MSSP Live 2022 Top MSP Cybersecurity Takeaway: Teamwork Makes the Dream Work

October 04, 2022

A common dedication to providing excellent client services, a driving need to enhance cybersecurity capabilities and an outstanding cyber monetization opportunity generated tremendous energy and focus among attendees at the recently concluded first annual MSSP Live event.

How to Combat the Rising Costs of Cybersecurity Insurance

January 27, 2022
Even though your business may have cybersecurity insurance, it doesn’t mean you can avoid the steps necessary to prevent bad things from happening. Similar to our own healthcare, it’s no secret that being diligent with preventative care and a consistent healthy lifestyle not only protects your health but also protects your pocketbook from more serious illness, no matter what kind of insurance you have. 

Demystifying MDR: Five Myths for MSSPs

February 17, 2022
Small-to-medium-sized businesses (SMBs) are continuously seeking ways to safeguard their data and resiliency against persistent criminals through increased cyber defenses. But their security service providers often find that they are ill equipped to address advanced threats, let alone know where to begin. Managed Detection and Response (MDR) solutions are gaining traction with resource-constrained organizations looking for 24/7 proactive protection. The threat landscape and MDR marketplace is evolving, creating confusion for Managed Security Service Providers (MSSPs) and customers alike.

The Evolution of the Hacker

October 19, 2015
Technology keeps improving, as do hackers. Hackers have been around for years and years; from exploiting the vulnerabilities of telephone lines to penetrating big retail stores' networks. As hackers get smarter, so do we.

There Is No Honor Among Thieves – Target Could Take Advantage of This

February 17, 2014
For the past several months, there have been numerous stories about major retailers that have been breached by hackers. The result is that millions of credit cards have been stolen. In the case of Target, so far it is reported that 40 Million customer credit cards have been exposed, and 70 Million total records with personal information have been stolen.

What tools are hackers using to access businesses’ networks?

May 13, 2016
2016 Verizon Breach Investigations Report (Part 2 of 3)
In our previous post we showed you that regardless of the business’ size, location or industry, many are targets to hackers. So how are hackers getting into these businesses’ networks and stealing data?

Protecting your business from hacker’s attacks.

May 20, 2016
2016 Verizon Breach Investigations Report (Part 3 of 3)
We've covered the 4 patterns of attack used by hackers, expanded on how dangerous these attacks are and how hackers are hurting your business. But did you know, many of these attacks can be prevented with a little help and knowledge? 

POS VARs - Don’t be a Target!

July 26, 2016
When business owners start looking at Point-of-Sale (POS) systems, they may feel overwhelmed at the infinite amount of options they can find online. How does a business owner make a decision? How do they know it’s the right decision?

IT Service Providers: Mind the Security Gap

September 19, 2016
Persistent threats affecting businesses of all sizes and in all verticals are becoming more consistent and hitting more frequently. The 2016 Verizon Data Breach report analyzed 100,000 incidents, of which 3,141 were confirmed data breaches.

A haunting tale, just in time for the fall: Don’t let what happened to them, happen to you…

October 09, 2017
The old Haunted Hotel with squeaky wood floors, welcomed all guests who dared enter the front doors. Guests arrived from every nation – every corner of world – ready to spend money and explore.

The “Bumper-to-Bumper” Security Solution of POS Systems?

November 01, 2017
When Point-to-point encryption (P2PE) was standardized by the PCI Security Standards Council, many thought it would become the be-all end-all security solution they needed. It would protect customer data and relieve some of the burden of PCI compliance on the merchant. As with anything that sounds too good to be true, proceed with caution.

What is SD-WAN and can it be used for smaller sites too?

March 13, 2018
SD-WAN is transforming enterprise networks with affordable network infrastructure by offering low-cost, reliable network connectivity, while dramatically reducing operational expenses. Smaller retail stores are adopting omni-channel strategies to offer better shopping experiences through mobile connectivity to shoppers at the stores.

Tracking Physical Presence with the Windows Security Log

September 29, 2016
How do you figure out when someone was actually logged onto their PC? The data is there in the security log, but it’s so much harder than you’d think.

EventTracker Enterprise and the Cyber Kill Chain

January 26, 2017
Defense strategies that focus exclusively on the perimeter and on prevention do not take into account the kill chain life cycle approach; this is a reason why attackers are continuing to be so successful.

Big Data or Smart Questions for Effective Threat Hunting

September 17, 2018
Advances in data analytics and increased connectivity have merged to create a powerful platform for change. Today, people, objects, and connections are producing data at unprecedented rates. According to DOMO, 90% of all data today was created in the last two years with a whopping 2.5 quintillion bytes of data being produced per day.

5 cyber security myths, the importance of time synchronization, and more

January 01, 2013
Time won't give me time: The importance of time synchronization for Log Management

Detecting Zeus, Logging for incident response, and more

January 01, 2013
Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario – you can be forced to use logs for incident response at any moment, whether you’re prepared or not.

The Art of Detecting Malicious Activity with Logs

January 01, 2013
Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.

Top 5 Linux log file groups in/var/log

October 29, 2014
If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them. From a security perspective, here are 5 groups of files which are essential. Many other files are generated and will be important for system administration and troubleshooting.

Front-Line MSSPs Share 2021 Cybersecurity Predictions

December 21, 2020
In 2020, we saw digital transformation accelerate along with rising ransomware, threats caused by human error and misconfigurations, and challenges in IT staff retention. While there is no crystal ball, cybersecurity experts share how organizations can optimize finite resources and prioritize security measures.  

How SOC-as-a-Service Enhances Security Operations

February 03, 2021
Faced with rising cybersecurity concerns, MSPs and mid-sized organizations are maturing their security posture beyond a network operations center and help desk. But few have realized a centralized security operations center (SOC) with a formal charter and full-time staff.

Cybersecurity Professionals

October 26, 2015
As data breaches occur more and more, it is no secret that the market needs more cybersecurity professionals. Here are a few statistics on the need to educate the next generation on pursuing cyber professional careers.

Backoff Has Been Upgraded Harder to Detect

November 07, 2014
So when you are a hacker and you write the most successful financial transaction hacking software in history, what do you do next? Well, if you are the makers of Backoff, you upgrade it.

Six Simple Rules For Safe Credit Card Handling

May 05, 2015
It is becoming more and more frequent to read about electronic data breaches in the news these days. Unfortunately, what is not touched on as frequently are the physical security issues present in restaurant and retail establishments.

Wireless Security for Business

June 08, 2015
In today’s business world, a major draw for many customers is the ability to stay connected while outside the office. In order to provide this connectivity, typically means having a wireless network set up for your customers. However, it also means placing your business at a potential risk.

Netsurion Defense Against Backoff

July 14, 2015
In the wake of BackOff, and numerous other data breaches, consumers are demanding answers into the how and why surrounding companies who have inadvertently allowed data to be compromised given security measures accessible today.

Are you guilty of any of these PCI myths?

June 27, 2016
We have gathered what have been common comments that we hear from business owners. And today, we would like to bust these myths!

Do you know where your data is?

July 05, 2016
In this fifth article of the series, we continue to explore the basic ways businesses can keep their networks safer. These include tools you can implement on your own and understand why taking action is vital to the safety of your business.

7 ways you can prevent credit card fraud when shopping!

July 11, 2016
We know how tempting those summer sales are! But are you being careful on where you are swiping your card?

The Top Five Cyber Threats Hotel Brands and Franchisees Need to Know About

June 19, 2017
While automation facilitates hotel operations and often makes a better stay for guests, it also opens hotels to digital threats perpetrated by malicious actors. Consequently, hotel operators should be aware of the types of cyber attacks, which can significantly hurt their brand reputation and bottom line, not to mention the safety and welfare of employees and guests.

Protecting Against Ransomware Attacks: What Every Business Needs to Know

July 11, 2017
Ransomware attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now. Follow these tips to help avoid a ransomware breach at your business.

How to Justify EDR with Three Top Business Cases

April 03, 2019
Increasing complexity and frequency of attacks have escalated the need for detection of attacks and incident response. Endpoints are the new battleground as they are a) more pervasive across the network, b) more commonly used by non-IT personnel, and c) less well-defended by IT teams who first move to secure the data center. Endpoint detection and response (EDR) solutions meet the need to rapidly investigate large numbers of systems for evidence of malicious activity, quickly uncover, and then remediate attacks and incidents.

Protecting Managed Service Providers from Cyber Attacks

April 15, 2019
As a Managed Service Provider (MSP) offering IT infrastructure and end-user systems, your clients rely on you with their valuable assets, sensitive data, and intellectual property. What security best practices can MSPs utilize to avoid becoming a headline?

The Four Elements that Build a Better SD-WAN for Retail

April 30, 2019
Building a better branch network for retailers is not necessarily rocket science. At least, it doesn’t have to be. The formula for building a better branch for these highly distributed businesses is rather simple. When you think about it, it is more like alchemy than chemistry. Like air, earth, fire, and water, it does not take more than four elements to define the ideal branch network.

Protecting Legal Data: 3 Ways MSPs Can Enhance Cybersecurity

May 22, 2019
The legal world is centered on offering clients protection—and in the current technology environment, that extends to cybersecurity. With the proper security procedures, policies, training, and IT security in law firms, advanced cybersecurity is yet another way that lawyers can protect their clients today.

7 Steps to Better Website Security for National Cybersecurity Awareness Month

October 01, 2019
Threats and threat actors continue to evolve and morph, creating advanced and even more dangerous tactics to mitigate. October is National Cybersecurity Awareness Month (NCSAM). NSCAM 2019 centers on the theme of Own IT. Secure IT. Protect IT., advocating a proactive approach to enhanced cybersecurity in the workplace and at home.

Use VPN Properly to Support Work-from-Home Employees

March 27, 2020
With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.

Top 3 Must-Have Restaurant Technologies for Increased Takeout Business

April 08, 2020
Despite current challenges, the restaurant industry is adapting to the new reality of social distancing with creativity while doubling down on online ordering and curbside pickup. For many multi-unit restaurant brands, it’s critical to simply stay afloat at this time, which involves the sudden need to transform the business.

