Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sentinel Assists an Insurance Company Enhance Security for Employees Working From Home Due to the COVID-19 Pandemic
Sentinel Assists an Insurance Company Enhance Security for Employees Working From Home Due to the COVID-19 Pandemic
Introduction / Use Case
As the COVID-19 pandemic swept across the world, schools and workplaces closed and employers had to abruptly pivot to supporting a remote workforce. Organizations scrambled to send their employees home, while facing a significant shift in how a large segment of the workforce operates. IT departments needed to securely support a remote workforce at a scale never seen before.
The COVID-19 pandemic has dramatically changed where we work. According to a Pew Research Center study, employees who say their job responsibilities can mainly be done from home, 20% worked from home before the coronavirus outbreak. Now 71% or respondents are currently working from home all or most of the time.
While IT assets such as compute, storage, networking, and security infrastructure remained in corporate or cloud data centers, users took their computers home. Workforces required safe and secure remote access to organizational IT resources. To keep remote workers connected to the workplace the use of remote access technologies greatly expanded.
With the increased use of Virtual Private Networks (VPNs) and Virtual Desktop Infrastructure (VDI), these remote access technologies became a bigger target for cyber actors. On April 1, 2020 the Federal Bureau of Investigations (FBI) released a Public Service Announcement warning of the increased security threat associated with the rapid migration to a remote workforce.
The FBI anticipates cyber actors will exploit increased use of virtual environments by government agencies, the private sector, private organizations, and individuals as a result of the COVID-19 pandemic. Computer systems and virtual environments provide essential communications services for telework and education, in addition to conducting regular business. 
Strategy / Approach
While employees working from home has been a tremendous success, this change has presented new security challenges. Pre-COVID-19 security resources were centralized within company offices. Firewall and other security appliances within the company’s walls protected users working in the office. When employees transitioned to working from home some of the security solutions were no longer protecting them. This has left users vulnerable to different attack methods including phishing attacks are credential theft.
Single Factor Authentication
Previous to the pandemic, the customer had implemented a VDI solution. The VDI solution utilized single-factor authentication (username and password) to the back-end Active Directory infrastructure. This left the VDI infrastructure vulnerable passwords phished, stolen or guessed.
Users often recycle passwords easing the cyber actors’ burden in guessing authentication credentials. A solution was needed to secure the VDI authentication process.
Employees Taking Their Computers Home
When employees went home, their company issued laptops were protected by the anti-virus and email security products however they were no longer protected by the rest organizations security infrastructure. There was no visibility or restrictions into where they went on the Internet. This left them vulnerable phishing and drive-by malware downloads.
A solution was needed to protect employees from malicious Internet traffic.
Resolution / Remediation
A local insurance company’s network and communications and security requirements had dramatically changed and they needed a partner to provide the business innovation and agility to enable them to adapt.
Sentinel partners with industry-leading vendors to offer many options to help our customers connect and scale out fast. Sentinel’s Security as a Service (SECaaS) offers security solutions that are backed by a large team of some of the most knowledgeable experts in the field. As a Cisco Managed Security Services Provider (MSSP), Sentinel is able to quickly and securely provision and deploy Cisco DUO two-factor authentication and Umbrella DNS-layer protection.
Cisco DUO Two-Factor Authentication
Cisco DUO is a two-factor authentication (2FA) security solution. Two-factor authentication adds an extra layer of security to insure a person trying to gain access to a system are who they say they are. Sentinel secured the VDI environment with Cisco DUO two-factor authentication (2FA). If a cyber-actor is able to authenticate to a VDI session, using hacked or stolen credentials, access is denied without the approval of the second factor.
The customer provisioned the DUO system, enabled and added the VDI application to the DUO administrative control panel. Using Active Directory Sync, users belonging to a specific AD group was selected and imported into DUO. DUO enabled users were sent an Enrollment Email. Following the enrollment email, users were able to easily download the DUO smartphone app and enroll within minutes.
A user first enters a username and password. After the authentication server validates the username and password, users then validate the second factor authentication. Users can choose to affirm an authorization request through a DUO smartphone app push notification, DUO app generated passcode, or a phone call.
Cisco Umbrella is a DNS-layer security solution which blocks DNS requests to malicious domains. Umbrella integrates with Active Directory to provide user level insight and control. By blocking the DNS request for malicious and unwanted domains, traffic is blocked before a connection is even established.
