Posted on: July 10, 2019 By: Carolyn Kuczynski
In a market where SOC-as-a-Service can be purchased at “significant cost savings,” and where a la carte SOC services allow customers to order their security solutions piecemeal, one must wonder what is most important: the effectiveness of a SOC in protecting a company’s data and assets, or whatever cost savings and convenience it might offer? SOC services that cater to providing the latter do so at their clients’ peril, pretending that a two thousand-dollar SOC can somehow provide relevant detection and response capabilities to protect millions of dollars in data assets.
Unfortunately, the real cost of inadequate cybersecurity is not often realized until disaster strikes.
Truth or consequences
Learning the truth before a breach occurs will prevent the unpleasant consequences that will surely follow. Although a very low price is the first indication that a SOC doesn’t take security seriously, it is not the only one, finding a SOC that can deliver on its promises requires some insight into their operation.
A fair list of questions one should ask about their current, or prospective, SOC includes the following: Does my SOC provider have experienced analysts, who understand the data they’re looking at and turn it into actionable tasks? Are they tiered to escalate threats as needed (tier 1 – 4), or does one group do it all? Does anyone in the SOC have offensive experience?
Does my SOC provider optimize my monitoring or just does what I tell him? Is my SOC provider bringing in value or just an outsourced staff augmentation?
How many alerts did I receive from my SOC vendor in the past month? How many real cyber incidents has my SOC vendor taken part in for other clients? What were the outcomes? Does my SOC have true incident response capabilities (real experienced IR personnel with actual hacking background) or do they wait till damage is done before acting?
The biggest question – is my SOC provider giving me a fancy Help desk or a professional Security operations center??
These questions represent the bare minimum a SOC must do if they are going to safeguard their clients’ data, networks, and reputation. You’re guaranteed that any service provider who balks at any of these questions will be paralyzed in the face of even a minor incident, not to mention a serious attack.
Inadequate protection worse than none at all
Every SOC claims they can protect their clients from cyber threats. Some can, but most can’t, and the cost of those broken promises can be truly devastating. The damage of having a false sense of security should not be underestimated, nothing is more devastating and frustrating to a company than learning that the measures they took for security have turned out to be empty of content and redundant when push came to shove.
It’s a frustrating challenge, understanding who’s selling you buzz words and who actually has capabilities, but it is a challenge companies and management must take upon themselves as those responsible at the end of the day.
The regulators and legislators are 40 thousand feet up high, talking about general problems and generic solutions that in most cases don’t really guide companies as much as they force them to take misguided actions in IT and Cybersecurity.
It is up to organizations, large and small, to ask their vendors the hard questions, demand experienced services and field proven solutions, to no longer accept buzz words and fancy terms for a commodity price and paint over the Cyber risks.
If someone were to offer you full health insurance for the entire family for $5 a month, you wouldn’t consider it, knowing that there has to be a catch, understanding that there is no possible way you’re getting any value for that $5. You would ask to see what is covered? who is liable? who is behind the company and so on…
So why is it when someone offers you an expert team of cyber analysts to work 24/7/365 including Incident response teams and various expert services, all for a few hundred dollars a month – that makes sense? Ask the same questions you would any other vendor who is offering an unrealistic proposition, see how the answers blow you away.
The best security advice? You don’t have to decide to have visibility and response capabilities, but if you do, make sure you buy capabilities and not buzz words.
At some point in time, you’re going to need that service you’ve been paying for, don’t wait for that day to find out what it really is you’ve bought.
Real defense requires an understanding of offense
With cybercriminals gaining access to over 200,000 confidential records per hour, only SOCs that are geared up for real-life incidents can overcome the cyber challenges of today. Defending clients’ valuable resources against the technologically advanced hackers of today, demands that a SOC maintains an offensive posture on all fronts, strategically seeking out both vulnerabilities and exploits.
But at the very least it requires that those designing, operating and responding in the SOC, either have offensive experience or are being guided by those who do.
