Penetration Testing

Penetration Testing – What is it and why?

Penetration testing takes an offensive approach to security by mimicking techniques and methodologies that would be used by a real-life malicious attacker. It is often required to satisfy insurance and policy requirements.

Penetration tests take a simulated approach to finding vulnerabilities, weaknesses, and misconfigurations in Network, Web Application, Mobile, and Physical security.

The purpose of a Penetration test is to identify any vulnerabilities before an attacker does.
Penetration testing is not the only step in a strong security posture, but it should be used regularly alongside defensive management strategies.

Penetration testers need to know every way an attacker can get into a network, an attacker just needs to get lucky with one.

Infrastructure Penetration Testing
A company’s infrastructure, external or internal defines a group of computers that store sensitive data about employees, clients and often host business-critical software. If this information is stolen and released it can result in a serious loss of reputation, fines, and potentially criminal charges.
What are the benefits of Infrastructure Penetration Testing?
• To assess the infrastructure for security vulnerabilities that allow attackers to obtain sensitive information or compromise entire systems
• Improving the overall security posture, reducing your overall threat landscape
• Many regulatory bodies require Penetration testing

Consultant-led Penetration testing should take place every six months to ensure that all of your applications and infrastructure are in good shape and do not present any vulnerabilities or security misconfigurations.

If you would like more information on our Penetration Testing services, please contact us by clicking here. You can also find more out about Penetration Testing via the Government website, National Cyber Security Centre by following the link https://www.ncsc.gov.uk/guidance/penetration-testing

TruStack Lunch and Learn – Datto SaaS Protection

In 2020, businesses everywhere pivoted to remote working styles. As a result, we saw an increase in the adoption of cloud software and services for increased efficiency and collaboration. What many businesses may not know, is that just because data is created or stored in the cloud, doesn’t mean it’s protected. Cloud migration is set to accelerate in 2021, which could put valuable data at risk to cyber attacks without solutions in place to keep it protected.

A big thank you to all those that joined us on the webinar last week, you can find a copy of the recording below.

For more information on Datto SaaS Protection, or backup, please follow this link to take you to our Contact Us page!

Cisco Umbrella – protection from dynamic cyber threats

Cybercrime never stands still. In January this year, four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords, administrator privileges and access to devices on the same network1. And on 12 March, Microsoft announced that “a new family of ransomware” had been deployed to the compromised servers that were left unpatched2.

This just goes to show that cyber criminals are relentless in looking for vulnerabilities and new attack vectors. And they target organisations of all types and sizes. Right now, many organisations are finding their IT resources stretched thin due to competing priorities.

But security has to come first. Organisations have to be certain they are protected. Attacks are disruptive at best and devastating at worst. Remediating after an attack is far more time-consuming and expensive than preventing it. So, what dangers do businesses need protection from?

Threats are ever-more complex and stealthier

At TruStack, we manage cyber security for customers across multiple sectors and we’ve seen how quickly the threat landscape is evolving. Without doubt, security is getting more complicated. Commonplace threats are still prevalent, but as the attack on Microsoft Exchange Servers shows, the first attack is often no longer the end of the story. Let’s take a look at the key trends that have emerged over 2020, as these indicate the threats we’ll be facing over the coming years.

Trend 1 – Trojans and droppers have a new role

Trojans and droppers remain popular with cyber criminals, but they’re now being used as new forms of malware delivery in multi-stage attacks.

Trend 2 – Orchestrated, multi-staged attacks are rising

Multi-stage, evasive cyber attacks are becoming standard. They use new methods to evade detection by antivirus software, hide data exfiltration actions and coordinate multi-staged manoeuvres through command-and-control (C2) infrastructure.

Trend 3 – Cryptomining invites trouble

It’s been argued that cryptomining isn’t an attack that businesses need to worry about. But in the context of software-based cryptomining where mining software operates anytime the machine is on, there is much higher risk of damaging hardware and it could leave a door open to other attacks.

Trend 4 – Propagating attacks through pandemic-related content

With millions of people desperate for information, malicious actors set up countless sites to phish for credentials and drop malware, often mimicking content from official bodies.