For of all sad words of tongue or pen, the saddest are these: 'We weren't logging'

March 29, 2018
It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever.

Catch Malware Hiding in WMI with Sysmon

April 25, 2018
Security is an ever-escalating arms race. The good guys have gotten better about monitoring the file system for artifacts of advanced threat actors.

Three Causes of Incident Response Failure

September 04, 2018
Breaches continue to be reported at a dizzying pace. In 2018 alone, a diverse range of companies — including Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears — have been victimized. These are not small companies, nor did they have small IT budgets. So, what’s the problem?

Accelerate Your Time-to-Value with Security Monitoring

October 03, 2018
A hot trend in the Managed Service Provider (MSP) space is emerging, transforming from an MSP to a Managed Security Service Provider (MSSP). Typically, MSPs act as an IT administrator, however, the rapid rise of cloud-based Software-as-a-Service (SaaS) is reducing margins for MSPs.

Venom Vulnerability exposes most Data Centers to Cyber Attacks

August 31, 2018
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not going to cause as much danger as HeartBleed did.

Think Like a Hacker with MITRE ATT&CK

October 19, 2020
The threat landscape continues to accelerate, with sophisticated attacks becoming more commonplace as ransomware-as-a-service accelerates and legacy security tools fail to keep up. Financially motivated cyber criminals are explicitly targeting small and medium-sized businesses to steal sensitive data.

3 Tips to Stretch Your Cybersecurity Dollar

November 10, 2020
Businesses are always looking for ways to deliver increased value to clients while optimizing efficiency, and this year is no exception. Digital transformation, remote work, and economic uncertainty are just some of the challenges impacting organizations today. As you plan next year’s budget, it’s a good idea to assess current operational successes and opportunities to increase efficiency and effectiveness.

What you should know about PCI DSS 3.2

April 26, 2016
PCI DSS 3.2 is scheduled for release at the end of April. Have you thought about how this update can affect your business? Will you still be PCI compliant?

Serving up Security: What Restaurants Need to Know about Breach Risks and Prevention

December 14, 2016
Sure, the headlines have been wrought with healthcare ransomware stories, election-centric email breaches, and massive retail hacks—but restaurants are becoming more vulnerable to data breaches as well and cannot remain complacent.

What You Don't Know Can Hurt You: Three InfoSec Retail Predictions

December 14, 2017
It has been a turbulent year for industry as a whole, and retail has been in the center of the turbulence. Amazon bought Whole Foods, grocery chains moved into new markets, and myriad players invested heavily in building digital capabilities. The catchphrase on everyone’s lips has been, “Transform the customer experience.”

3-Minute Breakdown of Cybersecurity’s Biggest Buzzwords

January 26, 2018
The cybersecurity market is loaded with ambiguous buzzwords and competing acronyms that make it very difficult to clearly distinguish one infosecurity capability from another. If your efforts to understand what cybersecurity components you need to focus on have left you frustrated, you're not alone. Let’s cut to the chase and separate fact from fiction regarding cybersecurity’s biggest buzzwords.

Is a Business Really Protected or is it Home Alone: Prevent, Detect, and Respond for True Security

December 18, 2018
Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.

New to SD-Branch? 8 Things Retail IT Pros Need to Know.

January 21, 2019
The complexities and costs of IT network management and security in retail stores has reached a breaking point. Today’s retail IT professional, point-of-sale reseller, or managed IT service provider is struggling to effectively deploy, manage, and secure the network in these branch locations in an efficient and affordable way.

When Digital Transformation Equals Digital Disruption

August 27, 2019
The retail industry has come a long way during the last decade. Online ordering, in-store beacon technology, cloud POS, omnichannel retail platforms, and digital menus and signage, are evidence of innovation taking place. The impact of complacency can seriously damage short-term revenue but also brand reputation and therefore, long-term revenue.

Best Practices to Halt Insider Threats

September 13, 2019
While nation-state threat actors and external hackers often garner the headlines, insider threats are an often-overlooked threat vector. Rockwell-Boeing, Anthem Healthcare, and Capital One are just a few organizations with damaging data breaches caused by insiders.

Securing Zoom Conferencing to Protect Data

May 05, 2020
Business uncertainty has led to widespread adoption of working from home. Since most meaningful tasks in any organization require teamwork, this remote work approach has naturally led to a dramatic rise in the use of collaboration tools such as Zoom Conferencing.

Is Your Restaurant’s Technology Optimized for the New Normal?

May 12, 2020
Amid the COVID-19 crisis, restaurants have been forced to quickly adapt to a takeout- and delivery-only model, leaving brands scrambling to put the appropriate infrastructure in place while also looking ahead toward the unknown future of the industry. Relying on websites, apps, and digital communications more than ever, many brands are learning just how vital their network’s capabilities are.

5 types of DNS attacks and how to detect them

August 22, 2018
DNS is an attractive mechanism for performing malicious activities like network reconnaissance, malware downloads, or communication with their command and control servers, or data transfers out of a network. Consequently, it is critical that DNS traffic be monitored for threat protection.

What is privilege escalation and why should you care?

August 24, 2016
A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print server, via a phished email, or taking advantage of a remote control program with poor security.

Work Smarter – Not Harder: Use Internal Honeynets to Detect Bad Guys Instead of Just Chasing False Positives

November 30, 2016
Log collection, SIEM and security monitoring are the journey not the destination.  Unfortunately, the destination is often a false positive.  This is because we’ve gotten very good at collecting logs and other information from production systems, then filtering that data and presenting it on a dashboard.

Auditing File Shares with the Windows Security Log

November 20, 2013
Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no specific events for file shares.

Looking back: Operation Buckshot Yankee & agent.btz

January 16, 2014
It was the fall of 2008. A variant of a three year old relatively benign worm began infecting U.S. military networks via thumb drives.

Monitoring File Permission Changes with the Windows Security Log

February 19, 2014
Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases.

Virtualization Security What are the Real World Risks

January 01, 2013
There’s been a lot of recent hype about security risks with the rise of virtualization, but much of it is vague and short on specifics.  There is also an assumption that all the security available on a physical server simply disappears when it migrates to being a virtual machine.  This is not true.

Subtraction, Multiplication, Division and Task Unification through SIEM and Log Management

January 01, 2013

When we originally conceived the idea of SIEM and log management solution for IT managers many years ago, it was because of the problems they faced dealing with high volumes of cryptic audit logs from multiple sources. Searching, categorizing/analyzing, performing forensics and remediation for system security and operational challenges evidenced in disparate audit logs were time consuming, tedious, inconsistent and unrewarding tasks.  We wanted to provide technology that would make problem detection, understanding and therefore remediation, faster and easier

Enriching Event Log Monitoring by Correlating Non Event Security Information

March 16, 2015
Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information that you can leverage in your SIEM to provide better analysis of security events

Once More Unto the Data (Breach), Dear Friends

March 29, 2018
As I reflect on this year, a Shakespearean quote plays out in my mind – when King Henry the Fifth is rallying his troops to attack a breach, or gap, in the wall of a city, “Once more unto the breach, dear friends”...

Ten Steps to Defend Your Microsoft Exchange Servers from ProxyLogon Exploit

March 15, 2021
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to reports, observations of attacks leveraging the critical vulnerabilities are increasing very rapidly. In the span of a few days, over 30,000 organizations – small businesses and municipalities included - across the U.S. have been hacked.

MDR is a Critical Capability for MSSPs: Keys to Making the Right Choice

March 31, 2021
MSSPs need airtight threat detection and rapid, reliable remediation. The optimal way to do this is to ensure you have top-notch MDR capabilities 24/7/365. Many MSSPs partner with an MDR provider to achieve this.

Tips for Choosing the Right POS Provider: What a small business owner needs to know

May 02, 2017
As a new business owner, there is so much to be proud of and so much to do. Your idea turned into a plan that has been put to action, so now what? At the forefront, there is one question you need to answer from the start.

What is EDR and Why It is Critical to SMB Security?

February 25, 2019
Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.


March 20, 2019
Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public.

5 Smart Ways to Thwart Login Attacks

December 12, 2019
Just like locking your front door is crucial to protect your house, monitoring account logins to organizational servers and workstations is crucial to detect password cracking attempts. Enhance your security operations to continuously improve visibility and defenses.

Learn Why Data Privacy is Good for Your Business

January 27, 2020
Following many high-profile data breaches, consumers have elevated data privacy to front-page news and included it as criteria for brand selection and engagement. Consumers around the globe now realize that they aren’t always aware or informed about how their private information is used or shared. Fifty-four percent of consumers are more concerned with protecting their personal information than they were a year ago, according to a survey reported by Security Magazine.

Certificates and Digitally Signed Applications: A Double Edged Sword

February 17, 2016
Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system.  This is an important element in the defense against malware.  When a software publisher like Adobe signs their application they use the private key associated with a certificate they’ve obtained from one of the major certification authorities like Verisign.

Detecting Ransomware: The Same as Detecting Any Kind of Malware?

May 25, 2016
Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations.  What is it and how can you detect it? 

How to control and detect users logging onto unauthorized computers

July 26, 2016
Windows gives you several ways to control which computers can be logged onto with a given account.  Leveraging these features is a critical way to defend against persistent attackers.

Three paradoxes disrupting IT Security

August 31, 2017
2017 has been a banner year for IT Security. The massive publicity of attacks like WannaCry have focused public attention like never before on a hitherto obscure field. Non-technical people, including board members, nod gravely when listening as the CISO.

Experimenting with Windows Security: Controls for Enforcing Policies

November 29, 2017
Interest continues to build around pass-the-hash and related credential artifact attacks, like those made easy by Mimikatz. The main focus surrounding this subject has been hardening Windows against credential attacks, cleaning up artifacts left behind, or at least detecting PtH and related attacks when they occur.

Why Risk Classification is Important

January 21, 2015

Traditional threat models posit that it is necessary to protect against all attacks. While this may be true for a critical national defense network, it is unlikely to be true for the typical commercial enterprise. In fact many technically possible attacks are economically infeasible and thus not attempted by typical attackers.

