Penetration Testing

Penetration Testing – What is it and why?

Penetration testing takes an offensive approach to security by mimicking techniques and methodologies that would be used by a real-life malicious attacker. It is often required to satisfy insurance and policy requirements.

Penetration tests take a simulated approach to finding vulnerabilities, weaknesses, and misconfigurations in Network, Web Application, Mobile, and Physical security.

The purpose of a Penetration test is to identify any vulnerabilities before an attacker does.
Penetration testing is not the only step in a strong security posture, but it should be used regularly alongside defensive management strategies.

Penetration testers need to know every way an attacker can get into a network, an attacker just needs to get lucky with one.

Infrastructure Penetration Testing
A company’s infrastructure, external or internal defines a group of computers that store sensitive data about employees, clients and often host business-critical software. If this information is stolen and released it can result in a serious loss of reputation, fines, and potentially criminal charges.
What are the benefits of Infrastructure Penetration Testing?
• To assess the infrastructure for security vulnerabilities that allow attackers to obtain sensitive information or compromise entire systems
• Improving the overall security posture, reducing your overall threat landscape
• Many regulatory bodies require Penetration testing

Consultant-led Penetration testing should take place every six months to ensure that all of your applications and infrastructure are in good shape and do not present any vulnerabilities or security misconfigurations.

If you would like more information on our Penetration Testing services, please contact us by clicking here. You can also find more out about Penetration Testing via the Government website, National Cyber Security Centre by following the link https://www.ncsc.gov.uk/guidance/penetration-testing

TruStack Lunch and Learn – Datto SaaS Protection

In 2020, businesses everywhere pivoted to remote working styles. As a result, we saw an increase in the adoption of cloud software and services for increased efficiency and collaboration. What many businesses may not know, is that just because data is created or stored in the cloud, doesn’t mean it’s protected. Cloud migration is set to accelerate in 2021, which could put valuable data at risk to cyber attacks without solutions in place to keep it protected.

A big thank you to all those that joined us on the webinar last week, you can find a copy of the recording below.

For more information on Datto SaaS Protection, or backup, please follow this link to take you to our Contact Us page!

Cisco Umbrella – protection from dynamic cyber threats

Cybercrime never stands still. In January this year, four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords, administrator privileges and access to devices on the same network1. And on 12 March, Microsoft announced that “a new family of ransomware” had been deployed to the compromised servers that were left unpatched2.

This just goes to show that cyber criminals are relentless in looking for vulnerabilities and new attack vectors. And they target organisations of all types and sizes. Right now, many organisations are finding their IT resources stretched thin due to competing priorities.

But security has to come first. Organisations have to be certain they are protected. Attacks are disruptive at best and devastating at worst. Remediating after an attack is far more time-consuming and expensive than preventing it. So, what dangers do businesses need protection from?

Threats are ever-more complex and stealthier

At TruStack, we manage cyber security for customers across multiple sectors and we’ve seen how quickly the threat landscape is evolving. Without doubt, security is getting more complicated. Commonplace threats are still prevalent, but as the attack on Microsoft Exchange Servers shows, the first attack is often no longer the end of the story. Let’s take a look at the key trends that have emerged over 2020, as these indicate the threats we’ll be facing over the coming years.

Trend 1 – Trojans and droppers have a new role

Trojans and droppers remain popular with cyber criminals, but they’re now being used as new forms of malware delivery in multi-stage attacks.

Trend 2 – Orchestrated, multi-staged attacks are rising

Multi-stage, evasive cyber attacks are becoming standard. They use new methods to evade detection by antivirus software, hide data exfiltration actions and coordinate multi-staged manoeuvres through command-and-control (C2) infrastructure.

Trend 3 – Cryptomining invites trouble

It’s been argued that cryptomining isn’t an attack that businesses need to worry about. But in the context of software-based cryptomining where mining software operates anytime the machine is on, there is much higher risk of damaging hardware and it could leave a door open to other attacks.

Trend 4 – Propagating attacks through pandemic-related content

With millions of people desperate for information, malicious actors set up countless sites to phish for credentials and drop malware, often mimicking content from official bodies.

“Will it happen to me?”

The answer is likely to be “yes”. Data from thousands of Cisco customers shows just how prevalent threats are. In the first nine months of 2020, 91% of customers saw a domain linked to malware. 85% saw a domain linked to phishing. 68% saw a domain linked to cryptomining. 63% saw a domain linked to trojans.

It’s clear that cyber security is growing more challenging all the time. And we’re definitely past the point of simply increasing the headcount to fight off multiplying threats. To effectively defend businesses against cyber criminals, you need a security solution that uses the full power of technology to deliver market-leading protection.

