Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Reflections on the 2018 Chicago Tribune Top Workplaces Ceremony
By Nora Gibbons, Sentinel Social Media Specialist
Here are some important numbers: 3-2-7-1.
I have worked at Sentinel for three years, as of this past August.
This is my second year attending the Chicago Tribune’s Top Workplaces awards event.
Sentinel finished at #7 on the Tribune’s Top Workplaces: Midsize Companies list for 2018.
I had less than one minute to snap this picture of Sentinel’s name displayed on the screen:
Let me explain why these are connected.
I began my position as Social Media Specialist for Sentinel Technologies three years ago. In that time, I have learned so much about Sentinel. The history of the company was slowly revealed to me through random hallway chats, occasional moments of reminiscence, old photos, and over a delicious meal or snack. Hearing the oral history of Sentinel feels a lot like when your family retells stories during the holidays – they are spoken with a smile, a laugh, and can never be told by just one person. One person may start the story, but eventually it ends with two or three others jumping in to help add names or details that were initially left out or forgotten. Even the stories chronicling the growth and success of the company are not long drawn out tales of money and moves, but instead anecdotes about a small team based in Oak Brook, IL that worked hard and collectively pitched in to help Sentinel build its strong reputation in the IT industry.
Working at Sentinel means you become a part of Sentinel’s DNA. The longer I work here, the more I feel it. Just after my two year work anniversary, I attended the 2017 Chicago Tribune Top Workplaces awards event. I was so excited to find out where Sentinel placed on the list, and a little in awe that I was chosen to represent the company.
Now one year later, I once again found myself surrounded by colleagues as we awaited the Top Workplaces announcement at Soldier Field. There’s always a weird mix of nerves and excitement in the moment. I don’t know if the other companies in attendance felt the same way, but you could definitely get that impression at our table. But there was also a deep sense of pride, because Sentinel is an extension of myself and I’m proud to represent them. This award serves as a representation of the teams that make Sentinel a hardworking, vibrant, colorful, successful, and fun family.
The ceremony itself flew by so fast. They read a company name, it pops up on the screens around the room for a few seconds, and then they move on to the next one. As they began the countdown, I had my phone ready and waiting to take photos as soon as Sentinel’s name was announced. This year we had to wait longer than ever before, because we finished at a company-best #7! When our name was announced and displayed on the screen, our table erupted in applause. There may have even been a little dancing, but I’ll leave that detail up to the imagination.
Being present at the moment when Sentinel reached #7 on the Chicago Tribune’s Top Workplaces list for 2018 was really something special, however to me it’s about so much more than just that one number. It’s about all the other numbers that helped get us to this point. We are 36 years old, have expanded to offices in 5 states, have over 500 employees (including 300+ in Illinois alone), 50+ company certifications, 2,400+ individual certifications, employees celebrating their 35/36 year work anniversaries with us, and many more I could add to this list. Sentinel doesn’t treat their employees like a number, which is exactly why we reached this number.
Congratulations to our team, I’m proud to be one of you! I can’t wait to have my phone at the ready next year, making sure I don’t miss the picture.
Five Important Cybersecurity Training Modules for Your Business
Attackers are always looking for new ways to gain access to your organization’s network and sensitive data. While most of today’s advanced security technologies provide an ample and comprehensive defense of your systems and applications, they can’t protect against human error. Users are often the weakest and most easily exploited point of entry for cybercriminals, who use phishing and social engineering strategies to trick people into opening malicious links or files that spread throughout your network.
This is why cybersecurity training should play an essential role in every organization’s protection strategy. It increases employee awareness and makes it easier for them to identify and stop any potential threats. Sentinel’s Advisory Services offer dozens of cybersecurity training modules through our partners at Wombat, each detailing the different types of dangers that users may encounter. While all of them are important, here are brief summaries of five key cybersecurity training modules.
Protecting Against Ransomware
This module provides a brief but comprehensive training on how to recognize and prevent ransomware attacks. The best practices you will learn are also applicable in fighting other phishing and malware-based threats.