“Will it happen to me?”

The answer is likely to be “yes”. Data from thousands of Cisco customers shows just how prevalent threats are. In the first nine months of 2020, 91% of customers saw a domain linked to malware. 85% saw a domain linked to phishing. 68% saw a domain linked to cryptomining. 63% saw a domain linked to trojans.

It’s clear that cyber security is growing more challenging all the time. And we’re definitely past the point of simply increasing the headcount to fight off multiplying threats. To effectively defend businesses against cyber criminals, you need a security solution that uses the full power of technology to deliver market-leading protection.

Cisco Umbrella – protection everywhere

One solution that’s up to the challenge of today’s threat landscape is Cisco Umbrella. At TruStack, we’ve had a lot of experience in bringing this cloud solution to customers small and large, giving them the reassurance that they are comprehensively protected. There’s so much to recommend Cisco Umbrella. It’s designed to combat sophisticated threats, detecting and blocking them before a full attack is launched. It protects your entire workforce, no matter where they are. It also sweeps away multiple security tools, so IT teams no longer waste time, energy and resources checking different systems.

How does it work?

Cisco Umbrella protects users everywhere with DNS‑layer security and interactive threat intelligence. It combines multiple security functions into one solution, so you can extend protection to devices, remote users and distributed locations anywhere. It enables secure access to the internet and cloud apps, empowering your employees to work anywhere, maintaining productivity while minimizing risk.

For IT teams, it helps to improve security visibility, detect compromised systems and protect users on and off the network by stopping threats over any port or protocol before they reach your network or endpoints. In addition to DNS-layer security, Cisco Umbrella now includes secure web gateway, firewall, and cloud access security broker (CASB) functionality, plus integration with Cisco SD-WAN, delivered from a single cloud security service.

Protecting again +7 million malicious domains

Cisco Umbrella is effective because it leverages data from Cisco Talos, one of the largest commercial threat intelligence teams in the world. Umbrella uncovers and blocks a broad spectrum of malicious domains, IPs, URLs, and files being used in attacks, and discovers 60,000 new malicious domains every day. This is why Cisco’s threat protection is trusted by the largest businesses in the world, but it’s also affordable for any size of business.

Partner with TruStack to get Umbrella for your business

We’re experts at deploying and managing Cisco Umbrella. How you work with us is up to you. We can help you get up and running fast, then let your team take over. However, many of our customers prefer us to provide Cisco Umbrella as a managed service. It means you have the reassurance of our team of security experts overseeing your network. This also gives your in-house IT team more time to handle other projects. There are three packages available, and we can help you choose the one that’s right for your business.

To find out more about Cisco Umbrella, get in touch with us.


SOURCES

[1] https://en.wikipedia.org/wiki/2021_Microsoft_Exchange_Server_data_breach

[2] https://rcpmag.com/blogs/scott-bekker/2021/03/ransomware-exchange-vulnerabilities.aspx

IT company predicts full-time office work will become a thing of the past

An I.T managed services company which specialises in helping businesses work from home has predicted only a tiny fraction of North East companies will have all workers back in the office full time in the future.

IT managed services specialist TruStack has enabled hundreds of organisations to implement ‘Hybrid Working’ practices during a year of lockdowns, which first began almost a year ago on March 26 2020.

After consulting many of its customers and suppliers, TruStack’s Commercial Director Phil Cambers believes most businesses will introduce Hybrid Working in the future, where employees regularly switch between working from home and from the office.

Mr Cambers said: “I haven’t spoken to a single client or supplier who have said that all of their workforce will be returning to the office once lockdown restrictions have ended.

“Each one has said they will be operating a level of Hybrid Working, where employees are able to seamlessly switch between multiple locations.

“We believe this will be the way the vast majority of companies across the North East will be working, and this will be the same for businesses across the UK in general, too.

“Whether you are talking about an IT company, housing association, law firm or even a manufacturing company with administration staff, a percentage of that workforce will be working from home in future.“

This past year TruStack has enabled many businesses to be able to work in a hybrid fashion and continue operating during particularly challenging times.

