure is not a project that has a specific completion date or objective; it is an ongoing process that will require you to update your methods as threats become more sophisticated. Many products, such as endpoint security software, do a lot of the heavy lifting for you to keep you (and your business) protected against many existing and “zero day” attacks, but they can’t do all the work for you.  Be sure to continually keep yourself educated on the latest threats - as well as techniques to prevent them - as they change frequently; sometimes daily! 

There are many fantastic websites out there to help you with this information, like ESET’s security news website, Also, ESET has a variety of free, educational white papers and webinars that cover a variety of security topics.

To find out more about security awareness and what options are a right fit for your organization, contact Network Center, Inc. to setup a free consultation. Network Center, Inc. also offers vulnerability tests to identify security risks in your environment. 

NCI Contact Us Button


Topics: Network Security, Cyber Security

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all