Upon completion of this module, you will learn that the best way to prevent ransomware is to be proactive, and that ransomware security training is the most effective way to protect your organization against a ransomware attack. You will also gain a better understanding of the risk and impact of becoming infected with ransomware, and how to detect such an attack. Lastly, you’ll get some important tips on how to keep your device and organization safe from malicious emails and websites.
This module goes beyond the phishing threat to explain dangers associated with smishing, vishing, social media, and in-person attacks. You will also learn how to spot common social engineering techniques and traps.
At the conclusion of this module, you should have the knowledge to protect yourself from manipulation of people into accessing dangerous materials (such as malware), divulging private information (such as passwords or company data), or otherwise providing a foothold for malicious cyber attackers to bring harm to a business.
In this module, Email Security refers to the collective measures used to secure the access and content of an email account or service. It allows an individual or organization to protect the overall access to one or more email addresses/accounts. Learn how to identify and avoid manipulative content, malicious and disguised links, dangerous attachments, inappropriate data requests, and other threats.
Upon completion of this module, you will have a better understanding of how email security has become completely ingrained into the way our communities and companies communicate in the 21st century. With email playing such an important role in our everyday society, it’s important to know what makes email so vulnerable to attacks, and why there is a need for email security for every company.
Data Protection and Destruction
In this module, you will learn how to apply best practices related to the secure handling and storage of sensitive data throughout its lifecycle. It is essential to be able to identify and protect the many different types of data. Sensitive data, such as private or confidential information about people, companies, or projects, applies to both individuals and organizations. Personal and financial details about you, your co-workers, your customers, and your business associates are valuable to both criminals and competitors, as is any information related to intellectual property or proprietary business dealings.
Upon completion of this module, you will fully understand how to handle and store sensitive data, how to safeguard electronic devices and files, and how to properly dispose of confidential data.
Security Beyond the Office
This module introduces best practices related to topics such as the safe use of Wi-Fi networks, the dangers of public computers, and practical physical security measures.
Upon completion of this module, you will gain a better understanding of how to connect to safe outside networks, as well as why you should turn off sharing, enable your firewall, hide folders, and even more.
If you are interested in learning more about cybersecurity training and the many benefits it can offer your organization, please contact Sentinel for more information.
Five Takeaways from Sentinel's Arizona Tech Summit 2018
By Nora Gibbons, Sentinel Social Media Specialist
Sentinel, along with our partners from Cisco, held a Tech Summit in Arizona last week. Customers joined us at Cisco’s Phoenix office for lunch followed by a packed afternoon that included a keynote speech from Sentinel CTO Bob Keblusek, a closer look into the cloud with Strategic Solution Advisor Michael Soule, an in-depth security discussion with Strategic Security Solution Advisor Mark Combs, as well as a Q & A with our panel of experts. Following the event, customers joined us at The Gladly for a happy hour and more conversation about our vision for the IT roadmap ahead.
The presentations yielded a lot of thought-provoking content. Everyone we spoke to left with something to bring back to their teams, whether it be a new solution they had never heard of before, a fresh tactic to implement, or even just a different perspective on Sentinel’s abilities. Here are the five biggest takeaways identified by our customers:
- Two-Factor Authentication
When it comes to establishing a strong security posture, two-factor authentication is a low cost, low maintenance solution that helps businesses create a strong front line of defense. Two-factor authentication has quickly risen in the security world from an outlier to a necessity. The discussion surrounding two-factor authentication also goes beyond the solution itself to help determine the most important and critical services in your organization while encouraging the implementation of other security best practices such as privileged access workstations This solution is needed now, and will only grow in importance in the years to come.
- Evaluating Your Business for Cloud Agility
A major takeaway from the summit was evaluating your business for the cloud. While many IT departments use and manage cloud applications for the organization on a regular basis, sometimes other departments will quietly purchase and control additional cloud applications on their own. For example, an IT department may have an almost 100% on premise environment, yet the company’s marketing team recently purchased and began using a cloud-based prospecting tool without informing the right managers. An internal group focused on cloud adoption, often referred to as a Cloud Center of Excellence, is a great way to take inventory and evaluate your workloads across all departments and make the most informed decisions on your cloud journey. The initial step involves changing the mindset to cloud-first by asking: “is this right for the cloud?” and diving into the decision-making process from there.
