Today, people expect to be able to access their information anytime, from any type of device, and from anyplace in the world. Mobile devices and the Cloud have fed this expectation. With all of this access comes an increasingly complex network infrastructure.
DetailsThe cybersecurity and tech job markets are booming and it’s a great time to be a job seeker or employee in this field. Just because there’s job security doesn’t mean that you should let off the gas pedal. As an employee or prospective employee in the tech field, you should always be looking for ways…
DetailsHost Larry Bianculli speaks with Joe Goldberg, Cloud Practice Manager, at CCSI, on Cloud Security. Where to begin and what to worry about.
DetailsOften, when speaking to many organizations, I often hear confusion about Pen Testing, ie: what it is, how it differs from vulnerability assessments and what are the best use cases. I’ve decided to write this blog in the hopes of helping my customers better understand these differences and use cases of each.
The cyber threat environment is dynamic and constantly evolving. There are new vulnerabilities discovered on a daily basis. Attacks are getting more sophisticated – they’re getting more complex and flying under the radar of traditional detection technologies.
DetailsThe ripping benefits of cloud computing have been widely touted – business agility, scalability, efficiencies and cost savings among the top. Fortunately, more and more companies are seen migrating and building mission-critical Java applications specifically for cloud environments showing no signs of slowing down. At the same time, such technology has exposed us to threats and risks previously unheard of.
DetailsCloud security is the protection of data, applications, and infrastructures involved in cloud computing. Just like on-prem IT security, cloud security still has concerns like unauthorized data leaks, weak access controls, susceptibility to attacks, and threats to availability.
DetailsAgile development has been increasingly evolving since the creation of the Manifesto for Agile Software Development in 2001. The desire to create better development methods has introduced a methodology that promotes efficiency, collaboration, flexibility, and fast turnaround. Now, eighteen years later, agile development is rising in popularity and might soon replace the traditional waterful approach.…
DetailsThere are multitude of reasons many companies are migrating to the cloud. Some are migrating to the cloud to aid in increasing the productivity of their IT staff, as well as the overall workforce. Others are looking to scale down data centers, help to lessen infrastructure sprawl, and modernize legacy applications. Additionally, some organizations are re-thinking…
DetailsThe two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.
DetailsNatural disasters such as hurricane’s, earthquakes, and fire can put a school district’s data out of reach. These are obvious reasons to have a solid disaster recovery strategy in place. In the aftermath of Superstorm Sandy that hit the East Coast (NJ, NYC, and Long Island), there were several school districts that were unable to gain access to their systems for days or weeks after the storm had passed. This made it impossible to generate transcripts, pay bills, and in some cases, process payroll.
DetailsThere’s no question that digital safety and data security are serious concerns for everyone these days. Businesses big and small simply cannot survive without some kind of security program in place. While some of the more common cyber attacks include viruses, malware and ransomware — the latter being particularly buzz-worthy these days — there’s one…
DetailsGoing online has several risks, ranging from identity theft to theft of cash and other items. Some privacy is important as you surf the Internet. You have a choice of two technologies- VPN and SSH to help enhance some protection and privacy. These two technologies are not competing, but work in different ways to ensure…
DetailsWhether you are planning to migrate a single critical application, or a major portion of your infrastructure, thorough research and a mindful approach are needed before transitioning to the cloud. Many IT groups have struggled moving key enterprise applications to the public cloud, learning from their mistakes, they used these lessons learned for greater success in subsequent migrations.
If you’re one of the many thinking of moving your IT infrastructure to the public cloud or have committed to the idea, but are struggling how to go about it, you don’t want to be the one caught trying to re-create the wheel only to fail miserably. Using the lessons learned from those that have gone before you, helps to maximize your chances of a successful cloud migration on the first attempt. If done right some of the benefits to be realized are reduced cost, streamlined day-to-day operations, IT team expansion, flexibility, and scalability, just to name a few.
DetailsMalicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.
Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.
DetailsThe IT job market has always shifted as technologies advanced, but cloud computing has pushed changes in the market to speeds never seen before. The job market for cloud architects changes as rapidly as the technology itself. At AWS Re:Invent 2018 last week, AWS announced 30+ new significant services alone. Then there is Microsoft, Google, and all the smaller players to keep track of.
DetailsSocial media can do wonders for you as an individual, as well as if you are running your own online business. It can help you build a loyal following, spread word and awareness about your brand, and reach out to other like-minded people, as well as customers. And the best about it is that it’s incredibly easy to do, since everyone you are looking for is already there. It is estimated that there will about 2.77 billion users on social media in 2019!
However, because the power of social media is so easy to utilize, most people let their guard down when it comes to cybersecurity, which can come back to haunt them at some point in the future, in a number of different ways. In order to avoid that, let’s take a look at seven ways in which social media sites sabotage your cybersecurity.
DetailsThis months podcast features Matthew Pascucci, cybersecurity practice manager at CCSI, speaking with guest CISO Patricia Smith from Cox Automotive, on vulnerability management in the Cloud. Does vulnerability management change depending on deployment model? How to you measure cloud vulnerability metrics? Patricia Smith and Matthew Pascucci touch upon these and more in this podcast episode.