MSPs Versus Ransomware in 2022: Where Multi-Layered Security Fits In

December 14, 2021
Skyrocketing ransomware threats and extortion demands show no sign of slowing down in 2022. Average ransomware demands surged by 518% in the first half of 2021 compared to 2020, while payments climbed by 82% in the same period, according to Infosecurity Magazine. Crippling ransomware attacks caused an average business downtime of six days with costs in the millions.

Cloud and SaaS Security: Mind the Gap

January 27, 2022
Software-as-a-Service (SaaS) applications and infrastructure providers like Amazon Web Services (AWS) and Microsoft Azure have become the norm for organizations large and small. Enhancing cloud security maturity is even more critical given the proliferation of cloud workloads and a chronic shortage of cloud expertise.

The Top Considerations When Buying a 4G LTE Router

April 04, 2018
More and more businesses are adopting 4G LTE either to set up a backup network connection or to gain internet access when other means, such as Cable and DSL, are not available. The trend is seen easily when searching for "4G LTE router" online. You will...

Looking for Cost-Effective Business Continuity? Consider these five things before you buy.

April 25, 2018
One of the key benefits for most businesses deploying SD-WAN is the reduction in WAN costs by up to 80 percent. Continuity and resilience are also critical to businesses in today's growing cyber-threatened world. SD-WAN solutions offer multi-link support, so 4G LTE is an obvious choice for failover connectivity.

Five Takeaways from the 2019 SIEM Study

January 31, 2019
We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees.

5-Minute Guide to SD-WAN, MPLS, SD-Branch, NGFW, and More

February 11, 2019
The networking market is loaded with ambiguous buzzwords and competing acronyms that make it difficult to clearly distinguish one capability from another. So, let’s break down those buzzwords and competing acronyms that are the most commonly compared as if they were apples to apples.

Cybersecurity is an Investment, Not a Cost Center

May 14, 2018
The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.

How to Protect Your Network from Ransomware Tips from the FBI

May 10, 2018
The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.”

Why Managed Endpoint Security Eliminates Cybersecurity Blind Spots

June 25, 2021
Incomplete cybersecurity information visibility comes at a cost. Without real-time comprehensive visibility, organizations experience blind spots that handcuff your cybersecurity protection and increase risk. IT environments are increasingly complex as they span on-premises, cloud, endpoint, and hybrid approaches.

Criminal Gang NOBELIUM Ramps Up Attacks

June 30, 2021
Threat researchers detected threat group NOBELIUM conducting several waves of malicious spear phishing email campaigns. Each wave used different technical lures and social engineering to fine-tune which threat performed best against targeted government agencies, consultants, and non-profits in over 20 countries.

State Sponsored Hacking – More Than an Issue for Sony

January 14, 2015
We live in a brave new world where the spies of yesteryear, like James Bond and Jason Bourne, are truly falling away into the realm of fantasy, replaced instead with hackers, doing battle on the digital front.

Every Merchant Needs Electronic Data Protection

February 19, 2015
How many days go by between news stories involving computer breaches? The truth of the matter is that as long as sensitive data is gathered by merchants, thieves will attempt to steal it.

Foster a Healthy Security Posture

February 27, 2017
Securing medical records is a complex undertaking. Healthcare organizations need an array of security technologies that can be used to prevent malicious attacks and keep personal healthcare information safe, while retaining the day-to-day ease-of-use.

The Top Five Threats That Restaurant Franchisees Need to Know About

March 29, 2017
Restaurants with multiple locations are taxed with increased pressure to succeed in different geographic locations, with potentially different demographics. This means implementing popular technology to serve that area—sometimes quickly—to keep the business afloat. The faster their success, customer enjoyment, and diner loyalty accelerate the more likely these locations are to become and remain go-to dining spots. However, in the rapid shuffle of getting these technologies set up, security is often forgotten.

Cloud Security Starts at Home

March 23, 2016
Cloud security is getting attention and that’s as it should be.  But before you get hung up on techie security details, like whether SAML is more secure than OpenID Connect and the like, it’s good to take a step back.  One of the tenets of information security is to follow the risk.

Five Things to Consider for Point-of-Sale Cellular Failover Connectivity

October 01, 2019
If a multi-location business is looking for cellular failover connectivity to ensure business continuity in the event of a blackout or brownout of the broadband internet connection, there are quite a few cellular modems out there that would do the basic job. But when looking for a cost-effective solution that is designed specifically for Point-of-Sale (POS) environments, then some important considerations come into play.

Petya Ransomware – What it is and what to do

June 28, 2017
A new ransomware variant is sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.

Ransomware's Next Move

July 27, 2017
While IT security teams identify, hunt, and remove specific variants of the ransomware, there may already be unknown mutated varieties lurking dormant and ready to execute.

6 Safe Computing Tips to Help Retailers Fight Off Hackers

November 02, 2015
Many small businesses believe only the "big guys" will suffer a data breach. But did you know that 90% of data breaches impact small merchants?

Shoppers Care If You've Been Breached!

December 07, 2015
It’s the holiday season and for many that means shopping season! But it also means that theft increases, whether it is physical theft or cyber theft.

Why Do Hackers Want Your Medical Records

November 16, 2015
2015 has been a year of healthcare data breaches. But why are hackers going after healthcare records now?

The Ten Steps Post Data Breach

October 12, 2015
Nearly 60% of businesses have experienced a breach in the last two years. Have you ever considered what would happen if your business was breached? Do you have a plan of action?

The Transition to EMV Isn't Over

September 28, 2015
Merchants know by now that after October 1st the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction. This means that merchants will be more accountable if EMV is not implemented.

How Strong Are Your Passwords? Tips To Keep You Protected

September 21, 2015
Passwords keep your accounts and network safe but may also be a gateway for hackers. Here are some quick tips we recommend when creating your passwords.

Healthcare Practices are at Particularly High Risk of Data Breach

September 10, 2015
The CDC estimates that close to 80% of office-based physicians use some form of electronic medical records. This increase, coupled with recent breaches of patients’ PHI and PII, has highlighted the need for security of medical office networks.

Why Comply with PCI Security Standards

January 01, 2014
Why should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.

Target Has A Bullseye On Its Chest

January 13, 2014
When Target announced that it had suffered a major breach of approximately 40 million credit cards and 70 million customer records, the nation as a whole took a collective gasp in shock. In the aftermath of the initial disclosure, the public then heard from Neiman Marcus that it too had suffered an electronic breach of data that may include credit cards.

About the PCI Security Standards Council

January 20, 2014
The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Will CIOs Be the Final Victim After a Breach

March 12, 2014
In the wake of their breach, Target announced on March 5, 2014 that their CIO, Beth Jacob was announcing her resignation. This begs the question, Will CIO's be the final victim after a breach?

Backoff Is the New Standard by Which Other Malware Will Be Judged

August 25, 2014
Every now and then hackers develop a piece of malware that is so insidious that it changes the landscape of computer security and acceptable practices. While there are many contenders for this dubious list, CodeRed, Zeus, and now Backoff are certainly worthy of inclusion.

PCI 3.0 – A Wake Up Call for SAQ C Merchants

September 29, 2014
Most merchants who have been validating their PCI compliance for a few years now probably know which SAQ type applies to them. In PCI 2.0, it has been fairly simple. And now we are facing PCI 3.0.

IT Community Shaken By Shellshock Vulnerabilities

October 29, 2014
In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind. It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASHcommand interpreter.

Five Steps to Protect Retailers from Credit Card Theft

January 07, 2015
The Georgia based fast food company, Chick-fil-A, has confirmed that it is investigating a potential credit card breach. The investigation is focused on the company’s point-of-sale (POS) network at some of its restaurants and the breach is thought to have occurred between December of 2013 and September of 2014.

Make Your Wireless Work For You

March 12, 2015
Whether we are talking about shoppers being students, families, or business execs, having the ability to interact with your guests via wireless and mobile is becoming the standard. Why miss the opportunity to further engage with customers while they are still in your store?

2015: “The Year of the Healthcare Hack"

January 14, 2016

2015 was a tough year for the healthcare industry. Some are even calling 2015 “the year of the healthcare hack”. Last year, over 65% of the data breaches occurred in the healthcare industry...

Mobile Tech in Healthcare Can Put Your Practice at Risk

February 19, 2016
While you focus on providing the best health service for your patients, it is easy to under-estimate the risks that you may be putting your practice should you implement mobile technology without basic security measures.


February 26, 2016
I have fond memories of playing a board game called Hungry Hungry Hippos in my younger days. Today’s medical practices mirror the chaos of the game. Each day seems more hectic than the previous...

Christmas-Kids and Hackers Love This Time of Year

December 06, 2013
When people think of Christmas, most of them imagine family gatherings and good times. We often forget that from the end of Thanksgiving to the beginning of the year, the U.S. spends billions of additional dollars on merchandise that otherwise would have stayed on the shelves. We sometimes forget that hackers love this season as well.

Thieves Tried to Steal Credit Cards from Nordstrom

October 18, 2013
The department store giant garnered unwanted attention earlier this month when they announced that a Florida store fell victim to a team of thieves who attached extremely small devices called key loggers in line with their keyboards where they plug into the registers.

PCI 3.0 Is Coming - Are You Ready?

October 04, 2013
Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?

Can Your Point of Sale Be Compliant after the End of Microsoft XP?

September 13, 2013
From a PCI compliance standpoint, merchants using Windows XP will have problems maintaining compliance because they cannot keep their operating systems patched to protect themselves from the latest vulnerabilities. On the flip side, there are many Point of Sale (POS) software packages that have only been validated using Windows XP, and if another operating system is used instead, it will violate the official implementation guide (and thus fall out of compliance). Our customers have been asking us for guidance, so we did a little research.

Does Your Call for Help Bring Hackers to Your Door?

July 19, 2013
There is a new trend facing people who rely on help desks. Hackers are targeting help desks because they know that the people who provide you support have the access into your systems that they want to exploit.

Balancing Privacy and Security

May 31, 2013
In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.

Square Cash - A Money Transfer Game Changer?

May 24, 2013
Square strives to make financial transactions simple enough so that the average person on the street can participate. Before Square, a regular person without a bank supplied merchant account could not take credit cards. Today, Square allows everyone with a smart phone to accept credit cards, and now the company is focusing on another market – person to person cash payments.