Cisco Umbrella – protection everywhere

One solution that’s up to the challenge of today’s threat landscape is Cisco Umbrella. At TruStack, we’ve had a lot of experience in bringing this cloud solution to customers small and large, giving them the reassurance that they are comprehensively protected. There’s so much to recommend Cisco Umbrella. It’s designed to combat sophisticated threats, detecting and blocking them before a full attack is launched. It protects your entire workforce, no matter where they are. It also sweeps away multiple security tools, so IT teams no longer waste time, energy and resources checking different systems.

How does it work?

Cisco Umbrella protects users everywhere with DNS‑layer security and interactive threat intelligence. It combines multiple security functions into one solution, so you can extend protection to devices, remote users and distributed locations anywhere. It enables secure access to the internet and cloud apps, empowering your employees to work anywhere, maintaining productivity while minimizing risk.

For IT teams, it helps to improve security visibility, detect compromised systems and protect users on and off the network by stopping threats over any port or protocol before they reach your network or endpoints. In addition to DNS-layer security, Cisco Umbrella now includes secure web gateway, firewall, and cloud access security broker (CASB) functionality, plus integration with Cisco SD-WAN, delivered from a single cloud security service.

Protecting again +7 million malicious domains

Cisco Umbrella is effective because it leverages data from Cisco Talos, one of the largest commercial threat intelligence teams in the world. Umbrella uncovers and blocks a broad spectrum of malicious domains, IPs, URLs, and files being used in attacks, and discovers 60,000 new malicious domains every day. This is why Cisco’s threat protection is trusted by the largest businesses in the world, but it’s also affordable for any size of business.

Partner with TruStack to get Umbrella for your business

We’re experts at deploying and managing Cisco Umbrella. How you work with us is up to you. We can help you get up and running fast, then let your team take over. However, many of our customers prefer us to provide Cisco Umbrella as a managed service. It means you have the reassurance of our team of security experts overseeing your network. This also gives your in-house IT team more time to handle other projects. There are three packages available, and we can help you choose the one that’s right for your business.

To find out more about Cisco Umbrella, get in touch with us.


SOURCES

[1] https://en.wikipedia.org/wiki/2021_Microsoft_Exchange_Server_data_breach

[2] https://rcpmag.com/blogs/scott-bekker/2021/03/ransomware-exchange-vulnerabilities.aspx

Could You Recover From a Cyber Attack?

Data Protection – Not Just Backup

Over the last year, ransomware attacks have become more and more sophisticated in their approach. We have seen normalities such as deletion of backup files and encryption of all other files in the system.

This poses the question whether it is enough to have one back up and data protection vendor in your environment, or do you need to be looking at a more comprehensive data protection and disaster recovery strategy.

Data Protection

A well thought out data protection strategy relies upon multiple layers to help protect data at the core of a business’s infrastructure. As a business, you can no longer rely solely on a local backup that is always online and readily available. This could potentially lead to a complete loss of data.

There are however different methods that could help to better protect your data, or even other methods of duplicating said data. Each layer should have its own security and hardening in place to protect the data further.

As we know, your data is normally the ultimate target of any ransomware attack. If we start from the inside out, you can normally adjust some minor aspects to assist in protecting the data.

  • There should be appropriate permissions in place to ensure that only users that need access to the data have the permissions to do so. This will then limit the attack surface, should a ransomware attack take place.
  • Ensure that you avoid making all users a global admin.
  • Follow principles such as read-only groups, read and modify and full control.

One product that can be used and is on ‘the truck’ at TruStack is Netwrix. Netwrix can assist with NTFS permissions management and configuring permissions.

Near-Line Storage/Back-Up

Near-line storage or back up is a target that is quick to recover from and is always online. This could range from a server to a NAS or a purpose-built platform that offers benefits such as hardware compression or deduplication. The use case for near line back up is typically used if someone deletes a file and needs to recover that data quickly.

Physically securing these devices is sensible, and like the data at the core, you should follow similar principles.

  • Access to the backup repository should always be configured
  • Do not use default admin accounts
  • Lockdown firewalls
  • Don’t domain join a repository.

Offsite Backup

Offsite backup targets could be considered as cloud-based object storage, another building hosting a backup target, or rotated hard drives.

This offsite backup is classed as your insurance policy should anything happen to your data and the near-line backups mentioned previously.

Depending on where this data is stored, this can offer additional protection from ransomware and malicious attacks. If you find that someone has compromised your server and deletes the backups, what do you do?