Mr Cambers added: “Working in a hybrid fashion may sound easy but there are many critical considerations which businesses need to be aware of.

For example, it is vital to ensure security is as robust as possible now the four walls of the office have become scattered over an entire region.

“The traditional boundaries of companies’ networks no longer exist so ensuring their home and remote workers are secure is of paramount importance.

“To enable employees to be able to work from any remote location, it is of paramount importance that businesses maintain the same level of security for devices and users working outside of the office as they would within the office.”

One business that TruStack has helped navigate Hybrid Working is Durham-based CDS Security & Fire, which says it plans to continue working this way in future.

Rosie Abbott, Managing Director of CDS Security & Fire, said “TruStack were on hand every step of the way to ensure that we had everything set up correctly so that our customers felt minimal if any disruptions as we moved to Hybrid Working during the lockdown.

“We would not hesitate to call upon TruStack again as they responded to our requests with professionalism and speed during what was an unknown event.

“Much like many other companies, moving forward our employees will be working both from home and from the office, and it’s largely thanks to TruStack that we will be able to do that.”

Away from Hybrid Working, TruStack specialises in end-to-end managed IT services including Cybersecurity and Unified Communications. You can contract TruStack by clicking here.

TruStack Tech Summit Recordings All of the content from the week!

Couldn’t make the TruStack Tech Summit? No problem! 

You can now get all of the recordings by filling out the form below.

From Microsoft 365 to Thales Multi-Factor Authentication there is something for everyone!

  • Keynote – Directors from TruStack, Reflecting on 2020 and Looking Forward to 2021
    Phil Cambers (TruStack) and Russell Henderson (TruStack)
  • Cybersecurity Today and Protecting Your Data – Thales
    Manoj Bhati (Thales) and Ian Sanderson (TruStack)
  • Complete and Connected Cybersecurity with Trend Micro – Stability in a Changing World
    David Byrne (Trend Micro),Ian Sanderson (TruStack) and Steven Maddison (TruStack)
  • Workforce Transformation with Dell – Working Safely and Productively Wherever You Are
    Jason Bone (Dell Technologies) Andy Crawford (Dell Technologies) and Ian Sanderson (TruStack)
  • Microsoft 365 – Are You Getting the Most Out of Your Subscription? The Adoption of 365 in 20/21
    Mark Davies (Microsoft/Westcoast Cloud), Ian Sanderson (TruStack) and Phil Cambers (TruStack)
  • Round Up – Thoughts and Ideas From the Week
    Phil Cambers (TruStack) and Joe Olabode (TruStack)

Webinar Download - TruStack Tech Summit

  • This field is for validation purposes and should be left unchanged.

TruStack Helps its Neighbour as it Expands Across the Globe

Experienced Managed Services Provider (MSP), TruStack is helping one of the North East’s biggest brands – which happens to be one of their neighbours – in its continued expansion across the globe.

Outdoor clothing and equipment manufacturer Montane, which is based in Ashington, Northumberland, has huge plans to expand its presence in various international markets in 2021 after significant investment in 2020.

As part of Montane’s expansion, TruStack – located just a few miles down the road in Cramlington – has provided Montane with an enhanced backup and Business Continuity solution to support its projected growth and expansion.

The recent project saw TruStack deliver improvements to back-up and disaster recovery solutions for Montane, adding to the other solutions already in place.

Montane has also commissioned TruStack to enable staff to work from home, allowing them to access a key line of business applications such as Sage, remotely.

Montane said its neighbour taking comprehensive care of its IT has allowed the business to focus on what it hopes to be a huge year ahead.

Director at Montane David Soulsby said: “We are very happy with our partnership with TruStack.

“In the next six to 18 months we are going to go through a lot of changes as a business and will be relying even more heavily on TruStack to support us on this journey.

“We have had other companies around try to pick up our business but we have never had any reason to part ways with TruStack – we have never had an issue that they have not helped us to overcome.

 “We have been in business for more than 25 years and things have changed a lot for us. No longer can we approach our IT needs on an ad hoc basis. We need to have the proper systems in place to take us forward to support the growth trajectory we are on.