Internet Explorer 8 - People Still Love It, But There’s a Problem

April 26, 2013
This type of issue with a browser is so damaging because computer hackers who take advantage of it, can execute malicious code on the affected machines without the user needing to download anything or without any indication that the machine has been compromised. All a user has to do to be infected is to go to a website that has a malicious script embedded on it, and viola you have been hacked!

Hackers May Just Look to Embarrass You

March 29, 2013
When you think about electronic security, what comes to mind? Do you consider how vulnerable your customer credit cards are, or how easily someone can break into your on-line bank account? These are the most profitable avenues of attack that thieves usually focus on, but occasionally, cybercriminals are motivated by something besides greed.

Universal Plug and Play - New Report on an Old Problem

February 22, 2013
In the dark ages of personal computers (1980′s and 90′s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process, and possibly replace system files. My how the world has changed.

Do Hackers Fear U.S. Jails?

January 18, 2013
In what should only be considered a victory for the U.S. DOJ, 2 of the 4 alleged Subway hackers responsible for potentially $10 Million dollars in computer fraud have been sentenced, and 1 of the remaining criminal’s trial is set to begin shortly.

Just how dangerous is ransomware?

April 06, 2016
Ransomware is a business’ worst nightmare. This malware infects computers and restricts the users from accessing any of their data until paying the ransom. What would you do to get that data back?

Your Best Defense Against Ransomware Might Be Your Employees

April 20, 2016
While your business’ data security program should consist of many components, perhaps the most effective defense to ransomware is building a culture of data security amongst your employees.

No Business is Too Small for Hackers!

May 02, 2016
It's National Small Business Week! Let's celebrate the hard work you do and make sure your business continues to grow. Have you ever thought about what would happen if your business is affected by a data breach? 

Is your business at risk of a data breach?

May 06, 2016
2016 Verizon Breach Investigations Report (Part 1 of 3)
The 80 page report is packed with valuable data breach insights. We know time is valuable so we decided to save you some by sharing the 3 main topics you should understand from this report.

The Perils of Using Remote Access Software

June 02, 2016
While software that can be installed on your PC and used to remotely connect when you are away from your home office can be very handy, it also comes with risks that may not be apparent at first.

What you should know about programs, ports and services

June 17, 2016
In this fourth article in the series, we continue to explore some of the basic ways that business of all sizes can keep their computer systems safer. We will discuss the topic of programs, ports and services.

Is your brand truly secured?

July 18, 2016
So you have a big brand name that millions of consumers trust. You have hundreds to thousands of locations across the U.S…. and perhaps even globally. A big name means big money, so that huge chunk of change dedicated to security is definitely paying off in spades, right? All too often, the answer is a resounding “WRONG.”

Are there any weaknesses in your Point-of-Sale System?

September 06, 2016
News about a company being breached seems to be a regular occurrence nowadays. And it’s no wonder, with hackers getting more sophisticated and hungry for more.

How To Make Cybersecurity Great Again: Guidance For President-Elect Donald Trump

November 23, 2016
Are you feverishly working to patch your systems today with the latest available patches? Or are you spending your time unfriending people who voted for someone you don’t approve of?

Your Voice for SMB Compliance Pains

January 13, 2017
We believe that every business should have the means to protect themselves and their customers from cyberattacks, and the PCI Security Standards Council (PCI SCC) shares this belief. We’re working together to make compliance management more efficient, and therefore, strengthen the security of all merchants.

Prevention is Key in Cybersecurity

November 30, 2017
A lot of data, an overwhelming amount actually, is available from hundreds of sources, but rarely is it observed. Having something and getting value from it are entirely different.

Top 6 uses for SIEM

April 28, 2014

Security Information and Event Management (SIEM) is a term coined by Gartner in 2005 to describe technology used to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response

The Impact Of A Data Breach

August 31, 2015
What is the true cost of a data breach? A data breach affects your business, brand, and reputation. But it can be prevented.

4 Common Data Threats Every Business Needs to Be Aware Of

August 24, 2015
Four Common Data Threats

Netsurion services and OpenSSL the Heartbleed issue

April 11, 2014
Many of our customers and resellers have asked how Heartbleed affected Netsurion services. In a nutshell, the managed services that make up our product offerings were not directly affected by Heartbleed.

Pain-Free Data Security for Medical Offices

January 26, 2016
It’s understandable that the primary goal of any healthcare practice is to keep their patients healthy and safe. But what about keeping their patients’ data safe too?

SD-Branch Solutions Are Optimizing Network Management and Security at the Edge

November 14, 2018
A refresh has come for distributed enterprises. In 2018, branch office WAN technology has been increasingly moving towards software defined networking for many reasons: agility, scalability, resiliency and, above all, cost-effectiveness.

Mitigate Software Supply Chain Attacks with SIEM and EDR

August 08, 2019
At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises

Black Hat Recap: Cybersecurity Insights That Enhance Security Operations

August 16, 2019
Black Hat 2019 was a learning experience and success for all. All of the hackers, presenters, vendors, and attendees have gone home, but what you learned in Vegas doesn’t have to stay in Vegas. Hopefully you are bringing new information and insights back to your daily operations. Here are some of Netsurion’s key takeaways from Black Hat 2019.

5 Security Tips for Small and Multi-location Tax and Accounting Firms: Tax Season and Beyond

April 12, 2017
Tax season is a busy time of year for hackers, given the ample opportunities to steal personal and financial information through phishing, hacking into computer networks, or other underhanded methods. Here are five tips that go beyond the basics you probably already know, like watching out for phishing and malware, keeping your anti-virus software up-to-date and using different hard-to-guess passwords for different services.

Tips for Protecting Information While on the Go: What Summer Travelers Need to Know About Security

May 16, 2017
As the summer travel season quickly approaches, most people envision exchanging work clothes and school books for shorts, flip flops, and beach umbrellas as they look forward to that well-deserved vacation. Unfortunately, hackers have their own plans this summer...

Protect Your Back-to-School Sales From POS Ransomware

August 08, 2017
Security experts believe that cybercriminals will be shifting tactics due to declining revenues from stolen credit card sales. We discuss rationale for the rise of ransomware – and what you need to do to get ready for a potential and ongoing surge of attacks. We believe there’s not a minute to lose with back-to-school season underway, so let’s get started.

Malware, Ransomware, and the Next Big Threat

September 21, 2017
Imagine the lost revenue for a major retailer if they needed to shut down all of their stores for a few days, or even a few hours, especially over the busy holiday season. The impact would be devastating.

Make a cybersecurity list and check it twice this holiday season

November 06, 2017
As the holidays swiftly approach, many of us are making lists and plans as part of the crescendo of year-end activity. We don’t want to forget anything important, but is ensuring safety from cybercrime at the top of your list?

Changes to PCI DSS and What It Means for You

February 20, 2018
Are you compliant with PCI DSS Version 3.2? Restaurants, retailers, hotels, doctors' and lawyers' offices, and many more, all need to watch for PCI DSS updates to remain compliant.

PCI Compliance and Hotels

June 06, 2018
To streamline operations, improve service and remain competitive, hotels use computers to handle numerous tasks. While automation facilitates hotel operations and often makes a better stay for guests, it also opens hotels to digital threats perpetrated by malicious actors.

Should You Replace Your MPLS with SD-WAN?

October 04, 2018
Many IT leaders are excited about the benefits of SD-WAN such as cost reduction, agility/flexibility, ease of deployment, and the options to improve security. But as usual, SD-WAN as a MPLS killer is not cut-and-dry. If you’re wondering if SD-WAN is right for your IT environment, hopefully we can help you out.

Buy, Rent, or Uber Your Security Operations Center

October 17, 2018
For cyber criminals, everyone’s a target. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate, and respond to cyber threats 24/365 if we are to avoid costly breaches.

The Difference Between a SIEM Solution and SIEM Tool: Features vs. Outcomes

April 26, 2018
Can you simply buy a “SIEM solution”? Turns out you really cannot, no matter how hard you try nor how passionately the vendor promises. What you can buy at the store is a SIEM tool, which is a completely different thing. SIEM tools are products, while implementing a security or compliance solution involves people, process, and technology. SIEM tools are a critical part of SIEM, but they’re not the whole solution.

Top Ten Branch Network Predictions for 2019

December 04, 2018
It’s that time of the year again! Family and office holiday parties are gearing up, business projects are racing toward year-end deadlines, and seemingly everyone is sharing their 2019 predictions for IT and cybersecurity. But what about the branch network?

Practical Ways to Implement Threat Hunting

January 24, 2019
If you think your organization is too small to be targeted by threat actors, think again. Over 60% of organizations have experienced an exploit or breach, so the stealthy and ever-evolving hacker may already be in your organization performing reconnaissance or awaiting strategic command and control (C&C) instructions.

Cybersecurity Trends and Predictions 2019

December 10, 2018
The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.

How to Protect Healthcare Data: 5 Cybersecurity Tips for MSPs

April 01, 2019
For MSPs serving clients in the healthcare industry, protecting data can be complex. With compliance enforcement like HIPAA , for instance, distinguishing the owner of your clients’ data is critical —especially due to the lack of security awareness training amidst healthcare end users. Here are the five key data security tips to better protect SMB clients in healthcare.

How to Protect Financial Data: 4 Cyber Risks MSPs Can't Ignore

April 25, 2019
Banks have always been a prime target for cybercriminals. With enormous stores of cash and consumer data, and the massive threat of financial losses, regulatory consequences, and reputational damage, there’s really no choice for financial institutions but to innovate and accelerate their cybersecurity strategies.

3 Do's and 1 Don't to Improve Your IT Security

June 03, 2019
Overwhelmed by the hype from security vendors in overdrive? Notice the innovation and trends and feel like jumping on the bandwagon? It’s a urge that many buyers in mid-size companies feel and it can be overpowering. That flashy vendor demo, that rousing speech at a tradeshow, that pressure of keeping up with the Joneses. So what have you done for your security lately is a nagging thought.

7 Questions Answered About Windows 7 End-of-Support

July 10, 2019
Is your organization still using Windows 7? Microsoft support is coming to a close in a few short months. If you think end-of-support for legacy systems doesn't impact your organization, think again.