You could use a third party back up target. These targets can help to protect your data, even from a ransomware attack, or internal threat. Many vendors offer this type of service which is normally shortened to BaaS, or backup as a service. Vendors that we use include Veeam and Datto.

Air Gap Backups

Air-gapped backups are those that are completely off the network and not online, so there is no way that anyone could log onto the device and delete that data on it. Tape is the most common example of this and something that is still used frequently today.

However, with tape backups you still need to consider how these are going to be stored should the worst happen. At a minimum they should be stored in a fireproof safe, and preferably off-site.

Also, remember that tape does not last forever should you consider using it for archiving purposes, and each LTO generation is only compatible with the most two prior versions.

Snapshots

SAN snapshots are not backups; however, many SANS now offer the ability to create a snapshot of their volumes for a quick rollback. If the worst happens, and as the last resort, a SAN can roll back to a volume that is in a known good state and could be exactly what is needed. The volumes on a SAN where many servers run from are typically not exposed to a production environment where an attacker could manipulate them and delete data.

Securing access to the SAN should also still follow the same precautions as mentioned previously.

Remember, a backup is only as good as the last time it was tested, so make sure that this is done as often as necessary.

For more information on Data Protection and the services that TruStack can provide, please head to our Contact us page.

Netwrix 2020 Cyber Threat and Cybersecurity Report

In June 2020, our partner, Netwrix surveyed 937 IT professionals from all over the globe to learn how their threat landscape and priorities have changed due to this massive shift to remote work.

The findings, which are presented in the report below, will help organisations re-assess their security risks and identify new security gaps.

If you need any advice or have any questions on anything in the report, please do not hesitate to get in touch by clicking here or you can view our Cybersecurity services here.

TruStack Focus On… Cybersecurity

Working from home, or ‘agile working’ as we term it at TruStack, has become increasingly common over the past few months as companies adapt their working practices to cope with the impact of Covid-19. From the results of businesses we have surveyed (agile working report here), we believe agile working will only increase in future, and so businesses must be well-prepared to deal with the issues this will bring. Arguably the most important of these is security.

It is predicted globally that companies will spend in excess of $137 billion in 2020 to protect against cyber threats, with the highly regarded technology research company Gartner predicting the global cost of security attacks on businesses will be around $3.9 trillion!

Cyber-attacks are no longer conducted just by individuals sitting in bedrooms. State and political sponsored cyber-attacks shape global economies and political landscapes. The skills behind the attacks are increasing, the rewards for those committing the tasks are increasing, which means it is reasonable to predict more volume and more complexity of attacks in future. It is vital businesses protect themselves by ensuring their rolling out of agile working does not compromise their data, which many believe is the most valuable of global commodities.

Home networks tend to be far more open, with so many devices – e.g. smart speakers, internet enabled sound bars, games consoles, smart lights, smart phones, smart TVs – potentially sharing a network and broadband with multiple work devices. All of this increases the possibility of a piece of malware, or ransomware, finding a weakness and exploiting it, potentially allowing it to find and spread in the local network. Remote workers need strong security and those systems need stringent monitoring to protect the business data users operate with.

Businesses need layers of protection – no business can rely on a single product, platform or device to protect its data. There are, however, some key steps to take to give your business the best chance of protecting against cyber-attacks. These include having a quality firewall, implementing a quality antivirus platform for user devices like our Worry Free service, carrying out security patching, having a multi-factor authentication process such as Thales and investing in a robust backup and recovery solution whether that be Veeam, Datto or a service out of our Data Centre.

These are just some of the protection measures that TruStack consults around. Ultimately, businesses must have a security-first mindset, from bottom to top, where protection of data is an absolute priority, as we transition towards a largely agile workforce.

For any questions or queries please contact us on [email protected] or contact us here.

Blog Post – Tech Director, Russell Henderson on Cybersecurity and Agile Working

It is predicted globally that companies will spend in excess of $137 billion in 2020 to protect against cyber threats.  However, whilst there are varying estimates and predictions of the global cost of cyber-attacks on businesses this year, the highly regarded technology research company Gartner predict it will be around $3.9 trillion!

Cyber-attacks are no longer conducted just by individuals sitting in bedrooms. State and political sponsored cyber-attacks shape global economies and political landscapes.  The skills behind the attacks are increasing, the rewards for those committing the tasks are increasing, which means it is reasonable to predict more volume and more complexity of attacks in future.

Of all the possible methods of ‘attack’, Ransomware is certainly making itself felt at the minute for businesses. This is when malware encrypts a victim’s environment and the attacker then demands a ransom from the victim to restore access to the data upon payment. We’ve seen a number of attacks in recent months.  In a number of cases, unpatched systems or a weak password in the environment were the initial exploit, these attacks appear more opportunistic than targeted.  Other ever-present threats including phishing and other fraud-based scams which are directed at immediately compromising financial or personal details.