Tools of the trade
The majority of SOC providers offer little more than a patchwork of security products, accompanied by consumer-grade customer support (a low-level Help desk). Moreover, most have never seen a real hack, let alone participated in a real one (defensive or offensive). By contrast, a world-class SOC combines the following tools into a comprehensive security solution that becomes a core component in the client’s organization.
● Multilayer Monitoring: Monitoring means more than relaying alerts to the client. It involves a comprehensive, multi-layered monitoring center, with Tier 1 – Tier 4 alerts prioritization. It’s about knowing what to monitor (where to look) and what not to! Understanding how to separate the relevant from the noise is a challenge that requires experience and it is key to having an efficient monitoring center.
● Proactive Services: From basic hunting actions in the network to simply being updated on IOCs and taking day-to-day actions as required in a live and active SOC. Constantly questioning and investigating the traffic is the only possible way to stay in the game
● Expert Response Team: A diverse team of highly-trained cybersecurity professionals, tap decades of combined experience to keep clients protected, around the clock, from threats internal and external to the organization.
● Advanced Forensics: The SOC team brings cutting-edge forensics capabilities and technologies to bear against every threat, to include high-level digital forensics, server, and network forensics, and the latest investigative tools.
● Cyber Intelligence: To beat a hacker, you have to think like one. Effective protection of high-value client assets requires monitoring of Dark Web platforms to identify emerging threats that may involve the client – right down to cyber threats that may target a high-profile official.
● Secure Remote Connection: Secure remote interfacing with the client’s existing system reduces the impact on their operations, and ensures that all gateways, networks, servers, and data stores are constantly monitored by trained security experts.
The price of protection
In today’s ever-evolving world of cybercrime, threats come in a variety of guises. From threats as subtle as phishing emails and Trojan viruses to full-frontal infiltration and service denial attacks, many companies are just one click away from disaster. Whether the motive for an attack is ideological, for personal profit, or for revenge, the outcome is the same – loss of data, loss of capital, and possibly loss of the company’s position in the market.
Companies hiding behind the “we are not a real target – who would want to attack us” simply do not understand the way the attackers work. Over 90% of attacks are absolutely random, the attackers attack vulnerabilities, weaknesses in technology or processes, not caring at all who or what the organization behind it really is or does.
More often than not, they have no idea who it is they are attacking. They don’t see the company behind the platform until they have already engaged in the attack. You may think you are not a target but unfortunately – attackers do not share your opinion.
The question isn’t whether or not a company will become the target of an attack – because sooner or later, they will. No, the question that should be on every CIO and CEO’s mind is whether they want to pay the price for a setting up a professional SOC that can secure their digital assets, or do they want to pay the absolutely ludicrous price that comes with a data breach.
Posted on: June 19, 2019 By: Carolyn Kuczynski
Whether you work in a multi-hospital healthcare system or a private dentist’s office, protecting personal health information (PHI) is essential. HIPAA’s rules and requirements are clear — no matter what, PHI must be kept completely confidential.
This has become increasingly important as more and more health care providers (or “covered entities,” in HIPAA language) use the cloud to store data and run software. Among other things, this means the vendors who provide those services must be certified HIPAA-compliant.
What does that mean for a cloud service provider? Or for a vendor offering business VoIP services? What if the data is encrypted so that cloud providers? Do they still need to be certified HIPAA-compliant? What is their responsibility when security breaches occur, or during natural disasters? What happens to the data when a healthcare provider terminates the vendor relationship?
Is your head spinning yet? Obviously, using a third-party to handle sensitive patient data requires a lot of careful thought.
HIPAA: The Basics
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and their vendors to establish three types of controls when handling PHI (or “ePHI” for electronic patient data): administrative, physical and technical. Policies and procedures are examples of administrative controls. Protecting hardware is a physical control. Implementing data encryption is an administrative control.