IT Security: How Much Should You Spend?

July 23, 2019
Just how much should you be spending on IT Security? It’s a vexing question to answer for many reasons as each situation has their unique circumstances and factors. But here are some insights garnered over the last decade in cybersecurity.

7 Things IT Pros Should Know about HIPAA and Protecting Patient Data

August 05, 2019
It has grown more challenging to protect patient privacy and secure sensitive data under HIPAA (Health Insurance Portability and Accountability Act) as the volume and persistence of cyber attacks have increased in recent years. Healthcare institutions often have vast databases of sensitive information such as credentials and credit card data that cyber criminals seek to monetize and sell on the dark web.

Coordinated Ransomware Attacks Hit Resource-Constrained Municipalities

August 20, 2019
A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration.

Is the ELK Stack a SIEM?

September 25, 2019
The ELK (Elasticsearch, Logstash, Kibana) stack is a popular open source log analysis and management platform. The collection, processing, normalization, enhancement, and storage of log data from various sources are grouped under the term “log management.”

Cybercrime Doesn't Take a Holiday

November 19, 2019
The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems.

Avoid Log Monitoring Gaps with Holistic Coverage

February 18, 2020
A data breach today takes 127 days to detect, according to the Ponemon Institute. Comprehensive visibility and real-time analysis of device and application log data provide an early warning of cybersecurity threats before damage occurs. Log monitoring and Security Information and Event Management (SIEM) decision makers sometimes make short-sighted financial decisions to reduce log sources, only to find that it impacts security decision making and incident response.

Ten Work-from-Home Cybersecurity and Productivity Tips

March 19, 2020
More Work-from-Home (WFH) scenarios due to COVID-19 present challenges as employees move from a trusted and secured office network to home networks with a variety of technology and cybersecurity rigor. Here are some tips to stay safe as you and your employees work remote.

Ransomware-as-a-Service is Skyrocketing

April 15, 2020
No matter what business you are in, it’s likely you view ransomware as one of the top cyber threats today. Adversaries are adapting and morphing their harmful techniques to better evade detection and infect a wider set of targets. As a result, ransomware has skyrocketed in the past two years, according to Cofense.

The Assume Breach Paradigm

January 20, 2016
Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. Security prevention strategies and technologies cannot guarantee safety from every attack. It is more likely that an organization has already been compromised, but just hasn’t discovered it yet. Operating with this assumption reshapes detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes and technologies.

Monitoring DNS Traffic for Security Threats

August 17, 2016
Cyber criminals are constantly developing increasingly sophisticated and dangerous malware programs. Statistics for the first quarter of 2016 compared to 2015 shows that malware attacks have quadrupled.

Yet Another Ransomware That Can be Immediately Detected with Process Tracking on Workstations

June 29, 2017
As I write this, yet another ransomware attack is underway. This time it’s called Petya, and it again uses SMB to spread. But here’s the thing — it uses an EXE to get its work done.

Ransomware is only getting started

February 28, 2017
Ransomware is about denying you access to your data via encryption. But that denial has to be of a great enough magnitude create sufficient motivation for the victim to pay.

When a SIEM is Like an Exercise Machine Stuck Behind the Junk in Your Garage

April 27, 2017
I’m a big believer in security analytics and detective controls in general.  At least sometimes, bad guys are going to evade your preventive controls, and you need the critical defense-in-depth layers that detective controls provide through monitoring logs and all the other information a modern SIEM consumes.

Five Myths About Ransomware

May 31, 2017
Ransomware is a popular weapon for cyber criminals. Worldwide in 2020, there were 304 million ransomware attacks, a 62% increase from the year prior, according to Statista. All verticals are vulnerable to these ransomware attacks, which if successful, are a blot on financial statements of the targeted organizations.

Perfect protection is not practical

June 05, 2017
With distressing regularity, new breaches continue to make headlines. The biggest companies, the largest institutions both private and government are affected. Every sector is in the news.

Think you are too small to be hacked?

August 29, 2017
Why has ransomware exploded on to the scene in 2017? Because it works.

Report All the Binary Code Executing on Your Network with Sysmon Event IDs

September 28, 2017
Computers do what they are told, whether good or bad. One of the best ways to detect intrusions is to recognize when computers are following bad instructions – whether in binary form or in some higher level scripting language.

Three myths surrounding cybersecurity

October 05, 2017
A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. Does your organization suffer from any of these?

Can your Cybersecurity Posture be Called "Reactive Chaos"?

February 15, 2018
Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.

Host-based Versus Network-based Security

April 12, 2018
The argument is an old one; are you better off with a network-based detector, assuming all hosts will eventually communicate, or should you look at each host to determine what they are up to?

Time is money. Downtime is loss of money.

May 29, 2018
The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist.

Do you have a cyber blind spot?

June 12, 2018
What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.

Today’s CISO Challenges…The Talent Gap

June 26, 2018
It continues to be challenging being a Chief Information Security Officer (CISO) today – and this year promises no rest. As high-profile data breaches escalate, CISOs, CIOs, and other information security professionals believe their organizations are more likely than ever to fall victim to a data breach or cyber attack.

The Ultimate Playbook to Become an MSSP

August 06, 2018
Now that advanced cybersecurity protections are a must-have in today’s landscape, organizations of all sizes are increasingly seeking out and leaning on a trusted security partner to manage their security services. A recent study released by Forrester revealed that 57 percent of companies are seeking outside help for IT systems monitoring and 45 percent are outsourcing threat detection and intelligence.

Master the Art of Selling Managed Security Services as an MSP

September 11, 2018
When it comes to selling security, one of the major challenges faced by managed services providers (MSPs) is changing the mind set of small- and medium-sized business (SMB) owners. With massive breaches hogging news headlines today, security is hard to ignore.

Top three high risk behaviors that compromise IT Security

March 30, 2017
The insider threat is typically much more infrequent than external attacks, but they usually pose a much higher severity of risk for organizations when they do happen. While they can be perpetrated by malicious actors, it is more common the result of negligence.

Who suffers more - cybercrime victims or cybersecurity professionals?

March 30, 2017
So you got hit by a data breach, an all too common occurrence in today’s security environment. Who gets hit? Odds are you will say the customer. After all it’s their Personally Identifiable Information (PII) that was lost.

Essential soft skills for cybersecurity success

April 12, 2017
IT workers in general, but more so IT Security professionals, pride themselves on their technical skills. Keeping abreast of the latest threats and the newest tactics to demonstrate to management and peers that one is “worthy.”

Challenges with Threat Intelligence or why a Honeynet is a good idea

May 09, 2017
Shared threat intelligence is an attractive concept. The good guys share experiences about what the bad guys are doing thereby blunting attacks. This includes public-private partnerships like InfraGard, a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

How do you determine IT security risk?

August 14, 2017
How much security is enough? That’s a hard question to answer. You could spend $1 or $1M on security and still ask the same question. It’s a trick question; there is no correct answer.

Can general purpose tools work for IT security?

September 27, 2017
This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools.

Equifax’s enduring lesson — perfect protection is not practical

September 11, 2017
Equifax, one of the big-three US credit bureaus, disclosed a major data breach. It affects 143 million individuals — mostly Americans, although data belonging to citizens of other countries, for the most part Canada and the United Kingdom, were also hit.

Three critical advantages of EventTracker Essentials

September 07, 2017
By now it’s accepted that SIEM is a foundational technology for both securing a network from threats as well as demonstrating regulatory compliance. However, SIEM is not fit-and-forget technology, nor is it technically simple to implement and operate.

Avoid Three Common Active Directory Security Pitfalls

October 13, 2017
While the threats have changed over the past decade, the way systems and networks are managed have not. We continue with the same operations and support paradigm, despite the fact that internal systems are compromised regularly.

Which security functions outsource poorly and which outsource well

October 26, 2017
The IT security industry’s skill shortage is a well-worn topic. Survey after survey indicates that a lack of skilled personnel is a critical factor in weak security posture. If the skills are not available in your organization then you could: a) ignore the problem and hope for the best, or b) get help from the outside.

You’re in the Cybersecurity Fight No Matter What: Are You Prepared?

November 07, 2017
“You’re in the fight, whether you thought you were or not”, Gen. Mike Hayden, former Director of the CIA and NSA. It may appear at first to be a scare tactic or an attempt to sow fear, uncertainty, and doubt, but truly, what this means is that it’s time to adopt the Assume Breach paradigm.

Believe it or not, compliance saves you money

December 28, 2017
We all hear it over and over again: complying with data protection requirements is expensive. But did you know that the financial consequences of non-compliance can be far more expensive?

Going Mining for Bitcoin

December 01, 2017
While you’ve been busy defending against ransomware, the bad guys have been scheming about new ways to steal from you. Let’s review a tactic seen in the news called bitcoin mining.

SIEM: Sprint or Marathon?

January 28, 2016
Winning a marathon requires dedication and preparation. Over long periods of time. A sprint requires intense energy but for a short period of time. While some tasks in IT Security are closer to a sprint (e.g., configuring a firewall), many, like deploying and using a Security Information and Event Management (SIEM) solution, are closer to a marathon.

The Cost of False IT Security Alarms

February 04, 2016
Think about the burglar alarm systems that are common in residential neighborhoods. In the eye of the passive observer, an alarm system makes a lot of sense. They watch your home while you’re asleep or away, and call the police or fire department if anything happens. So for a small monthly fee you feel secure. Unfortunately, there are a few things that the alarm companies don’t tell you.

Last Year's Cyber Attack Trends — This Year's Implications

March 04, 2016
The range of threats included trojans, worms, trojan downloaders and droppers, exploits and bots (backdoor trojans), among others. When untargeted (more common), the goal was profit via theft. When targeted, they were often driven by ideology.

Is the IT Organizational Matrix an IT Security Problem?

March 30, 2016
Do you embrace the matrix? The fact is, once networks get to a certain size, IT organizations begin to specialize and small kingdoms emerge.

Top 3 traits of a successful Security Operations Center

April 14, 2016
Traditional areas of risk — financial risk, operational risk, geopolitical risk, risk of natural disasters — have been part of organizations’ risk management for a long time. Recently, information security has bubbled to the top, and now companies are starting to put weight behind IT security and Security Operations Centers (SOC).

