Menu

Tec-Discussions

Check out the newest discussions

SMBs Look to Cloud-Based UTM

According to a Manta report, fewer than 20 percent of small businesses protect their networks with firewalls or anti-malware software, while another 87 percent don’t believe they’re at risk. Their low-level of defense and overconfidence in security makes them an attractive target for cyber thieves. Even SMBs that recognize lurking danger lack the proper resources to address it.

The reality is, SMBs face growing risk from network attacks, yet they have limited resources for their defense. On-premises threat protection is expensive to purchase and requires niche expertise to manage. The fallback of a patchwork security approach does little to protect them and could lull companies into a false sense of security that leaves them vulnerable.

Unified threat management (UTM) provides security through a single vendor using a single management point. Email, web, and network security are combined into one service. Along with management simplicity, it saves an SMB money compared to the cost of buying separate products from different sources. It consolidates security management and makes it easier to identify and manage vulnerability.

The Rise of SaaS

Businesses of all sizes are adopting cloud-based SaaS applications. The SaaS cloud market penetration is closing in on 94 percent, and almost every SMB is expected to have at least one SaaS cloud application by the end of 2017. SaaS provides scalability and easy remote access while reducing the need for on-site hardware and management. At the same time, it raises new security issues. A business that uses cloud services has extended its network beyond its walls and has more points of access to protect.

Cloud UTM delivered as a SaaS application reduces the need for complex and costly onsite hardware and management. At the same time, it raises new security issues, as it extends the network beyond its own walls and has more points of access to protect. It protects devices and cloud services connected to the network, regardless of where they are. It lets system managers track security across multiple facilities. It’s scalable, keeping the same management interface as the network is upgraded. Administrators don’t have to travel to the network’s site to address emergencies, improving response time.

Fortinet for Cloud

Fortinet now allows cloud-based management of its FortiGate UTM through FortiCloud. FortiCloud already has seen rapid growth in adoption for managing security services. It manages over 280,000 security devices.

The FortiGate next-generation firewall (NGFW) series is an economical way for SMBs to manage all aspects of security. It offers protection against both known and new threats. Encrypted SSL traffic is inspected to guard against application-level (layer 7) attacks. The series includes devices ranging from economical entry-level ones to powerful high-end protection.

FortiCloud and FortiGate integrate with Fortinet’s Security Fabric approach. This approach covers the entire attack surface, including desktops, mobile devices, cloud services, and IoT devices. It treats the network as a whole, analyzing traffic and communicating threat information across the network.

Gartner has declared Fortinet a leader in its Magic Quadrant for UTM. It cites Fortinet’s large threat research team and good price-performance ratio. Magic Quadrant leaders excel in both vision and execution.

Tech-Refresh is a Fortinet partner that provides solutions that reduce complexity within your IT infrastructure. We can help you customize a security solution that combines the visibility and control of UTM with the ease-of-use and cost-efficiency of the cloud. Contact us to learn more.
 

New Bill Seeks Basic IoT Security Standards


Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices.

Read More…

4 Steps To Beating Ransomware Threats

At least 200,000 computers were infected by the WannaCry ransomware attack this past May, wreaking havoc on banks, hospitals and other major industries worldwide. Just one month later, the Petya attack spread to 65 countries and 2000 systems worldwide.

When ransomware like WannaCry and Petya infect your network and encrypt your critical data, you only have a few choices — and none are very good. You can pay to (hopefully) get your data back or lose your mission-critical information forever. And while you’re figuring this out, your network is shut down, which can lead to dire consequences. For affected hospitals, this meant delaying time-sensitive medical tests, postponing surgeries and facing regulatory fines related to exposure of sensitive patient data.  

The sophistication and recurrence of ransomware attacks have made it crystal clear to the InfoSec community that ransomware is a top threat that demands immediate attention.

However, many organizations still focus too heavily on internal vulnerabilities — addressing them by having IT do what it has always done — educate employees about the dangers of social engineering, installing anti-virus software and monitoring the network. Unfortunately, with the increasing persistence and intelligence of modern malware and malicious threat actors, these techniques are no longer enough.

The problem is that businesses today don’t operate in a stand-alone environment, and without the right security your data is at the mercy of your supply chain. Your vendors’ actions can do as much, or potentially more, harm to your own employees. When planning your security strategy, failing to factor in measures to address potential vulnerabilities in your electronic interactions with third-party players leaves the doors wide open malicious threats.