Covered entities need technical vendors that offer multi-layer security frameworks with physical and technical safeguards enforced by stringent administrative policies. They should be certified HIPAA-compliant and offer a Business Associate Agreement (BAA). Thus, as a best practice, it’s a good idea to work with vendors who offer HIPAA-compliant solutions like MiCloud Connect, built on Google Cloud.
In fact, the law is quite clear when it comes to the responsibility of third-party vendors like cloud providers providing technical services to healthcare providers. The Guidance on HIPAA & Cloud Computing published on HHS.gov explains the obligations of Business Associates [italics ours]:
“When a covered entity engages the services of a CSP [cloud service provider] to create, receive, maintain, or transmit ePHI (such as to process and/or store ePHI), on its behalf, the CSP is a business associate under HIPAA. Further, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate.
“As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is…directly liable for compliance with the applicable requirements of the HIPAA Rules.
“If a covered entity (or business associate) uses a CSP to maintain (e.g., to process or store) electronic protected health information (ePHI) without entering into a BAA with the CSP, the covered entity (or business associate) is in violation of the HIPAA Rules.”
The bottom line: Any vendor you choose to handle your ePHI must provide a BAA that spells out in detail each party’s responsibilities. The agreement can specify how the data will be used, stored, protected and transmitted; what will happen in case of a security breach or natural disaster; disposition of data at termination of contract; and any other requirements or conditions the covered entity deems important.
In addition to the BAA, clients can include provisions in a Service Level Agreement (SLA) to address HIPAA concerns, such as backup and data recovery. Whether you’re concerned about a hack or a natural disaster, ask the vendor what plan it has in place to protect and recover your data.
Use the SLA to specify the vendor’s security responsibilities. HIPAA regulations require that both covered entities and business associates abide by the Security Rule. Even when clients control access to the data via encryption, vendors still must be HIPAA-compliant. Consider requiring vendors to demonstrate how they remain current with the latest encryption standards.
As part of the agreement, be sure to cover what happens when the relationship ends. How will the data be returned to the healthcare provider? Under the Privacy Rule, HIPAA regulations require business associates to return or destroy all PHI at a contract’s termination.
When evaluating vendors, look for partners that are certified HIPAA-compliant. Confirm that they’ve engaged a third-party organization to verify their compliance using the most recent Office of Civil Rights (OCR) Audit Protocol. Since HIPAA rules can change over time, certification is not a one-time deal.
All covered entities are responsible for their HIPAA compliance and open to audit. Consequently, your vendor should conduct regular internal checks. Ask each prospective partner how often it audits their processes and procedures.
Also, find out if the vendor has an internal, dedicated information security team responsible that monitors and HIPAA protocols on an ongoing basis. And make sure the vendor’s employees receive ongoing training to keep up with changes in HIPAA rules.
Whether you’re a healthcare provider or a business associate, HIPAA requires you to conduct risk analyses of potential threats and vulnerabilities to ePHI.
A recent study by CynergisTek found that third-party vendors were responsible for 23 percent of 2018’s healthcare data breaches. One reason: Many providers lack processes to address – and predict – risks.
David Rauschendorfer, senior director of CynergisTek’s Security Services Operations, highlights this finding. “Vendors lack activities that identify threats as well as the potential business impacts of identified vulnerabilities,” he explains. “These high-risk vendors often lack established or formally documented methodologies to prioritize and address identified risks.”
Ask your vendor about its procedures for not just protecting ePHI, but also identifying potential threats and vulnerabilities. You always want to be proactive, not reactive.
If a security incident does occur, HIPAA is quite clear on the vendor’s responsibilities. The Security Rule requires business associates to “identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the business associate; and document security incidents and their outcomes.” The Breach Notification Rule spells out the content, timing and other requirements for business associates to follow when reporting incidents to the covered entity.
Ask each potential vendor what policies and procedures it has in place to address and document data breaches or an attack on its systems. In particular, how does it discover data breaches? How does it identify the problem’s source, and what remediation steps does it take to limit damage? Require specific timing for notification and resolution.