- Business Assessments
Sentinel’s suite of assessments allow organizations to peel back the layers of their business and identify the areas they excel and the areas that have room for improvement. For many, when constructing the roadmap for the years ahead, this is the launch point to start them down the correct path. These assessments also allow our experts to work directly with all stakeholders to align business goals with IT initiatives, giving organizations an IT roadmap to bring their teams together under a cohesive plan.
- Transparency Into Your IT Environment
In the coming years, a perfect storm is brewing. Attacks are becoming more sophisticated, and as the number of mobile and IoT devices continues to expand, it introduces more and more vulnerability into your environment. Having visibility and transparency in your network and overall IT environment will lower the risk associated with these business changes and play a critical role in helping your organization stay proactive instead of reactive when it comes to security.
- Managed Services for Business
The demands on IT departments are increasing every year. Teams are being stretched thinner and thinner, and with each new vendor and solution introduced into an environment, a new skill set needs to be learned. Many organizations are looking to offload tasks to managed services providers, allowing their teams to focus on growth and achieving major business goals. This is especially true in security, where a trusted managed services security provider (MSSP) takes those 1AM emergency calls and provides a deep bench of experts to clients that allow them to be proactive in their security posture. For many organizations, relying on a managed services provider has increased productivity, been cost effective, and given them a great technical resource they can lean on to minimize downtime.
Thank you to everyone who joined Sentinel and Cisco at the Arizona Tech Summit, as well as all those who made the day possible! If you attended and would like to schedule a follow-up or demo, please reach out to your Sentinel Account Manager so we can get something scheduled. If missed the event but are interested in learning more, feel free to contact us for additional information.
Finding the Right Wireless Presentation System
by Jim Michalik, Sentinel Technology Area Design Senior Solutions Analyst
Wireless presentation systems allow users to quickly and easily send their presentation directly from their device to a display or a projector. Some of these use a form of MiraCast – a software application in use since 2012 – while others use proprietary methods. Regardless, these systems have become so popular in recent years that nearly every audiovisual design by Sentinel incorporates them.
It’s no surprise why so many organizations want wireless presentation systems:
+They work with almost any platform, including Windows, Mac, iOS, Android, and Linux
+They allow laptops, tablets, and smart devices to connect easily
+IT departments no longer need to support a variety of adapter cables. You can connect in seconds to the display, through HDMI, DisplayPort, VGA, mini-HD or USB 3.0 enabled devices
+You sit anywhere in the room and still show your presentation without having to worry about connecting to the one working audiovisual input at the table
Which type of wireless presentation system is right for your organization? Broadly speaking, there are about three different categories of technologies.
Simple wireless adapters are typically low-cost solutions that are easy to use – just connect the device into the display or projector’s HDMI port, change the display or projector to that input, and switch your device’s settings to recognize the display or projector.
Although these low-cost devices are easy to use, they’re primarily designed for the casual or home user. In other words, they turn your home display into a second computer monitor, or stream a movie or television show from your laptop to a bigger screen.
As a result, numerous compatibility issues can arise between Windows and Macs, and some wireless networks may treat the connection as a rogue device and shut it down. Additionally, many of these low-cost solutions are not equipped to handle resolutions above HD, meaning many recent Macs and Windows Surface tablets exceed the supported bandwidth.
Trusting these adapters can be risky when working with critical presentations featuring essential information or multimedia content, particularly when you aren’t sure what device will be used to host the presentation.
Improving on these solutions are those intended for business, such as AirTame or Barco ClickShare products. Prices vary tremendously, and each has their niche.
AirTame is a popular product that, in addition to hosting wireless presentations, also can provide digital signage-type solutions that you can customize when the conference room isn’t in use. However AirTame cannot support 4K resolution at the time of this writing, and may require wired network connectivity based on the type of content it’s using.
ClickShare is a popular solution due to its ease of use: plug the button into your device’s USB port, and it connects to a receiver near the display or projector. This can be integrated nearly anywhere in your AV system. It automatically installs the needed driver when connected, then deletes itself once disconnected. Unfortunately ClickShare can be quite expensive to purchase, and its USB-based driver method violates many security practices observed by the banking and financial sector.