What are enterprises to do? Take action!

Staying on top of your game requires that your business has not just a fast network, but a network that is secure continuously and across all endpoints, locations and devices. To fight against ransomware, we recommend that your cybersecurity plan includes these 4 elements:

  1. Understand what your organization has for endpoint security and, importantly, also know what your third-party partners and vendors have.

  2. Improve threat response time and impact with an automated, integrated solution that combines behavior-based prevention, detection and mitigation with big data-driven threat intelligence that can be shared in real-time by multiple security devices.

  3. Maximize visibility and control across physical and virtual environments and all endpoints with  Fortinet’s collaborative security fabric that extends fully integrated protection across the entire attack surface.

  4. Prepare for what’s next. We’re only halfway through 2017 and the IT community has seen enough attacks to understand that it’s not a matter of if, but when. Ensure your critical data is backed up and offline so that recovery is both fast and secure – no reason to pay to unencrypt data that you have kept securely offline.

Traditional, internally-focused security measures just aren’t enough to protect your network against ransomware and other external threats. Tec-Refresh delivers comprehensive security solutions that protect your sensitive critical data, anywhere and anytime.

Using AI to Break Detection Models


Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.

Read More…

Fortinet UTM Named Gartner Magic Quadrant Leader 8 Years Running

The year 2017 marks the eighth time in a row that Fortinet has been named a Leader in Gartner's Magic Quadrant for Unified Threat Management (UTM). Gartner ranks Fortinet higher than any competitor in its ability to execute and among the highest in its completeness of vision. The report notes the quality of Fortinet's performance and pricing for SMB customers, its large threat research team and the integration of many products through its Fortinet Security Fabric.

How Fortinet makes a difference for SMBs

Smaller businesses are regular targets for criminals due to several factors. They face difficult security challenges with limited resources. The increased use of mobile devices, cloud services and Wi-Fi has fueled network growth. Trying to protect all the components separately is complicated and likely to leave gaps. Security products from multiple vendors don't always work well together.

To make sure their networks are fully covered, many SMBs are turning to Unified Threat Management (UTM), also known as Multifunction Firewalls. This approach centralizes control and notification. System managers can keep track of network security status without having to examine multiple sources in different formats. A large security staff is seldom cost-effective for businesses with under 1,000 employees, and UTM avoids the need for one. Fortinet stands out in the flexibility and thoroughness of its UTM offerings.

Network protection shouldn’t come at the expense of performance. Fortinet offers ASIC-accelerated appliances to provide a high level of protection without slowing traffic down. Additional Fortinet products can be introduced to the network as it grows, without fragmenting the security structure.

The Leader quadrant

Gartner is widely regarded as the leading research and advisory company in the world. Its evaluations help businesses find the best solutions for security and other technology needs. The firm’s Magic Quadrants display the relative positions of competitors in a market. Fortinet stands in the Leader quadrant because it presents a strong vision for the future as well as delivering top-quality results today.

Gartner estimates that by the year 2022, 25% of SMBs will use multifunction firewalls (UTM), up from less than 2% in 2017. The report lists numerous reasons UTM appeals to SMBs, including browser-based management, a short learning curve, and localized software. The market is a dynamic one, and leaders constantly add new functions to their platforms.

The benefits of choosing Fortinet

Security for a network requires defense in depth. Simply protecting individual devices and putting a firewall around them isn't enough. Fortinet goes beyond this level, maintaining communication with all points on the network. It watches for abnormal traffic, which can be a sign of a threat or breach that otherwise would escape notice.

SMBs need both simplicity and effectiveness in meeting their special security challenges. They can't afford a specialized security team. They need to make sure that as their network changes, its security measures will adapt without a lot of manual effort. They don't have the time to read through detailed logs to pull out the most important information.

Gartner’s Magic Quadrant recognizes Fortinet as a leader whose technology and products let businesses maintain the level of protection they need for today's internet. Fortinet's Security Fabric offers many advantages for SMBs. It unifies network protection and covers all points on the network's attack surface. System managers can review and manage all security capabilities through a unified console. Ongoing innovation assures them they'll stay protected as threats change in the future. Having a single vendor and support contact makes threat management easier.

For SMBs with small budgets and big security concerns, Fortinet is a powerful option. As a Fortinet partner, Tec-Refresh delivers their winning UTM solution for growing companies.Contact us to learn more.