All Secure In One Place
When choosing your cloud vendor, consider how it will enable your organization to access and use essential patient information while remaining compliant with HIPAA regulations. Ultimately, you have to store information in a way that’s both secure and accessible so that medical professionals can share and collaborate while patients can manage their healthcare.
Posted on: June 3, 2019 By: Carolyn Kuczynski
There are a lot of cybersecurity options, all proposing to be the right solution to protect the small and medium business customer. The security marketplace is confusing and overwhelming for SMBs. But CyberFusion® is very different from the usual cybersecurity offering. Here are three main reasons your customer needs this all-in-one solution…
1. CyberFusion is more effective. To explain why an all-in-one solution protects more effectively than other options, it’s helpful to understand what true security is. It’s a combination of protection, detection, and response efforts, all working together to provide “defense-in-depth.” The easiest way to explain it is to use something everyone knows and understands–protecting a home. A home is safeguarded in multiple ways:
Physical protection: The house is physically protected with a fence, doors, and locks. If a criminal jumps over the fence, he is stopped by the door, if he chooses to try to open the door, there is a lock to stop him.
Detection: Let’s say the criminal gets into the house. There may be an alarm that goes off when the door opens or the motion detectors are tripped. If the home is monitored by a security company, their operation center experts will see there is an intruder.
Response: Maybe a ferocious dog is awaiting the intruder or the homeowner has a weapon. The home security company may also alert the police to enter the house.
No function on its own is true, effective security. All are parts of a security program or discipline. They all work together.
The same is true for cybersecurity. Individual components will not adequately protect your company. You need to have all working together to stop cyber attacks.
Cybersecurity protection comes in the form of firewalls, an IPS (intrusion protection system), anti-virus software, and employee awareness training.
Detection is a SOC (security operation center) handling an IDS (intrusion detection system), sandboxing (isolating applications), and an EDR (endpoint detection and response).
Response isn’t an attack dog but SOC analysts managing needed containment and eradication of threats.
What we find is that most SMBs, if they have invested in security, have invested in low-grade protection tools. Almost like having a door without a deadbolt. And forget about detection and response. When the cybercriminal gets into the system, most SMBs are left completely vulnerable. Game on for ransomware, data hijacking and whatever else the threat actor wants to do. And many take their time and go undetected for months or even years.
2. CyberFusion saves time. It takes at least 54 hours to investigate, source and select IT security technologies to create full, end-to-end protection. There are six main components to a security platform: network monitoring, next-generation firewall capabilities, email gateway security, endpoint security, trusted access, and employee awareness training. Assuming a triple-bid process, there are 18 suppliers to seek out. Let’s agree that on the low end it requires three hours of time per component, 54 hours are required.
The 54 hours doesn’t even include the time and effort it takes to hire in-house or contract SOC analysts to conduct 24/7 monitoring, detection, and response.
CyberFusion for the SMB customer is one contact, one company, one monthly invoice, one customer service number. That’s it.
3. CyberFusion costs less. We can all agree that SMBs have limited resources. And the reality is that most business owners make the hard choice of being under-protected because the cost to purchase, deploy and maintain all components of a full stack security solution is outrageous for an SMB. There are initial purchase costs, deployment costs and annual renewal costs for various licenses. The budgeting process alone is challenging.
Spend some time putting together an end-to-end cybersecurity solution for your customer and adding up the costs. You will find that paying for just 24/7 monitoring is often triple the cost of CyberFusion. CyberFusion is a U.S. patent pending process that was designed to have the same effectiveness as our biggest enterprise platforms but at a cost that a small business can afford.
Simplify cybersecurity for your customer with CyberFusion. The effective, efficient, affordable solution.
Contact Rocus Networks today to set up a 30-day trial for your customer.