Thankfully there are a range of other solutions in between these two product lines that can meet your needs. More appear each quarter, using either Miracast or proprietary encoding systems.
For larger installations involving many rooms, particularly where security is a concern, the use of enterprise-ready presentation systems is best. These vary in price as well. While some can be relatively inexpensive compared to other solutions, they can also only be purchased by a certified installer.
For example, Crestron’s AirMedia provides a good example of how these technologies differ from the previous two. This device uses a proprietary encoding method that resists eavesdropping and assigns presenters a rotating PIN to prevent someone outside the room from tapping in.
Further, up to four presenters can connect at the same time, with an assigned moderator rotating between them. This is perfect for education, so small groups can present cooperatively or competitively.
Unlike other methods, these products often have the ability to stream outward, enabling audience members to see the presentation on their own devices. Log in directions appear on the screen at the start of the presentation ask whether you wish to present or view. If you select the latter, you can securely watch the presentation on your own device, allowing those at the back of the room to read text and view graphics without squinting.
Enterprise-ready solutions do more than provide security and flexibility – they can route to other rooms through HD-Base-T, linking multiple conference rooms at different locations to create one large, virtual room.
If your needs are simple and your budget allows, Sentinel recommends you purchase a small number of inexpensive solutions and experiment with them carefully, ensuring users understand their limitations. Just be aware that manufacturers often offer little to no support for these types of solutions, particularly if they’re intended for home use.
If you’re stepping into the business or enterprise class, let Sentinel do the worrying for you. Our Technology Area Design consultants can review your needs and help you identify the perfect product line. If you need installers, we can competitively bid your solutions only to qualified experts and ensure you get the best solution at the lowest price. Please contact us if you are interested in learning more about wireless presentation systems and the benefits they can provide to your organization.
Sentinel Celebrates Employee Appreciation Month 2018
At Sentinel, we appreciate our employees and do our best to show that on a daily basis. Chair massages, health and wellness programs, holiday gatherings, take your child to work day, and celebrations of special life events are just a few of the special things provided to Sentinel employees. It is our belief that happy and productive employees lead to happy and productive customers. With that in mind, Sentinel once again held a series of fun social events for staff at all of our locations to help celebrate Employee Appreciation Month this past September. Here are some of the highlights:
Downers Grove and Chicago
The Downers Grove and Chicago offices gathered together for a special BBQ lunch on Wednesday, September 12th. Managers grilled up hot dogs, veggie dogs, and burgers as everyone relaxed around the outdoor patio for a couple of hours. As an extra bonus, the folks at Kimmer’s ice cream were also on hand to offer up single and double scoops of their delicious frozen treats. It was the perfect addition to a warm, late summer afternoon!
It was another nice Wednesday a couple of weeks later when the Downers Grove and Chicago offices once again joined forces for an Employee Social Hour on September 26th. Everybody wrapped up work a little early to spend some time chatting and playing games in our parking lot. Drinks and light snacks were served, and more than a dozen teams participated in a bags tournament. The competition was fierce, but a great time was had by all.
While Downers Grove and Chicago faced warm and sunny weather for their Employee Appreciation Month events, downstate at our Springfield office Mother Nature wasn’t quite as willing to cooperate. Their planned outdoor BBQ had to be cancelled due to rain, so the team went out for some Mexican food instead. After that, they went from refried beans to beanbags as they held an indoor bags tournament.
Before the Milwaukee Brewers earned their spot in the MLB playoffs, our Wisconsin branch got together at Miller Park on Tuesday, September 18th for some tailgating and to watch the team face off against the Cincinnati Reds. Unfortunately the Brewers lost the game, but everyone from Sentinel in attendance had a great time anyway as the conversation was lively, the snacks were delicious, and the life-sized Jenga games were intense.
Up in Michigan, our Ann Arbor office got together for a little friendly competition and social hour at Whirly Ball. It was a bumper car battle for the ages as teams faced off trying to score the most points by hitting a small target with a wiffle ball. While one team was crowned the ultimate champion, the real winners were all the new friends they made along the way.