“We like to leave IT to the IT experts and there’s no-one we’d trust more to take on this role  than the team  at TruStack.”

TruStack was formed following a merger of three companies in 2019, and provides end-to-end managed IT services and specialises in Cybersecurity, Unified Communications and Agile Working solutions.

Its team of expert engineers recently enabled hundreds of organisations to work from home during lockdowns.

Amongst its many clients it counts several of the North East’s Top 200 companies – including Muckle LLP and Collingwood Business Solutions – as well as big names across the UK such as the Natural History Museum and Vertu Motors.

Montane began working with one of the companies that formed TruStack more than 11 years ago, and the continued partnership shows TruStack is doing something right, according to Commercial Director Phil Cambers.

Mr Cambers said: “2020 has shown that no matter what sort of business you are you need to invest well in IT, like you would in bricks and mortar.

“What we offer is a well-designed, personalised IT solution that offers stability, and gives companies like Montane the platform they need to go out and do what they do and be successful.

“Montane is a huge, North East brand, that is almost a household name now. It is fantastic to be able to work with a business like that.

“The fact that Montane has worked with us for so long and has continued to trust us to help provide the foundations they need to succeed and grow shows we are doing things right.”

For more information on TruStack go to www.trustack.co.uk or call 0191 250 3000.

Could You Recover From a Cyber Attack?

Data Protection – Not Just Backup

Over the last year, ransomware attacks have become more and more sophisticated in their approach. We have seen normalities such as deletion of backup files and encryption of all other files in the system.

This poses the question whether it is enough to have one back up and data protection vendor in your environment, or do you need to be looking at a more comprehensive data protection and disaster recovery strategy.

Data Protection

A well thought out data protection strategy relies upon multiple layers to help protect data at the core of a business’s infrastructure. As a business, you can no longer rely solely on a local backup that is always online and readily available. This could potentially lead to a complete loss of data.

There are however different methods that could help to better protect your data, or even other methods of duplicating said data. Each layer should have its own security and hardening in place to protect the data further.

As we know, your data is normally the ultimate target of any ransomware attack. If we start from the inside out, you can normally adjust some minor aspects to assist in protecting the data.

  • There should be appropriate permissions in place to ensure that only users that need access to the data have the permissions to do so. This will then limit the attack surface, should a ransomware attack take place.
  • Ensure that you avoid making all users a global admin.
  • Follow principles such as read-only groups, read and modify and full control.

One product that can be used and is on ‘the truck’ at TruStack is Netwrix. Netwrix can assist with NTFS permissions management and configuring permissions.

Near-Line Storage/Back-Up

Near-line storage or back up is a target that is quick to recover from and is always online. This could range from a server to a NAS or a purpose-built platform that offers benefits such as hardware compression or deduplication. The use case for near line back up is typically used if someone deletes a file and needs to recover that data quickly.

Physically securing these devices is sensible, and like the data at the core, you should follow similar principles.

  • Access to the backup repository should always be configured
  • Do not use default admin accounts
  • Lockdown firewalls
  • Don’t domain join a repository.

Offsite Backup

Offsite backup targets could be considered as cloud-based object storage, another building hosting a backup target, or rotated hard drives.

This offsite backup is classed as your insurance policy should anything happen to your data and the near-line backups mentioned previously.

Depending on where this data is stored, this can offer additional protection from ransomware and malicious attacks. If you find that someone has compromised your server and deletes the backups, what do you do?

You could use a third party back up target. These targets can help to protect your data, even from a ransomware attack, or internal threat. Many vendors offer this type of service which is normally shortened to BaaS, or backup as a service. Vendors that we use include Veeam and Datto.

Air Gap Backups

Air-gapped backups are those that are completely off the network and not online, so there is no way that anyone could log onto the device and delete that data on it. Tape is the most common example of this and something that is still used frequently today.

However, with tape backups you still need to consider how these are going to be stored should the worst happen. At a minimum they should be stored in a fireproof safe, and preferably off-site.

Also, remember that tape does not last forever should you consider using it for archiving purposes, and each LTO generation is only compatible with the most two prior versions.