With the countless threats out there to businesses, it is important to have a security-first mind-set in the leadership team. Companies’ focus is so often on time to market, base line product cost and profit margin or process turn-around time. Rarely do you hear “let’s slow down and factor in security throughout the build process or the delivery mechanism”. Speed can, and often does, lead to mistakes or gaps appearing in security, especially when operating over multiple cloud platforms, applications development platforms and open systems.

Business leaders must build in time and cost to account for security throughout their areas of responsibility.  This includes having experienced security specialists involved, whether they are internal people trained up or external consultants and accepting that component choice maybe more expensive for components with better quality security.  Accepting that time scales may lengthen or costs will increase to enhance security is needed.  Also accepting that despite our best efforts you will never be 100% secure, or remain 100% secure, technology and the threat landscape moves at vast speed and what was very secure today can often be exploited tomorrow, a mind-set of continual improvement towards security is also needed.

As working from home is likely to become more commonplace in future, it is vital to account for this when considering security. Home networks tend to be far more open, with devices – including smart speakers, internet enabled sound bars, games consoles, smart lights, three or four smart phones, smart TVs – potentially sharing a network and broadband with multiple work devices.  All of this increases the possibility of a piece of malware, or ransomware finding a weakness and exploiting it, potentially allowing it to find and spread in the local network. Remote workers need strong security and those systems need stringent monitoring to protect the business data users operate with.

Businesses need layers of protection.  No business can rely on a single product, platform or device to protect its data.  An basic example of a layered approach would be to use a latest generation firewall to protect office or home locations and a quality antivirus platform for user devices and servers running on corporate networks.  Additionally, mobile device control and internal network inspection services products are also reasonable steps to take to protect sensitive company, user and client data.

How, where and what data is stored, what service or who is accessing it and how, is a significant consideration.  Security patching, despite being a large, time consuming task, is also important, as is password management: Weak passwords, or passwords that never change are an easy target or an initial exploit to gain access to a company’s resources.

A platform to ingest, correlate and report on the millions of logs generated by these security platforms is also a requirement. Having protection but it being masked by so much data and alerts you can’t see the risks to make use of it is pointless, many businesses now already have or are investing in SoC and SIEM solutions.

These are just some of the challenges and protection measures that TruStack consults around. There are hundreds more products and platforms that need protection and numerous ways to protect, each providing its own benefits and drawbacks and associated costs.

The best “last chance” method of protection you can have is to invest in a robust backup and recovery solution that benefits from an airgap within the solution to protect your data at rest.  This is the very last line of defence and if you find yourself compromised this is often the solution business call upon to recover and cleanse their systems.  The quality of your backup solution will determine if your data is available for recovery and how quickly it can be recovered.

In today’s ever more connected world we need to share or access data ever more readily with more applications and services at greater speed. However, the more open we become, the less secure we become.

It is a common belief that data is now the most valuable of global commodities, be it our personal data or corporate data. Be it for good or for negative purposes, demand to access this data legitimately or illegitimately continues to grow. With data residing in so many different locations – including clouds, corporate networks, mobile and other smart devices, backup media and locations, co-location centres and removable media – it is up to businesses to make sure they have done all they can to protect this information.

It is up to businesses to ensure they have a ‘security-first’ mindset from bottom to top to give them the best chance possible of this happening.

You can read more about our Cybersecurity solutions here or about our Agile Working solutions here.

Or please get in touch with one of the team on [email protected] or click here.

Thales 2020 Data Threat Report

Did you know that 46% of data generated by European organisations is stored within the cloud?

Click on the link below to download the Thales 2020 Data Threat report. This edition produced by the IDC runs through how organisations are securing their multi-cloud environment in 2020.

Get the report now to learn:

  • How digital transformation complicates security
  • Adoption rates of encryption for cloud data
  • Security recommendations and best practices

Trend Micro Security Predictions for 2020

The year 2020 has seen a transition to a new decade. So has cybersecurity. Gone are the days of networks isolated behind a company firewall and a limited stack of enterprise applications.

The Trend Micro security predictions for 2020 reflect experts opinions and insights on current and emerging threats and technologies. The report paints a picture of a possible future landscape driven by technological advances and evolved threats to enable enterprises to make informed decisions on their cybersecurity posture in 2020 and beyond. The future looks complex, exposed, and misconfigured — but it is also defensible.

Download the PDF below to get an insight into cybersecurity 2020.

Trend Micro Security Predictions 2020