The Lansing office enjoyed a social hour of their own by heading out to a local bar for some drinks at the end of a long day. Many great conversations were had, and somewhere along the line a darts tournament reignited some old rivalries and started up some new ones. It was all in good fun though, and this event wound up being a real bullseye.
Our Grand Rapids branch decided to live up to the name of their city by having an Employee Appreciation Month event at a go kart track. It was indeed a grand afternoon of high speed fun as our team put the pedal to the metal in a high stakes race to reach the finish line first. Everyone had a blast, even those who finished last.
It’s become a yearly Employee Appreciation Month tradition for our Phoenix office to host a special breakfast for the staff that’s cooked up by the management team. Everyone sat down and enjoyed some delicious eggs, bacon, waffles, donuts, and more to help get invigorated and motivated for the work day ahead.
After their wild pedal pub adventure last year, our Denver team decided to move a little more slowly this year with a simple afternoon cookout employee event. There were plenty of grilled meats, snacks, and other treats to enjoy along with some delightful conversations and camaraderie. They also had a very contentious and intense bags tournament that ultimately ended with some good sportsmanship and a firm handshake.
Fun events such as these for Employee Appreciation Month are just a small part of the reason why Sentinel has been named one of the Top Places to Work in Chicago, Milwaukee, Michigan, and Arizona. If you’d like to join our team, make sure to check out our job openings!
A Three Part Phishing Protection Strategy
By Dr. Mike Strnad, Sentinel Strategic Solutions Advisor
A recent alert from the FBI says that new social engineering techniques are being implemented by hackers to conduct payroll diversion. Cyber criminals are targeting employees through phishing emails designed to capture their corporate login credentials. Once those credentials have been stolen, they are being used to access the employee’s payroll account and change their bank account information.
While technology is needed to help prevent and detect intrusions, management must shift more of their attention to the weakest link, the end users. Educating all employees on how to properly identify and prevent phishing attacks is a strong place to start. I recommend putting together a sweeping security strategy to protect your organization before, during, and after a phishing attack. This includes dual authentication sign in technology through Duo, cyber security training for end user support through Wombat, as well as the secure removal of any identified phishing emails through Proof Point. It makes for a great a one-two-three punch from a security standpoint.
Additionally, vendors who supply security technology solutions should also be training their customers on how to use it properly and build it into any continuity or recovery plans following an attack or disaster. This helps organizations develop a much more well-rounded approach to their security posture, which is essential as attack methods continue to shift and evolve.
If you are interested in learning more about the latest security solutions and how end user training can benefit your organization, please contact us for additional information.
Sentinel Fall 2018 Event Calendar
As the fall season kicks into gear in the coming weeks and months, Sentinel will be hosting several fun and educational events for our customers around the country. The goal is to develop a closer and more personal relationship with those in attendance, and lend our unique expertise to highlight new and emerging technologies designed to optimize and protect the way you do business. If your organization has an office in or near one of the cities where these events are being held, we hope you’ll join us! Please visit the individual event pages or contact us to RSVP and learn more!
**Wednesday, September 26**
Visit Sentinel’s Wisconsin office in Wauwatosa (just outside of Milwaukee) for a lunch and learn with our friends from Duo. They’ll highlight the latest innovations in endpoint and application security, and dive deeper into how your organization can improve secure access beyond traditional perimeter-based network security. Discover new ways to control what specific users and devices have the ability to access your network without exposing it to potential threats.
**Thursday, September 27**
Join Veeam and Sentinel at The Capital Grille in Phoenix for a special lunch and educational event! Experts from Veeam will discuss the importance of having high quality, always available, and seamlessly integrated backup and disaster recovery solutions as part of today's data-heavy and diverse environments. Whether you have Office 365, a hybrid cloud, hyperconverged infrastructure or any other type of configuration, we’ll help you find the backup and DR solutions that are right for your organization. Click here to RSVP.