Snapshots

SAN snapshots are not backups; however, many SANS now offer the ability to create a snapshot of their volumes for a quick rollback. If the worst happens, and as the last resort, a SAN can roll back to a volume that is in a known good state and could be exactly what is needed. The volumes on a SAN where many servers run from are typically not exposed to a production environment where an attacker could manipulate them and delete data.

Securing access to the SAN should also still follow the same precautions as mentioned previously.

Remember, a backup is only as good as the last time it was tested, so make sure that this is done as often as necessary.

For more information on Data Protection and the services that TruStack can provide, please head to our Contact us page.

SD-WAN – Simple, Dynamic Networking

It’s been a challenging year for IT. The pandemic has reshaped everyone’s working habits. Businesses first had to adapt to remote working, almost overnight in some cases. More recently, we’ve seen a move to hybrid working, with employees returning to the office when permitted, and working from home on others. And things continue to be fluid.

It was through this run of events that some businesses found out exactly what their network could and couldn’t do. Those that had already prioritised agility and mobile working found themselves in a better position to cope with rapid change and make a success of business continuity. Others have been playing a tricky game of catch up, and many IT teams are still feeling the pressure of this.

Make a positive move

What these events have highlighted is that organisations need to be a step ahead on networking capabilities. And the move many are choosing to make to improve agility and security is the move to Software-Defined Wide Area Networking. SD-WAN is particularly relevant for SMBs with multiple branches. Whether you have 200 employees or 2,000, SD-WAN can help you improve the performance of cloud applications, boost user experience and cut costs. 

What’s wrong with traditional WAN?

Traditional WANs weren’t designed for cloud services and SaaS applications, such as Office 365, Salesforce, Slack and Dropbox. Typically, traditional WANs require backhauling all traffic from branch offices to a hub/data center for security. The delay hinders application performance, which in turn causes a poor user experience, denting productivity and morale. This set up can also mean you’re paying more than you need to for the traffic flowing across your network. 

Why is SD-WAN the answer?

In essence, SD-WAN is a highly secure, software-based approach to wide area networking, that provides greater flexibility and control over connections between multiple sites in an organisation. It can use any mix of connectivity – broadband, 4G/LTE, FTTC and MPLS – letting you control how traffic is directed and prioritised across multiple uplinks. It enables your network to adapt instantly and intelligently to changing performance conditions and maintain quality of service. With SD-WAN solutions able to provide security and intrusion protection, cloud-destined traffic doesn’t have to be backhauled from each branch to a central hub. It can flow from branch to cloud safely and securely, delivering improved application performance. Real-time performance monitoring makes it easy to spot and fix issues across the network, often before quality of service is affected. 

What does this mean for business?

SD-WAN can overcome legacy issues associated with MPLS, deliver cost savings, simplify management and boost agility. Businesses can make cost savings by directing traffic along the right connectivity option. For example, you can steer traffic away from MPLS and onto cheaper broadband where quality of service isn’t an issue. More expensive MPLS can be reserved for latency-sensitive traffic, such as VOIP. Smarter routing improves application performance wherever employees are working – in-branch or remotely. 

With SD-WAN technology, you have centralised control via a user-friendly dashboard. Changes can be made quickly and easily in minutes, whether they are part of the company’s strategic vision or in response to unforeseen circumstances. This increased agility strengthens the business’s ability to take future events in its stride.

Lake District National Park Authority – a real-world example

We recently partnered with the Lake District National Park Authority (LDNPA) to bring their network infrastructure up to date. They have 12 offices spread over 900 square miles, with a mix of connectivity solutions – SDSL, ADSL, fibre to the premises and radio, plus VOIP and homeworkers on VPN. There were a number of factors driving the need for change – ageing firewall, limited functionality on VPN routers, no redundancy and security concerns. After considering a number of solutions, Cisco Meraki was selected. 

Happy, confident customers

By using Cisco Meraki, we were able to deliver a reliable SD-WAN solution that ticked off all required outcomes – WAN Failover with Auto-VPN, no dependence on fixed IP, PCI compliance, improved malware detection, support for more nodes and remote access VPN. It was efficient to implement, with downtime for some sites as low as 10 minutes. LDNPA now has a platform that’s secure, easy to manage and ready to be built on as needs arise.