Welcome to the New Security World of SMB Partners

April 20, 2016
Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of course—SMB execs generally take security very seriously, but they don’t have the dollars to do enough about it—although it amounts to the same thing.

Research points to SIEM-as-a-Service

May 11, 2016
SC Magazine released the results of a research survey focused on the rising acceptance of SIEM-as-a-Service for the small and medium sized enterprise. The survey found that SMEs and companies with $1 billion or more in revenue or 5,000-plus employees faced similar challenges.

Dirty truths your SIEM vendor won’t tell you

June 30, 2016
Analytics is an essential component of a modern SIEM solution. The ability to crunch large volumes of log and security data in order to extract meaningful insight can lead to improvements in security posture. Vendors love to tell you all about features and how their particular product is so much better than the competition.

Should I be doing EDR? Why isn’t anti-virus enough anymore?

June 22, 2016
Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR).

Maximize your SIEM ROI

June 01, 2016
Far too many SIEM implementations are considered to be catastrophes. Having implemented hundreds of such projects, here are the three parts of a SIEM implementation which if followed will in fact minimize the drama but maximize the ROI.

Uncover C&C traffic to nip malware

June 13, 2016
In a recent webinar, we demonstrated techniques by which EventTracker monitors DNS logs to uncover attempts by malware to communicate with Command and Control (C&C) servers. Modern malware uses DNS to resolve algorithm generated domain names to find and communicate with C&C servers.

Detect Persistent Threats on a Budget

July 07, 2016
There’s a wealth of intelligence available in your DNS logs that can help you detect persistent threats. So how can you use them to see if your network has been hacked, or check for unauthorized access to sensitive intellectual property after business hours?

Idea to retire: Do more with less

July 08, 2016
Ideas to Retire is a TechTank series of blog posts that identify outdated practices in public sector IT management and suggest new ideas for improved outcomes. Dr. John Leslie King is W.W. Bishop Professor in the School of Information at the University of Michigan.

Top three reasons SIEM solutions fail

November 16, 2016
We have been implementing Security Information and Event Management (SIEM) solutions for more than 10 years. We serve hundreds of active SIEM users and implementations. We have had many awesome, celebratory, cork-popping successes. Unfortunately, we’ve also had our share of sad, tearful, profanity-filled failures.

Compliance is not a proxy for due care

December 21, 2016
Regulatory compliance is a necessary step for IT leaders, but it’s not sufficient enough to reduce residual IT security risk to tolerable levels. This is not news. But why is this the case? Here are three reasons:

‘Twas the Night Before Christmas – an EventTracker Story

December 21, 2016
‘Twas the night before Christmas and all through HQ Not a creature was stirring, except greedy Lou – An insider thief who had planned with great care A breach to occur while no one was there. Lou began his attack without trepidation, For all his co-workers were on their vacations.

Implementing a Central Log Collection System

August 31, 2018
Implement a Central Collection System Microsoft has made some considerable changes to event management in Windows Vista. But are these changes enough to help you control your entire infrastructure?

The 5 W’s of Security Management

January 01, 2013
The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time.

The EPS Myth

January 01, 2013
Often when I engage with a prospect their first question is “How many events per second (EPS) can EventTracker handle?” People tend to confuse EPS with scalability so by simply giving back an enormous-enough number (usually larger than the previous vendor they spoke with) it convinces them your product is, indeed, scalable.

100 Log Management uses #29 Detecting XSS attacks

January 01, 2013
The number 1 vulnerability on the OWASP list is cross site scripting or XSS. XSS seems to have replaced SQL injection as the new favorite for web attacker. We look at using web server logs to detect signs of these XSS attacks.

Logs for Insider Abuse Investigations

January 01, 2013
In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.

SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

January 01, 2013
Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.

What did Ben Franklin really mean?

July 03, 2013
In the aftermath of the disclosure of the NSA program called PRISM by Edward Snowden to a reporter at The Guardian, commentators have gone into overdrive and the most iconic quote is one attributed to Benjamin Franklin “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”.

Pay Attention to System Security Access Events

August 31, 2018
There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in event ID 4624 whenever you log on.

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

April 16, 2014
Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process.

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

August 22, 2014
I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll show you first. All you have to do is enable “Audit user accounts” and “Audit security group management” in the Default Domain Controllers Policy GPO.

Are honeypots illegal?

December 17, 2014
In computer terminology, a honeypot is a computer system set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of IT systems. Generally, a honeypot appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

Why Naming Conventions are Important to Log Monitoring

January 22, 2015
Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place.

Threat Intelligence and The Pyramid of Pain

February 25, 2015

There is great interest among security technology and service providers about the intersection of global threat intelligence with local observations in the network. While there is certainly cause for excitement, it’s worth pausing to ask the question “Is Threat Intelligence being used effectively?”

How to shoot yourself in the foot with SIEM

June 03, 2015
Six ways to shoot yourself with SIEM technology: 1) Dont plan; just jump in 2) Have no defined scope or use cases; whatever 3) Confuse SIEM with Log Management 4) Monitor noise; apply no filters 5) Don’t correlate with any other technologies eg IDS, Vulnerability scanner, Active Directory 6) Staff poorly or not at all

Three Indicators of Attack

August 19, 2015

For many years now, the security industry has become somewhat reliant on ‘indicators of compromise’ (IoC) to act as clues that an organization has been breached. Every year, companies invest heavily in digital forensic tools to identify the perpetrators and which parts of the network were compromised in the aftermath of an attack.

What is SASE, SD-WAN, and SD-Branch?

September 03, 2020
Trying to figure out what is really the difference between SASE, SD-WAN, and SD-Branch? Rest assured you are not alone. Before we untangle the difference between these concepts, it’s important to first clarify what they have in common. All three of these technology concepts are related to secure edge networking and addressing the challenge of managing a secure, agile, and resilient network of geographically distributed locations while reducing the related IT cost, time, and complexity involved. 

Understanding MDR, EDR, EPP, and XDR

September 03, 2020
The cybersecurity industry is notorious for coining terms and acronyms that rise and fall out of favor before they even have a chance to be fully understood. We get it – rapid innovation can be messy and lead to confusion and clutter. While it’s exciting and encouraging to see so many solution providers invent new solutions and improve upon others, resulting in new concepts, sometimes all of this terminology is honestly just an effort to stand out from the crowd.

MSSP /SaaS /Cloud Computing – Confused? I know I am

January 01, 2013
There is a lot of discussion around Security MSSPs, SaaS (Security as a Service) and Cloud Computing these days. I always felt I had a pretty good handle on MSSPs and SaaS. The way I look at it, you tend to outsource the entire task to Security MSSPs.

Logs vs Bots and Malware Today

January 01, 2013
Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by commercial bots and so-called “advanced persistent threats,” the malware fight rages on.

Security Logging as a Detective and Deterrent Control Against Rogue Admins

January 01, 2013
Intrusion detection and compliance are the focus of log management, SIEM and security logging.  But security logs, when managed correctly are also the only control over rogue admins.  Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do.

Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

January 09, 2013

I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs.  Domain controller security logs are absolutely critical to security but they are only a portion of your overall audit trail.  Member server and workstation logs are really just as important and I’m going to focus this article on the top 4 questions you can only answer with workstation logon/logoff events.

Three key advantages for SIEM-As-A-Service

November 05, 2014
Security Information and Event Management (SIEM) technology is an essential component in a modern defense-in-depth strategy for IT Security. SIEM is described as such in every Best Practice recommendation from industry groups and security pundits. The absence of SIEM is repeatedly noted in Verizon Enterprise Data Breach Investigations Report as a factor in late discovery of breaches.

How many people does it take to run a SIEM?

January 14, 2015
You must have a heard light bulb jokes, for example: How many optimists does it take to screw in a light bulb? None, they’re convinced that the power will come back on soon.

What good is Threat Intelligence integration in a SIEM?

February 18, 2015
Bad actors/actions are more and more prevalent on the Internet. Who are they? What are they up to? Are they prowling in your network? The first two questions are answered by Threat Intelligence (TI), the last one can be provided by a SIEM that integrates TI into its functionality.

Death by a Thousand cuts

April 02, 2015
You may recall that back in 2012, then Secretary of Defense Leon Panetta warned of “a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” This hasn’t quite come to pass has it? Is it dumb luck? Or are we just waiting for it to happen?

Secure, Usable, Cheap: Pick any two

May 06, 2015

This fundamental tradeoff between security, usability, and cost is critical. Yes, it is possible to have both security and usability, but at a cost, in terms of money, time and personnel. While making something both cost efficient and usable, or even making something secure and cost-efficient may not be very hard, it is however  more difficult and time consuming to make something both secure and usable. This takes a lot of effort and thinking because security takes planning and resources.

The Detection Deficit

July 30, 2015
The gap between the ‘time to compromise’ and the ‘time to discover’ is the detection deficit. According to Verizon DBIR, the trend lines of these have been diverging significantly in the past few years. Worse yet, the data shows that attackers are able to compromise the victim in days but thereafter are able to spend an average of 243 days undetected within the enterprise network before they are exposed.

User Location Affinity

July 06, 2015
It’s clear that we are now working under the assumption of a breach. The challenge is to find the attacker before they cause damage. Once attackers gain a beach head within the organization, they pivot to other systems. The Verizon DBIR  shows that compromised credentials make up a whopping 76% of all network incursions.

Are You Listening to Your Endpoints?

August 17, 2015
There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know that the basic indicators of compromise on their network are new processes and modified executables.

SIEM and Return on Security Investment (RoSI)

December 30, 2015

The traditional method for calculating standard Return on Investment (RoI) is that it equals the gain minus the cost, divided by the cost. The higher the resulting value, the greater the RoI. The difficulty in calculating a return on security investment (RoSI), however, is that security tends not to increase profits (gain), but to decrease loss – meaning that the amount of loss avoided rather than the amount of gain achieved is the important element.

When is an alert not an alert?

September 30, 2015
Users of the EventTracker platform know that one of its primary functions is to apply built-in knowledge to reduce the flood of all security/log data to a much smaller stream of prioritized alerts.

