See You in San Francisco!
As I’m sure is true with most security vendors, the weeks before the annual RSA security conference are hectic. I’m writing this blog on Friday, now that most of the preparation for our presence at the conference next week is done, and I’m wrapping up some last-minute action items before I head out. Of course, this is just the calm before the storm. Next week is the main event with about 30,000 security professionals in attendance.
The theme of this year’s RSA Conference is “Change. Challenge Today’s Security Thinking.” In the fast-moving world of information security, change is everywhere. Threats change. Protection changes. Attackers and their motivations change. Only maintaining the status quo will lead to serious issues down the road. Many of the sessions at this year’s conference are aimed at helping security professionals... read more >
Securing Network Access and Adopting Least Privilege
Last week’s post, Lobby Security and Beyond – Week 4 of 7: Deploying Video Surveillance and Card Access, discussed how to implement video surveillance and card access systems for your lobby and beyond. This week’s post covers the importance of protecting your network and the use of least privilege.Network Access
If you have a phone in your lobby as a convenience to guests, configure the phone to dial only local or internal numbers. People are strange. You never know who or where they will call if given the chance to make a free long-distance call. Also, ensure that the ports phones are plugged into only support voice and disable data. Most people today have cellular phones, so you may want to consider not having a phone in your lobby at all. The Security Desk personnel should have a phone in the event there is an emergency and someone needs to make a call.
If there are network ports in... read more >
Teaching an Old Vulnerability New Tricks
Punch rewind on the VCR. Yes, it needs to be a VCR because we are going to 1997. /Listens to the whirring of magnetic tape for what feels like ages/ There with me? Good. Let's watch as researcher Aaron Spangler discovers a vulnerability in Microsoft Internet Explorer that allows an attacker to steal user credentials using the Windows Server Message Block (SMB) protocol. The show goes on with Aaron reporting it to Microsoft and the decision not to patch it being made.
Fast forward to present day /skips a few chapters on a digital file./ Whew.
I love advancements in technology! While testing a bug in a messaging application, a researcher with Cylance SPEAR, discovered an extension to Aaron's vulnerability. The trouble is, it affects all versions of Windows on tablets, desktops and servers, including the yet to be released Windows 10. If exploited properly, an attacker can use this vulnerability to extract user credentials from many software packages, including the... read more >
Three steps to help change the security paradigm.
Solutionary, as a Managed Security Services Provider (MSSP), not only has insight into the types of events that occur in our clients' environments, but also sees how the CSOs, CISOs, and CIOs responsible for protecting those assets respond. From our unique position, we are able to evaluate what works for different organizations and what doesn’t.
We are able to observe how these leaders approach data and asset protection from a very operational perspective. Seeing these different approaches on a day-to-day basis gives us a unique understanding of what technologies and roadmaps actually work and, just as importantly, which do not.
One consistent observation is clear, “if you do not plan it, it will not happen, or it will not happen with great success.”
What do I mean?
One of the greatest failures we see is that organizations do not realize that securing their data requires both tactical... read more >
Deploying Video Surveillance and Card Access
Last week’s post, Lobby Security and Beyond – Week 3 of 7: Locking Entrances and Securing the Perimeter, provided benefits and guidance regarding locking entry doors and securing your perimeter. This week’s post covers deployment of video surveillance and card access systems.Deploying Video Surveillance
Cameras are an excellent deterrent and having dedicated security desk personnel monitoring them indicates to guests that your facility is secure. You should strategically place Closed Captioned Television (CCTV) cameras throughout the facility. I could write an entire blog regarding video cameras but for now, we’ll focus on guests. At the security desk, have a display with a few strategically selected live camera feeds, including a close-up of the individual upon entry and at the security desk. Doing so sends a powerful message to the guest, or threat actor, that they... read more >
5 Simple Ways to Protect Yourself
Now that I have full control of your device – oops − I mean attention, let me tell you a little about Near Field Communications (NFC). With its adaptation into smartphone digital wallets, smart homes and apparently even whiskey bottles, NFC is becoming more mainstream everyday. I rescind my own reservation that this technology is “just a fad.”
With everything going mobile, as they say, I would love nothing more than the idea of simply carrying around what I could call the "Swiss army knife of everything that is me," otherwise known as my phone. It could be my driver’s license, my debit card and my computer all at once. This comes, however, at a daunting cost for the... read more >
Locking Entrances and Securing the Perimeter
Last week’s post, Lobby Security and Beyond – Week 2 of 7: Implementing a Security Desk, provided an overview on how to implement a security desk at your facility as well as managing guests and vendors. This week covers why it may beneficial to lock your entrances during regular business hours and how to secure your perimeter.Locking Entrances
This is a tough one to tackle. In most cases, you want your guests to feel welcome immediately upon arriving at your facility. Requiring a guest to press a button on an intercom to ring the security desk may be an annoyance to some visitors, especially if inclement weather is a factor. To others, this may seem like a very safe and secure environment that has the best interests of employees and clients in mind. Once your guests have visited your facility and have been through the process, they’ll... read more >