A flexible solution to fit your business

What this example demonstrates is how SD-WAN overcomes many legacy issues and limitations with minimum effort. Cisco Meraki is a particularly powerful solution as it offers a complete cloud-managed IT portfolio with single pane of glass management. Integrated hardware, software and cloud services deliver simple, secure, optimised connectivity. You can manage it in-house or take advantage of our managed service option. 

Trust TruStack to get you future-ready

At TruStack, we’ve put SD-WAN in place for many different customers, and we can offer the upfront expertise and ongoing support that creates an end-to-end solution for businesses small and large. If you’d like to understand what SD-WAN could do for your business, please get in touch with us. 

Contact us via our form available here.

Hacker warning for businesses with employees working from home

IT security experts are warning businesses to take steps to combat hackers as working from home becomes more common during the Covid-19 pandemic.

TruStack, based in Cramlington, specialises in Agile Working Solutions and Cybersecurity and has enabled hundreds of organisations to work from home during the recent lockdowns.

Figures from the Office of National Statistics show a quarter of all employees are currently working from home (https://www.ons.gov.uk/peoplepopulationandcommunity/healthandsocialcare/conditionsanddiseases/bulletins/coronavirustheukeconomyandsocietyfasterindicators/latest#social-impacts-of-the-coronavirus-on-great-britain), but this number could increase if more areas are put under tighter regulations in the coming months.

Now TruStack’s experts have warned that many businesses may not realise the full security implications of its employees moving from working in an office to working from home.

Technical Director Russell Henderson said: “Business data of all types is of value and anybody can be a target, with methods of stealing this data more sophisticated than ever.

“Continuous scanning to find vulnerabilities in businesses security and to exploit threats occurs, and it is likely attacks will become more frequent as well as more complex, so no matter your business size you need to be focused on keeping your data as secure as possible.

“Home networks tend to be far more open, with so many devices – e.g. smart speakers, internet games consoles, smart phones, smart TVs, doorbells, home alarms – potentially sharing a network and broadband with work devices.

“All of this increases the possibility of a piece of malware, or ransomware, finding a weakness and exploiting it, potentially allowing it to find and spread in the local network.

“Remote workers need strong security and those systems need stringent monitoring to protect the business’s data.”

It is predicted globally that companies will spend more than $137 billion in 2020 to protect against cyber threats.

Meanwhile technology research company Gartner has predicted the global cost of security attacks on businesses will be around $3.9 trillion.

Mr Henderson said there are many steps businesses can take to shore up security but that a multi-layered approach is needed to keep data safe.

He added: “No business can rely on a single product, platform or device to protect its data but there are some key steps to take to give your business the best chance of protecting against cyber attacks.

“These include having a quality firewall, implementing a quality antivirus platform for user devices and servers, carrying out security patching, having a multi-factor identification process and investing in a robust backup and recovery solution.

“These are just some of the protection measures that TruStack consults around. Ultimately, businesses must have a security-first mindset, from bottom to top, where protection of data is an absolute priority, as we transition towards a largely agile workforce.”

TruStack provides end-to-end managed IT services and specialises in Cybersecurity, Unified Communications and Agile Working solutions.

Amongst its many clients it counts several of the North East’s Top 200 companies – including Muckle LLP and Collingwood Business Solutions – as well as big names across the UK such as the Natural History Museum and Vertu Motors.

It has enabled many of these clients to work from home recently, and has also been following its own advice with almost all of its workforce undertaking agile working.

Netwrix 2020 Cyber Threat and Cybersecurity Report

In June 2020, our partner, Netwrix surveyed 937 IT professionals from all over the globe to learn how their threat landscape and priorities have changed due to this massive shift to remote work.

The findings, which are presented in the report below, will help organisations re-assess their security risks and identify new security gaps.

If you need any advice or have any questions on anything in the report, please do not hesitate to get in touch by clicking here or you can view our Cybersecurity services here.