8 Unforgettable Lessons from Fortinet’s Q4 2016 Threat Landscape Report

How do you stay one step ahead of those increasingly crafty cyber criminals?  By studying trends and understanding criminals’ behaviors and preferred tactics. You can start with Fortinet’s Q4 2016 Threat Landscape Report, which gives you a comprehensive view of what’s going on in cybersecurity.  

What You’re up Against

Cyber attacks are getting bigger and more sophisticated. This rising aggression and unpredictability in the threat landscape has companies scrambling to defend themselves.

In the final quarter of 2016, the world saw the largest data breach and denial of service attack to date. And businesses are still reeling from the recent WannaCry ransomware attack, which affected at least 150 countries and may end up costing as much as $4 billion.   

As an organization, you can’t sit back complacently waiting for the next attack.  You need to arm yourself—with the right information.

Fortinet Intelligence is a Powerful Weapon

To compile the Threat Landscape Report, our technology parter Fortinet, exhaustively looked at over a trillion security events from the last three months of 2016.

What they found is that many of the threats we’re seeing today aren’t new. Take, for example, SQL Slammer, which topped the application exploit list for the final quarter of 2016.  It’s been around for years. Threats mutate over time, so it’s helpful to study past incidents to stay one step ahead.   

Here are eight revelations highlighted in the report. By addressing them now, you can be better prepared to counter a cybersecurity attack:

  1. Watch your devices. Cyber criminals are ratcheting up attacks on unprotected and vulnerable IoT devices.  Printers and routers are particularly susceptible.
  2. No one is safe.  Cyber criminals are casting wider nets for their prey—making everyone a potential target.  Alarmingly, the Fortinet study found a whopping 10.7 unique application exploits per organization.  
  3. Make sure you stay current with patches.  The report shows 86% of firms registered attacks to exploit vulnerabilities that were over ten years old—reinforcing the importance of keeping software up- to-date.  
  4. Beware of ransomware. The report found that the healthcare sector was the most common victim of ransomware attacks, but all industries should be on guard.  A rise of Ransomware as a Service (RaaS) is also concerning.  
  5. Watch out for malware.  You should be particularly wary of Nemucod and Agent.  
  6. Mobile is vulnerable.  Mobile malware is a global problem and was reported by about one in five organizations — more than what Fortinet’s seen in the past.
  7. Botnets still give companies grief. Fortinet detected an average of nearly seven unique active botnet families per organization.
  8. Cyber criminals never take a holiday. Cyber crooks often target organizations when they’re not expecting it, such as attacking universities during a school break.  

What Organizations Can Do to Counteract Cyber Threats

Companies can take the information gleaned from the Fortinet report and put it into action. Regularly review your security policies, and make sure you’re up-to-date on all necessary patches.  
As a partner of Fortinet, Tec-Refresh can help businesses address the challenges on the threat environment. To gain a better understanding of what you’re up against, download the full Fortinet Q4 2016 Threat Landscape Report.  

Top 10 Cybersecurity Facts

Warning – Watching this video is not for the faint at heart.

3 Ways To Prevent A Ransomware Attack

See what any organization can do to stave off a worldwide attack TODAY.

5 Security Priorities to Outsource to an MSSP

Unlike your IT department, cyber-attackers don’t need to be experts in every aspect of IT security. They only need one method that works.

IT departments need experts to close gaps in security – but most are having difficulty hiring skilled, infosec talent. There are currently 200,000 unfilled security positions in the US alone and experts say that number could increase to 1.5 million by 2019.

Making matters worse is the increasingly dangerous, complex  threat landscape where:

  • Ransomware activity increased 10% in Q1.
     
  • Mobile malware volume grew from 1.7% in Q4 2016 to 8.7% in Q1 2017.
     
  • Network visibility and control is diminishing with upward trends in cloud adoption.

Add to this the fact that the total average cost for a breach is $7 million and the stakes have never been higher. How can your security keep up with cyber-threats when it’s impossible to be an expert in everything?

The answer for more and more businesses is to outsource specific security functions to Managed Security Service Providers.

Consider a Hybrid Approach to Outsourcing

Working with MSSPs offers specialized skills and great competency which can help reduce the complexity and improve the quality of your security. But it shouldn’t be your only strategy. Rather than outsourcing every security function, consider a hybrid approach where you build your internal team with certain specialties and then use MSSPs to fill any gaps.