DetailsThe first question you may be asking is, “Why should I be considering third party maintenance over OEM maintenance contracts?” The short answer: MONEY
Most buyers who utilize third party maintenance services save up to 50 percent or more over three years, in most cases. In reality though, it isn’t just about the money you could save, excellent service is also an important trait, third party technicians come just as qualified as manufacturer technicians. Third party maintenance requires careful vetting, but in the end, it can be more than worth it.
DetailsAs more enterprise IT operations organizations move to container technology, IT administrators are having to morph into DevOps roles to deal with the container orchestration systems within IT production. These include systems like Docker Swarm, Apache Mesos, and Google Kubernetes, as well as a handful of lesser known players. Container technology has become a reliable way to quickly package, deploy and run application workloads without the need for concern of the physical underlying hardware or operating systems.
Just as important as the containers themselves is the container orchestration technology. These products allow you to start and stop containers through scheduling. They also allow you to scale container usage through managed container clusters. Enterprise data centers have come to expect 99.99% uptime, and introducing new technologies puts a lot of pressure on those individuals expected to run them.
DetailsIn today’s world, digital security is more important than ever. Long gone are the days where you only needed to worry about physical security for offices. Now, banks, law offices, government facilities, and private companies all depend on their technology being protected from a range of threats. It’s essential for a seamless continuity of daily life to identify and quickly respond to these threats as they occur.
DetailsContainers and microservices are becoming a very popular option for deploying applications. There are many benefits of containers, faster deployments, reproducibility of environments, cost optimizations, isolation, and flexibility in general.
There is one glaring problem that is seen right after initial deployment, monitoring and troubleshooting is exponentially more complex when it comes to containers. Containers are designed to run programs in an isolated context, and that means that they tend to be opaque environments. Because of this, the same visibility tools we’ve all been using for years are now failing to perform as expected. Now, you suddenly realize you are flying blind.
DetailsThis months podcast features host Larry Bianculli speaking with Joe Goldberg, Cloud Practice Manager, at CCSI, on containers. What are containers, how do they benefit your organization, and where to begin.
DetailsThere is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is always a difficult thing to do and nothing should be assumed, even with the massive demand of unfilled positions. Here are a few areas I’d suggest if you’re looking to not only get into security, but become successful.
DetailsSite Reliability Engineering (SRE) is a practice that combines software development skills and IT operations into a single job function. Automation and continuous integration and delivery are used to reach the goal of improving highly dynamic systems. The concept originated with Google in the early 2000s and was documented in a book with the same name, Site Reliability Engineering (a must read). SRE shares many governing concepts with DevOps—both domains rely on a culture of sharing, metrics and automation. SRE can be thought of as an extreme implementation of DevOps. The role of the SRE is common in cloud first enterprises and gaining momentum in traditional IT teams. Part systems administrator, part second tier support and part developer, SREs require a personality that is by nature inquisitive, always acquiring new skills, asking questions, and solving problems by embracing new tools and automation.
DetailsMicrosoft’s had significant difficulties recovering from its most severe Azure outage in years. On September 4, 2018 there was a weather related power spike at Microsoft’s Azure South Central U.S. region in San Antonio. That surge hit crippled their HVAC system. The subsequent rising temperatures triggered automatic hardware shutdowns. More than 30 cloud services, as well as the Azure status page were taken out in the process.
DetailsBusinesses report the key advantages of moving workloads to the Cloud are flexibility, agility, easy access to information, and cost savings. Clearly they are taking use of these advantages, as seen in the 2018 State of the Cloud Survey performed by RightScale, they found that 96% of respondents now use the public, private, hybrid, or…
DetailsThere are any number of use cases where you would need a disaster recovery solution. These can be a disaster emanating from within, such as end user error that has unexpected catastrophic results that cripples your system. There can also be outside influences, like acts of Mother Nature that could flood your data center or…
DetailsAround the Millenium when 802.11 was ratified, any measure of security was enough; just having an SSID that was closed was “security”. Then came WEP to stop unauthorized access, however, that was soon cracked. That is why, the IEEE and the WiFi Alliance devised WiFi Protected Access (WPA). Protecting WLANs (Wireless Local Area Networks) should…
DetailsToday, cybersecurity is vital to the safety and security of your company and its data. Developing a proper risk assessment strategy for cyberattacks is about as necessary as breathing. Not only can an incident get you in a lot of trouble with your customers, lowering your reputation, but it can also get you into legal…
DetailsThere’s a reason it’s said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It’s the only way to know if you’re heading in the right direction.
That’s why any security operations team worth their salt will be paying close attention to both their mean time to detect (MTTD) and mean time to respond (MTTR) metrics when it comes to resolving incidents.
The average dwell time for attackers still sits somewhere within the ranges of 100 – 140 days and frankly, we can do better. Security operations teams need to be fanatical when it comes to lowering these metrics within their organizations.
Significantly reducing dwell time, MTTD and MTTR starts with an understanding of attacks. From there, you need multiple groups working together in harmony enabled by technology to automate and orchestrate incident response processes.
Details