Security Subsistence Syndrome

October 21, 2015

Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.

How the EventTracker/Netsurion merger will bring you more powerful cybersecurity solutions

October 26, 2016
We are delighted that EventTracker is now part of the Netsurion family. On October 13, 2016 we announced our merger with managed security services Netsurion. As part of the agreement, Netsurion’s majority shareholder, Providence Strategic Growth, the equity affiliate of Providence Equity Partners, made an investment in EventTracker to accelerate growth for our combined company.

The Perimeter is Dead: Long-live the Perimeter

March 01, 2018
In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.

Key Elements of MDR for Powerful and Practical Cybersecurity

September 21, 2020
The rise in ransomware attack volume and sophistication is a wake-up call for executives and IT departments alike. Traditional perimeter-focused defenses, such as firewalls, are no longer sufficient against stealthy and financially-motivated attackers.

8 Threats to Watch for this Holiday Season

November 16, 2020

This holiday season will be like no other with the continued use of remote work, greater online sales, third-party sourcing from across the globe, and employees taking much-needed time off. Cyber criminals will take advantage of these seasonal distractions to steal sensitive data, hold it for ransom, or use you as a stepping-stone to more lucrative victims.

Building Trust: Four Tips for MSSPs

March 03, 2021
Customers look to Managed Security Service Providers (MSSPs) as trusted advisors in achieving digital transformation and navigating ever-evolving data security and privacy regulations. In times of uncertainty, it’s critical to over-deliver and boost your security posture.

Show Your Loyal Restaurant and Retail Customers Some Love by Protecting Them and Adhering to PCI DSS Compliance

April 21, 2021
Compliance can get confusing fast. Restaurants and retail establishments have many voices talking about compliance. Most of the time, the information provided is out of context, incomplete, or flat-out incorrect. While third-party supply chain security and monitoring is essential, the ultimate responsibility for compliance and data protection rests with your organization and leaders. Unfortunately, most businesses are unaware that they are responsible for their own compliance associated with outside systems.

RSA Conference Key Takeaways for Cybersecurity Defenders

March 06, 2020
RSA Conference 2020 has come and gone. It still maintains its status as the largest security event in the world, although attendance dipped from last year due to virus jitters and travel restrictions. While the mood at RSA Conference (RSAC) overall was a bit more subdued than in the past, attendee engagement with the Netsurion team to discuss co-managed SIEM in the expo hall was at an all-time high.

Expanding Work-from-Home Increases Cybersecurity Risk

March 12, 2020
Maintaining strong cybersecurity is crucial as organizations make impromptu decisions to send more and more employees to work from home to help minimize the spread and impact of COVID-19. Before you expand and extend your remote workforce, it’s critical that you take appropriate steps to ensure that by decreasing a health risk to your business, those same actions don’t conversely increase a cybersecurity risk.

MSPs: How to Add Security Services Fast and Affordably

November 16, 2021
You’ve seen it over and over again in the headlines – small subcontractors are often soft-target gateways for hacking large clients. Middle-tier businesses are very attractive and vulnerable targets for ransomware attacks. And, as recently seen in the news, Managed Service Providers (MSPs) attacked through trusted supply-chain software vendors can put their own clients at risk. These unfortunate facts have created a demand for IT service providers, including MSPs, to expand their cybersecurity offerings or at least explain their own security preparedness to customers.

Optimize Restaurant Cybersecurity with Real-World Best Practices

November 23, 2021
Netsurion is a key contributor along with other industry leaders who comprise the Restaurant Technology Network (RTN) Working Group. The RTN Working Group collectively put in over 600 hours of collaboration to develop guidance and security best practices aimed at helping restaurants innovate quickly and securely.

A Perfect Storm Ahead: MSSP Preparation for Economic Uncertainty

August 05, 2022
Marketplace changes are inevitable. Rapid shifts to remote work, cloud computing, and digitalization have all led to increased demand and spending on IT and cybersecurity in recent years. Enterprises and Service Providers face economic challenges of inflation, rising labor costs (if you can even hire talent), and supply chain issues. Financially motivated attacks are likely to accelerate in times of uncertainty. Smart channel leaders should be proactive and guide clients on prioritizing cybersecurity investment as a driver of business growth.

MSPs Need Both Cybersecurity Automation and Human Expertise

July 05, 2022
The rising level of security threats and public incidents demand new approaches to people, processes, and technology that optimize manual processes and harness the benefits of automation. Automation and machine learning (ML) remove inefficiencies and the potential for error or security gaps. While programmatic threat detection and incident response minimize false positives along with staff and skill shortages, it is not a panacea or quick fix. Human analysts are still the most vital link in cybersecurity defense that differentiates you in the marketplace.

Restaurant POS Security Implementation Best Practices

June 22, 2021
The role of the Point-of-Sale (POS) is evolving. In the restaurant industry, it’s important to ask: what does the future of the POS look like?

Consolidation: The Cure for Cybersecurity Vendor Sprawl

March 09, 2022
There are three cybersecurity “givens” that small-to-medium-sized businesses (SMBs) often face. One is you are not too small to be targeted by cyber criminals. Even big ransomware gangs are refocusing their efforts on mid-sized victims to avoid scrutiny. A second is that your attack surface is expanding – particularly with the move to cloud, Software-as-a-Service (SaaS) adoption, and Work-From-Home (WFH) – while threat actors continue to evolve new, more sophisticated approaches.

Threatscape 2012 – Prevent, Detect, Correct

January 01, 2013
The past year has been a hair-raising series of IT security breakdowns and headlining events reaching as high as RSA itself falling victim to a phishing attack.   But as the year set on 2011, the hacker group Anonymous remained busy, providing a sobering reminder that IT Security can never rest.

How to Detect Low Level Permission Changes in Active Directory

September 16, 2015
We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the attacker gets full control of your environment. In line with this concern, many security standards and compliance documents recommend tracking changes to privileged groups like Administrators, Domain Admins and Enterprise Admins in Windows, and related groups and roles in other applications and platforms.

Top 5 SIEM complaints

February 10, 2016
Here’s our list of the Top 5 SIEM complaints:1) We bought a security information and event management (SIEM) system, but it’s too complicated and time-consuming, so we’re:

Sustainable vs. Situational Values

January 01, 2013

I am often asked that if Log Management is so important to the modern IT department, then how come more than 80% of the market that “should” have adopted it has not done so?

Logging for HIPAA Part 2; Secure auditing in Linux

January 01, 2013
HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery” (HIPAA Act of 1996 A recent enhancement to HIPAA is called Health Information Technology for Economic and Clinical Health Act or HITECH Act.

Four Key Steps to Rapid Incident Response

April 16, 2015
Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State Department and even the White House. Regardless of the security measures you have in place, it is prudent to assume you will suffer a breach at some point. Be sure to have a response plan in place — just in case.

Five quick wins to reduce exposure to insider threats

May 13, 2015

A data breach has serious consequences both directly and indirectly. Lost revenue and a tarnished brand reputation both inflict harm long after incident resolution and post breach clean-up. Still, many organizations don’t take necessary steps to protect themselves from a potentially detrimental breach.

Using Dynamic Audit Policy to Detect Unauthorized File Access

May 22, 2013
One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the user was NOT a member of a specified group. Why? Well sometimes you have data that you know a given group of people will be accessing and for that activity you have no need of an audit trail. Let’s just say you know that members of the Engineering group will be accessing your Transmogrifier project folder and you do NOT need an audit trail for when they do. But this is very sensitive data and you DO need to know if anyone else looks at Transmogrifier.

Catching Hackers Living off the Land Requires More than Just Logs

October 14, 2015
If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad guys; it’s like being right there on your network. RATs can log keystrokes, capture screens, provide RDP-like remote control, steal password hashes, scan networks, scan for files and upload them back to home. So if you can deny attackers the use of RATs, you’ve just made life a lot harder for them.

Protect Your Business from Ransomware

May 15, 2017
As the second iteration of the WannaCry ransomware impacting IT infrastructure around the globe is expected, we want to arm our customers with information to be best prepared.

Four CompTIA ChannelCon Takeaways for MSPs to Boost Cybersecurity

August 15, 2022
It was great to be back in Chicago for ChannelCon 2022. Thank you to CompTIA for their successful event, with 1,000 attendees and vendor partners for the extensive formal and informal learning opportunities enabling us to recommend and reinvigorate after the last 24 months.

Four Ways MSSPs can Boost Security Speed and Readiness

September 16, 2022
As more service providers explore offering a Managed Detection and Response (MDR) solution, they may face indecision or inertia during startup and optimization. Managed Security Service Providers (MSSPs) know that speed matters in cybersecurity as it improves attack surface coverage, team productivity.

The True Cost of Setting Up and Operating a 24x7 Security Operations Center (SOC)

September 27, 2022
Understanding the costs behind setting up and running a Security Operations Center is important to making informed decisions about how much protection you can afford and how you will go about acquiring it. The simple answer to the question “How much does a SOC cost?” is that it depends on many variables. In this article we will break down those variables and provide typical costs that you can use to inform your decision making about how to best protect your organization.

The 5 stages of SIEM Implementation

June 18, 2014
Are you familiar with the Kübler-Ross 5 Stages of Grief model? SIEM implementation (and indeed most enterprise software installations) bear a striking resemblance.

Renew Focus on Web Application Security

April 28, 2022
Today’s always-on digital businesses and service providers rely on web applications and APIs to fuel growth, run eCommerce sites and customer portals, and engage 24/7 with customers. Cyber criminals are also targeting these public-facing assets for monetary gain or to make a political statement. In fact, 43% of data breaches have been tied to web application vulnerabilities, highlighting the importance of understanding and protecting these business-critical assets. Managed Service Providers (MSPs) must also make protecting web applications a key priority.

Diagnosing Account Lockout in Active Directory

December 02, 2015
Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked. “User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.

Why is patching important to the security of your business?

May 31, 2016
If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.

7 things you need to know about Anti-Virus protection.

June 09, 2016
In this entry we discuss the topic of anti-virus protection. There are many questions that come up when we talk about this topic. So here are a few answers to your questions.