**Tuesday, October 16**
The Business Solutions Center (BSC) at Sentinel’s Downers Grove, IL headquarters will be hosting a lunch and educational session with our partners at Aerohive on the topic of high efficiency wireless. Get all the details on their new 802.11ax Access Point, which is designed to enhance Wi-Fi performance and management in high density work environments. This is great for any organization dealing with too many devices accessing or attempting to access their wireless network, creating slower speeds and other issues.
**Thursday, October 18**
Our customers in Arizona are getting a treat as we host a very special Tech Summit at Cisco’s Phoenix offices this October. Our top experts will be on hand to talk about the latest security and cloud solutions, as well as help prepare you for new advancements and innovations in the years ahead. If you’re starting to develop your IT strategy for the coming year, this is the perfect way to get your questions answered and learn more about what your focus should be for the future. There will be multiple presentations, along with a Q&A, panel discussion, and happy hour afterward. Click here to RSVP.
**Wednesday, October 24 **
The future’s so bright, we’ve got to wear shades, which is why we’re teaming up with our friends at Dell EMC to host a special event at the Sunglass Hut in Oak Brook, IL. We’ll be looking straight at the sunny future of VxRail, and how this hyperconverged infrastructure solution can help simplify your environment, reduce costs, and enhance overall operations.
Video: Sentinel's Security Offerings
Sentinel is committed to providing our customers with complete end-to-end protection across their entire environment at the best possible value. Our SecuritySelect portfolio was built on this idea, and we continue to partner with a wide variety of industry-best and innovative organizations to expand our security offerings while also adding new features and protection techniques to our own “as-a-Service” platforms such as the Network Operations Center (NOC) and Security Operations Center (SOC). Everything from endpoint security to intrusion prevention systems (IPS) comes together under a single pane of glass that enables customers to have greater visibility into their environment and make more informed decisions regarding the safety of their data, systems, and employees.
The video below showcases Sentinel’s unique approach to security, and how our strong combination of people, processes, and technology leads to enhanced protection and value for customers. You’ll hear directly from some of Sentinel’s top experts as they detail our SOC services and the proactive tactics taken by our analysts to identify new threats and dangerous trends before they reach and infect our customers’ environments.
If you’re interested in learning more about
Sentinel’s SecuritySelect portfolio and how we can help enhance the protection
of your organization, please contact
Sentinel's Robert Keblusek and Rick Spatafore Guest on the Cylance InSecurity Podcast
Sentinel is proud to partner with the rapidly growing cybersecurity company Cylance to offer their solutions as part of our SecuritySelect portfolio. Cylance’s innovative and robust security solutions utilize artificial intelligence and machine learning to take a proactive and predictive role in endpoint protection. They are redefining the approach to cybersecurity, and their technology has already been deployed in hundreds of enterprise organizations around the world, from Fortune 100 companies to government institutions.
As part of their commitment to all things cybersecurity, Cylance also puts together a weekly podcast on the topic. It’s called InSecurity, and features interviews with industry experts on a wide variety of topics that include risk management, threat intelligence, social engineering, government protection, and more.
In this week’s episode, Sentinel’s Chief Technology Officer Robert Keblusek and Sentinel’s Advisory Services Manager Rick Spatafore are special guests in a discussion with podcast hosts Matt Stephenson and Edward Preston about the growing role of Managed Services, and the levels of trust required for organizations to cede control of critical and operational aspects of their security infrastructure to a third party. Stream or download it below!
If you are interested in learning more about
cybersecurity and how Cylance can help protect your organization, please contact us for more information.
Sentinel SecuritySelect: Breaking the SamSam Attack (Part 4 of 4)
By Robert Keblusek, Sentinel Chief Technology Officer
Thank you for reading the fourth and final part of this blog series on breaking the attack. As noted in part 3, 48% of attacks featured hacking, and 30% included malware as part of the attack (source: Verizon Breach Report). The focus of Part 4 is the system compromise portion of the attack. Hopefully you have stopped or detected the bad actors prior to this stage, but if not, you have very little time remaining before your system becomes compromised!
To reach system compromise a number of steps normally occur as documented in the far left section of the photo below. Instead of going through each of these however, it might be better just to show you a real world example.