As you consider the holes in your own IT security, here are 5 security priorities to think about outsourcing:

  1. Security Monitoring: Building a comprehensive security operations center can be a major challenge for SMBs in terms of budget and manpower. While there are many MSSPs offering monitoring services, be sure to carefully check all qualifications, set a service agreement and use checks to hold your service provider accountable.
     
  2. Security Intelligence: For a cybersecurity technology company like Fortinet to gain a complete view of the threat landscape in 2016, they had to collect data on billions of threat events and incidents through a network of devices and sensors. This isn’t an option for an SMB, but an MSSP can maintain a full understanding of the threat landscape and known industry threats and use this information to improve your security intelligence.
     
  3. Security Testing and Third-Party Assessments: Many vendors and regulators require assessments to be run by third-parties, but that isn’t the only reason to outsource these functions to an MSSP. For certain security tests such as penetration testing and application security testing, the objectivity and expertise of an MSSP can find holes you may have missed and help turn your security into an enabler, rather than a disabler.
     
  4. Incident Response: A recent study found 65% of organizations identify skills shortages as the largest impediment to improving their incident response. An MSSP can provide you an incident response plan with an experienced team to execute it so you can work to plug security holes as soon as they are identified and limited the damage.
     
  5. Compliance Requirements: Many compliance requirements involve the use of third-parties for vulnerability scans, penetration tests and other assessments, but that isn’t the only benefit. As PCI DSS compliance changes constantly and becomes more complex, working with an MSSP can help you navigate the various requirements to ensure you avoid any fines or penalties while maintaining your security.

As a Fortinet partner, Tec-Refresh can offer the managed security services to fill gaps in your security expertise and leverage a network of security intelligence and tools. To learn more about our GIAC certified cyber security initiatives, call Tec-Refresh today!

3 Secrets of a Successful Security Automation Strategy

Computer security threats keep growing in number and sophistication. The Internet of Things (IoT) has added to the number of targets to defend as well as the number of attack sources. So have mobile devices. WannaCry was certainly just the start of a new wave of worm-based malware, with the Petya worm quickly on its heels. These attacks don’t rely on human error but spread directly from one computer to another.

In an increasingly worm-infested world, a reactive approach to security isn’t enough. Humans can’t keep up without help, and anti-malware software can’t stop everything. Security automation is necessary if an organization hopes to stay safe.

Three keys to automated security

A successful approach to automated security encompasses three elements:

  1. Data availability.: Keeping up with the data is necessary, though not sufficient. Any system tied to the Internet is constantly being probed for weaknesses. There may be a huge amount of security-related information, and the first step is to make sure it’s all available.

  2. Holistic perspective: Sound decision making requires bringing together the data from across the network, understanding the intelligence  and distinguishing significant indicators from unimportant ones. Success comes from  treating the network as a whole; discrete devices, each protecting separate components, can't do the job.

  3. Rapid action: A successful defense turns intelligence into action. With security automation, threat and breach detection and response is faster and more precise — which helps to contain the damage.

Automated security in action

Security automation looks for patterns that indicate trouble. This includes not just malware signatures but unusual types and levels of activity. Every network has different patterns of normal behavior, and automation tools must be able to detect what’s abnormal for that network.

When a new device is added to the network, the network security platform should automatically interoperate with it. Sharing information from every point on the network gives the best chance of identifying anomalies and their source. For example, if a device starts querying every other device on the network and normally shouldn't, there’s probably a security issue.

Upon identifying a threat, the security system should take immediate action to mitigate it and notify human users. The IT security staff can then look at the report and understand what has happened, and perhaps why. From there, the security team can decide what further action is necessary

The fabric-based approach

Fortinet’s security fabric brings together all the network’s discrete security tools to form an integrated, automated solution. Automated information sharing between physical and virtual tools such as firewalls, endpoint security and behavior-based advanced threat protection (APT) solutions are central to the effectiveness of the security fabric.

Getting there from here

Automation isn’t as simple as turning on a switch. The earlier you start, the sooner you’ll have the level of protection that’s needed. You'll then have the best chance of keeping up with today’s threats and future ones.

Tec-Refresh will help you get started on this path, developing an automated security strategy that will reduce the security risks your network faces. As a Fortinet partner, Tec-Refresh can provide you with the best tools and methods for moving toward intelligent security automation.