Posted on: March 11, 2019 By: CNSG Marketing
Authorized partners who refer physical colocation deals that close by July 31, 2019 are eligible to earn bonus commissions from Expedient. As part of this rewards program, you can earn a bonus commission on top of the baseline referral partner commission for each colocation deal closed before the deadline. The bonus commission will be equal to 100% of the first month of colocation-related MRR (monthly recurring revenue). For example, if you refer a client with an initial colocation MRR of $5,000, you will earn $5,000 bonus commission in addition to the base referral partner commission.
To be eligible for this rewards program, colocation leads must be submitted through Expedient’s partner portal and meet the qualification standards defined in the current Expedient SPIFF. For more information on this referral program, please contact Nick Lansberry, Expedient Partner Alliances Specialist, at email@example.com.
Expedient helps companies transform their IT operations through award-winning cloud and infrastructure solutions and managed services including disaster recovery, security and compliance, and more. The company operates 11 data centers in seven cities where clients can host equipment in both cabinets and cages. With nearly 20 years of experience maintaining and operating data centers, Expedient achieves operational excellence through the implementation of standard operating procedures and proven security methodologies. Learn more about Expedient colocation solutions here.
Posted on: February 8, 2019 By: CNSG Marketing
The cloud game is complex, constantly evolving, and competitive. And while it seems like the names AWS and Azure have become almost synonymous with cloud, nearly all cloud pundits agree that the cloud landscape really requires two types of clouds: an Enterprise Cloud, where the applications need to have hardware redundancy, and an Application Cloud, where the applications have redundancy built into them. Hyperscalers like AWS and Azure are focused on application clouds, yet very few companies have the applications to take proper advantage of them.
Meanwhile, platinum-level CNSG Supplier, Expedient, has taken a different path by focusing on its Enterprise Cloud offering, released in late 2018. Built on a full VMware stack of products that simplifies management, monitoring, and support, Expedient Enterprise Cloud delivers a modern API and software-driven architecture that acts similarly to an application cloud while still providing businesses with the hardware redundancy needed while they morph applications to Cloud Native.
And, according to a recent third-party evaluation by Cloud Spectator, Expedient must be doing something right… Its Enterprise Cloud outperformed comparable offerings from leading cloud providers, including AWS and Azure, in nearly all measured categories, including compute, memory and price-to-performance ratio.
Posted on: October 1, 2018 By: Kayla Brown
October isn’t just about dressing up for Halloween or indulging in the first #pumpkinspicelatte of the season – it’s also National Cybersecurity Awareness Month (NCSAM)! Observed every October, NCSAM was created to ensure every American has the resources needed to stay safe and secure online. Forbes noted that by the end of 2018, there U.S. could reach $66 billion in cybersecurity spending. And while total breaches are down from 2017, attackers are changing tactics.
Each week of #NCSAM is divided up by themes:
(October 1-5) It is vital to ensure that each household, including the little ones, understands the value of good cyber security practices – which can also work to build a strong foundation for a career in the industry.
(October 8-12) A major threat to our economy is the shortage of cybersecurity professionals. It’s time for us to step up and raise the next generation of cybersecurity professionals – and there are opportunities for people of all ages. From students, to veterans, to individuals re-entering the workforce, or simply looking for a career change.
(October 15-19) No matter what the industry is, your organization’s online security is a responsibility we all share. It’s important to focus on cybersecurity workforce training and education, emphasizing risk management and resilience.
(October 22-26) Our day-to-day life and well-being depends on the United States’ 16 sectors of infrastructure, which supplies food, water, financial services, public health, communications and power – along with many additional networks and systems. A disruption to any of these systems can have catastrophic consequences to our nation. In the last week of NCSAM, it is vital to emphasize the importance of securing our infrastructure, and highlight how the public can help keep it more safe.
Many of the suppliers in our portfolio specialize in security solutions:
There isn’t one business, individual, or government entity responsible for securing the internet. Each person has a duty in securing their part of cyberspace. When we use the internet safely, we make it more secure for everyone. Together, we can work to implement stronger security practices and boost community awareness to create a digital society that is safer, and more resilient from attacks.