Penetration Test Example Video
This video was created by one of Sentinel’s lead security advisors using penetration testing (PEN testing) techniques. Sentinel performs a number of security assessments for customers, and the most thorough of all is our PEN testing service, which goes beyond evaluating risks and vulnerabilities by actually performing ethical hacking to truly test your protection and detection abilities.
The video shows how the attack delivers command and control (C&C) of a targeted environment to the attacker in UNDER NINE MINUTES! Considering that the Marsh & McLennan Cyber Risk Report from 2017 shows that the global average dwell time for the bad actor to operate within your network undetected is 146 days, they are very likely to succeed without solid detection and response. Industry experts suggest that it isn’t possible to keep all attacks out, which is why it is critical for organizations to invest in improving detection and response.
The video shows the attacker gaining root access to a server using the Apache Struts vulnerability. This is the same vulnerability used to access the personal information of 143 million US consumers in the highly publicized 2017 Equifax breach.
Below is an alarm example from Sentinel’s SOC service that shows a host under attack with a similar vulnerability. As you can see, our detection was able to identify the attack coming from Canada attempting to access a host under our monitoring service.
In this case our team was able to respond because the system had lateral detection and response in place. Without these services, the attack could have been a success and the attacker might have moved laterally through the network to monetize the attack, disrupt business, and possibly even create a serious cyber breach.
Another approach to lateral detection is decoy technology. With decoy technology we set traps for attackers and they almost always take the bait. In this case, the PEN tester was not aware of the decoy services on the network and got caught as a result. Decoys make it look like a host, share, server image, application image, pump, phone, or other IoT image is completely genuine so the attackers treat it like any other asset on the network. However this particular asset doesn’t actually provide access as it is fake! This offers nearly 100% reliability of detection. If the asset is being accessed it is likely due to an outside attack, an inside attack, an overly curious employee, or a PEN tester (as is the case here).
The PEN test triggered a number of alarms. Here are a couple of examples of the decoy alarms from the attacker. If this were a real attack, you would have a choice. You could immediately kick the attacker out of the network and perform forensics throughout your systems to remove any remaining elements from the attack, or you could watch the attack on the decoy, determine the methods used, possibly determine who the attacker is, or engage the authorities. A decoy can even automatically deploy more decoys around the original to keep the attacker busy while the attack is reverse engineered to ideally determine the purpose behind it as well as the identity of the attacker.
Sentinel’s Decoy as a Service solution also integrates with our SOC, providing immediate notification to our security analysts that a breach is in process. If this were a real attack, we would have detected it early and been able to stop it prior to command and control, or allowed for command and control of the decoy in order to either analyze the attack or improve the possibility of authorities catching the attacker.
I hope that if you have read all four parts of this blog series you have taken away some approaches applicable to your organization and its security posture. All organizations have some level of protection in place, from firewalls to endpoint anti-virus and beyond, but many lack the detection tools necessary to identify a compromise once inside the network. Sentinel has responded to a number of incidents this year, and in each case the customer lacked appropriate detection technologies to catch the attackers once inside the network. In addition, the networks were mostly open and lacked technologies such as micro-segmentation, Cisco ISE for network enforcement, or other containment approaches designed to isolate and protect critical assets.
Most networks lack cyber security detection that identifies threats moving laterally within the network. Hackers and malware will get into your network one way or another, and when they do you must be prepared. In the worst case, if you don’t detect and stop the attack, you will be forced to recover. Recovery is also an often overlooked aspect to a complete cyber security program. Companies often rely on backups to recover their data and systems, however many of today’s attackers know this and destroy snapshots and backups so they can’t be restored.
Where do you go from here? I recommend NIST. If you haven’t heard of the NIST Framework, reach out to Sentinel’s Advisory team to learn more. This is a great framework to align any security program as well as measure ongoing alignment over time.
Sentinel offers a NIST alignment workshop that is a self-report service and only takes about 2 hours for any organization to complete.
Aligning your security program around a framework such as NIST will help to improve your security posture over time. It will also enable you to identify weak areas where your organization should consider spending time and resources. As stated previously, trends indicate that organizations will continue to invest in protection technologies, but the need for detection will increase at a greater rate. Talk to Sentinel today about your risk and how we can help you get the most from your cyber security investments!