Tracking removable storage with the Windows Security Log

August 31, 2018
With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access.

SIEM and Return on Investment: Four Pillars for Success

July 24, 2014
Return on investment (ROI) - it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified?

Why a Co-Managed SIEM?

October 05, 2018
In simpler times, security technology approaches were clearly defined and primarily based on prevention with things like firewalls, anti-virus, web, and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.

How To Defend Against Threat Group Attacks

October 26, 2022
It’s no secret that cybersecurity threats are rising for organizations of all sizes and industries.  U.S. cybersecurity authorities like the CISA, NSA, and the FBI are aware of recent reports of increased malicious cyber activity and expect this trend to continue. Organizations face security gaps and weaknesses from a patchwork of IT products and tools with little visibility and a false sense of security.

Five Fallacies That Are Holding Back Adoption of Threat Hunting

November 01, 2022
Organizations can no longer afford to be just reactive, relying solely on detection and response when it comes to cybersecurity. Threat hunting is the next step. It is a proactive approach to uncovering threats that otherwise go undetected, like multi-stage ransomware attacks and malware that lies dormant in your network until activated to exfiltrate data.

Identity is the New Endpoint

November 22, 2022
For most organizations, the network map has changed dramatically. Once organizations had a defined network perimeter that clearly distinguished “inside” from “outside.” Endpoint devices like workstations and desktops were “inside,” physically and virtually. They could be authenticated once and trusted thereafter. After all, these devices never left the building.

Cybersecurity Cyber Crime in 2023: What MSPs Need to Know

December 08, 2022
Managed service providers face a double-edged sword in the world of cyber security and cybercrime. In May 2022, a joint cybersecurity advisory from the UK, Australia, Canada, New Zealand and the US warned that MSPs are increasingly being targeted by cyber criminals. And cyber attacks on MSP customers, small-and medium-sized businesses (SMBs), will also continue to rise. It’s shaping up to be another year of increasingly sophisticated cyber incidents.

Best Practices for MSPs Offering Security Services

December 23, 2022
During our recent webinar “Ask Netsurion Anything,” our panel of experts addressed questions on topics ranging from meeting customer needs to business best practices. Here are the key takeaways from that session and guidance for MSPs offering security services to their customers.

Six Proactive Steps to Expand Attack Surface Coverage

January 09, 2023
Organizations use 40+ products and IT tools on average to manage networks, SaaS applications, and endpoints. This fragmented approach creates data siloes and blind spots that hamper detection and incident response. Attackers actively look for easy targets like misconfigured websites and unpatched applications to exploit. Service Providers can leverage their strong business relationships and trusted advisor roles to help businesses protect their expanding attack surface and be more proactive regarding malware and breaches.

Incident Response: Whose Job is It?

January 25, 2023
Effective Incident Response (IR) always involves the IT security professionals who know their business and cybersecurity posture best. But whose job is it to actually respond to incidents, and what are the best practices?

Navigating Your Managed Cybersecurity Options

March 01, 2023
If you’re aiming to improve your organization’s threat detection and incident response (TDIR) capabilities, I’m willing to bet you’re annoyed and frustrated by trying to navigate the managed cybersecurity market that’s rife with imprecise terminology and vendors willing to bend definitions to fit their solutions. As a result, you have an extremely difficult job in trying to find the right solutions, let alone pick the best one.

Find Out Who Is Affected By A Data Breach?

September 14, 2015
The number of data breaches continues to increase. Cybercrime affects your brand, your customers and your employees in ways that are unrecoverable at times. Don't let your business be affected next.

RetailNOW Recap 2016: Security Top of Mind for Attendees

August 10, 2016
The event, aimed at connecting the point-of-sale (POS) technology ecosystem, was extremely successful because it gave us the perfect platform to further connect with our existing partners—and to meet and interact with industry leaders.

Demystifying PCI Compliance

August 30, 2016
PCI compliance: that daunting phrase you always hear in the world of payments…but never truly understand. Well we’re here to sum it up for you—what it is, why it’s important and what you need to meet this standard.

Key takeaways from the presidential debate on cybersecurity.

September 28, 2016
​The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...

A Day in the Life of a Consumer

October 21, 2016
Years ago, in a data security nightmare not so far away…I found out how quickly a brand could change from being a favorite of mine to becoming an entity I would never trust again.

The Bite Behind the Bark: Enforcement Power of GDPR

June 28, 2018
There’s an old saying: Their bark is worse than their bite. However, this is not the case with the penalties of non-compliance when it comes to the General Data Protection Regulation (GDPR). With the enforcement date of the GDPR having passed on May 25, 2018, any company not in compliance could be in for a very nasty shock.

Future-Proof Your Failover Solution

July 26, 2018
The cost of network downtime or failing internet connectivity has never been higher due to incidents resulting in million-dollar losses of business revenue and employee productivity. Both small and large enterprises are increasingly relying on business-critical applications deployed in the cloud. Here are some of the key factors to consider when selecting a failover solution.

The Key Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log

January 01, 2013
An area of audit logging that is often confusing is the difference between two categories in the Windows security log: Account Logon events and Logon/Logoff events.  These two categories are related but distinct, and the similarity in the naming convention contributes to the confusion.

Why are Workstation Security Logs so Important?

January 01, 2013
No one needs to be convinced that monitoring Domain Controller security logs is important; member servers are equally as important: most people understand that member servers are where “our data” is located.

Improve Security with a Cyber Hygiene Routine

April 05, 2022
As advanced threats continue to morph and escalate, it’s easy to gravitate towards the latest tool or “shiny object” in the news. An estimated 80% of threats and vulnerabilities are more than twelve months old, highlighting the challenge of legacy infrastructure and products. Use good cyber hygiene to prevent or mitigate security problems with IT practices that maintain health and resiliency.

Key Takeaways from MITRE ATT&CKcon 3.0 for Defenders

April 20, 2022
MITRE ATT&CKcon 3.0, the conference dedicated to the ATT&CK community, returned at MITRE headquarters in Virginia last month. As a refresher, MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations

How to Use Process Tracking Events in the Windows Security Log

March 03, 2013
I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.

Following a User’s Logon Tracks throughout the Windows Domain

July 17, 2013
What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and access resources on servers in the domain?

May Your Holidays be Merry, Bright, and Hack Free: Security Tips for the Biggest Shopping Season

December 21, 2016
Though there are many companies out there responsible for securing merchant locations from the risks of data breaches, people’s own risky behavior often leads to their ID theft problems, no matter how well merchants protect them. And with more and more merchants accepting chip cards this year, hackers are likely to go back to tried and true methods for preying on individual cardholders.

SIEM, UEBA, SOAR and Your Cybersecurity Arsenal

November 16, 2017
The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.

Attribution of an attack - don’t waste time on empty calories

December 14, 2017
When we are attacked, we feel a sense of outrage and the natural tendency is to want to somehow punish the attacker. To do this, you must first identify the attacker, preferably accurately, or else. This is easier said than done, especially online.

Security Signals Everywhere: Finding the Real Crisis in a World of Noise

January 18, 2018
Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma?

True Cost of Data Breaches

March 15, 2018
The Cisco Annual Cybersecurity Report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs), and other security operations leaders from businesses in 13 countries.

Top 3 Microsoft 365 Security Concerns and What to do About Them

July 26, 2018
Microsoft 365 is immensely popular across all industry verticals in the small-to-medium-sized business (SMB) space. It is often the killer app for a business and contains valuable, critical information about the business. Accordingly, Microsoft 365 resiliency and defense are top concerns on IT leader’s minds.

Threat Hunting: Five Myths for MSPs to Overcome

June 03, 2022
Threat hunting is gaining traction as businesses look for more proactive methods to combat multi-stage ransomware attacks and devious “low and slow” hackers. Threat hunting complements threat detection and response to provide a more comprehensive and layered approach. Many managed service providers (MSPs) actively seek ways to become proactive and offer guided remediation that actively stops and blocks threats. The lack of staff and skills, along with unfamiliarity with threat hunting processes and techniques, can all inhibit adoption.

Helping Enterprises of All Sizes Accelerate Their Security Journey: Introducing Our New CRO, John Addeo

June 17, 2022
Change is the only constant in the IT security space. Here at Netsurion, we strive to empower organizations to take on ever-evolving cyber threats regardless of the size and scope of their business operations. With this core mission in mind, we are proud to introduce John Addeo as our new Chief Revenue Officer.

Use MITRE ATT&CK to Thwart Ransomware Faster

September 07, 2021
Ransomware has made a resurgence and is impacting both IT service providers and the businesses they serve. What if you had insights into cyber criminal tactics and techniques happening in your environment? What if you knew more about the adversaries you face in this cyber battle? Can you help prioritize potential threats to stop a ransomware attack before it’s too late? The MITRE ATT&CK framework enables defenders to optimize protection beyond legacy tools like anti-virus.

How to Overcome Three Major Cybersecurity Budget Hurdles

September 28, 2021
Success starts with a well-planned strategic budget. Face the fear…now’s the time to plan for powerful yet practical cybersecurity.

Future Proof Your Restaurant Technology with These Simple Steps

September 29, 2021
Within the next five years, there is a good chance that every wire, except power, in brick-and-mortar stores will be gone. Data will be transferred over a more efficient 5G network, which will quickly become less costly as the world rolls out 6G after that. Extensibility and flexibility will be crucial.

Vulnerability Management and Protection: Think Like a Hacker

October 25, 2021
Today’s modern attack surface encompasses the network, cloud, endpoints, mobile devices, and applications and is constantly under attack from well-armed cyber criminals. Vulnerability management offers strategic insight into vulnerable applications and devices from the viewpoint of a cyber criminal, that you can plug before attackers can exploit. Vulnerability management is for service providers as well as their end-customers.

Ransomware Protection: Who’s Responsible for What?

March 04, 2022
Ransomware risk changed dramatically for Managed Security Service Providers (MSSPs) and their clients in 2021. The Kaseya hack used a vulnerability in the popular Virtual System Administrator (VSA) remote management software to spread ransomware through MSSPs to an estimated 1,500 small-to-medium-sized businesses (SMBs) worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) warns that more of the same is coming in 2022.