Going above DNS-layer security, Umbrella is also a cloud based Secure Internet Gateway (SIG). The SIG functionality includes a selective intelligent proxy feature which is used to proxy users requests to “grey” domains. “Grey” defines domains which may have to good and bad elements. They cannot be fully trusted, but completely blocking may not be appropriate. Umbrella routes traffic destined for a “gray” domain, from the user, through Cisco cloud-based proxy servers, to the final destination. This provides Umbrella additional visibility into the web traffic to scan for malicious files.
To protect employees working remotely, Sentinel deployed the Umbrella roaming agents on all company-issued computers. The Umbrella Roaming client protects employees when they are out of the office by blocking malicious DNS requests. This also gave the It Department visibility into threats affecting their remote workforce.
As COVID-19 forced this customer to close their office and employees transitioned to work from home, the IT department faced new security challenges.
Employees working from home were left relatively unprotected. Cisco Umbrella was providing DNS-layer security in the corporate offices. Cisco Umbrella Roaming Agent was deployed to company-owned computers to extend the same layer of protection to remote works.
The existing VDI solution became more of a target. To mitigate the threat posed by phishing attacks, and credential stealing, Cisco DUO was employed move from single-factor authentication to two-factor authentication.
 How the Coronavirus Outbreak Has – and Hasn’t – Changed the Way Americans Work
 Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments, FBI Public Service Announcement I-040120-PSA
 What is Intelligent Proxy
Sentinel Assists a Leading Provider Of Medical Waste Services And Compliance Based Solutions With The Implementation Of Robust Network Admission Control Features
Introduction / Use Case
A leading medical waste services provider has previously worked with Sentinel to implement basic Network Admission Control services using Cisco Identity Services Engine (ISE). These basic services included network device authentication (AAA), 802.1x/RADIUS authentication for their Meraki wireless networks, media access control bypass (MAB) for non-802.1x devices and remote access VPN authentication using the Cisco AnyConnect Secure Mobility VPN Client.
This organization has a myriad of different devices and users that access their corporate networks via network switches, wireless access points and remote access VPN’s. They are looking to implement additional Cisco Identity Services Engine features to consolidate access policies across the enterprise, while increasing security for both on premise and remote employees.
The Cisco Identity Services Engine enables organizations to implement policies for controlling access to corporate network infrastructure through the use of contextual information such as device type, endpoint configuration (posture), location, media access control address, user role or user identity, etc. This contextual information is then used to implement post connect controls on end station devices such as laptops and workstation as well as wireless mobile phones, tablets, printers, cameras and Internet of Things (IoT) devices.
Key features of many Cisco Identity Services Engine include but are not limited to the following:
- Centralized Management – administrators can centrally configure and manage profiler, posture, guest, authentication, and authorization services in a single web-based GUI console.
- Contextual Identity and Business Policy - provides a rule-based, attribute-driven policy model for flexible and business-relevant access control policies. Includes attributes such as user and endpoint identity, posture validation, authentication protocols, device identity, and other external attributes.
- Access Control - provides a range of access control options, including downloadable Access Control Lists (dACLs), Virtual LAN (VLAN) assignments, URL redirections, named ACLs, and Security Group ACLs
- AAA Services – supports standard RADIUS protocols for Authentication, Authorization, and Accounting. Supports a wide range of authentication protocols, including, but not limited to PAP, MS- CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP-Flexible, Authentication via Secure Tunneling (FAST), EAP-Transport Layer Security (TLS), and EAP-Tunneled Transport Layer Security (TTLS).
- Internal Certificate Authority – has an internal certificate authority. Provides a single console to manage endpoints and certificates.
- Device Discovery and Profiling – determine device type, device manufacturer and operating system information by inspecting packets that are sent by these devices in the network.
- Endpoint Posture Service – performs endpoint compliance security posture checks to determine OS versioning and patch level, anti-virus/endpoint protection version and OS updates, etc.
- Guest Lifecycle management – Provides a streamlined experience for implementing and customizing guest network access. Support is built in for hotspot, sponsored, self-service, ETC.
- Security Product Integration – provides bi-directional integration with other security products.
Strategy / Approach
The rapid increase in bring your own devices, guest access requirements, vendor access requirements and Internet of Things devices has significantly increased the overall threat vector. This increased threat vector has fueled the demand for NAC products in medium to large organizations and is used by these companies to help them mitigate the greater risk. The effectiveness of NAC products has also been expanded through the integration with next generation firewalls, threat detection software, endpoint protection software, SIEM and mobile device management software.
Enterprise organizations and financial institutions have higher risks due to a larger user populations, more contractor access requirements, compliance related user data and a broader threat vector due to a global network footprint. Additional a breach at an enterprise or financial organization can severely impact the company’s stock price and the overall financial health of the organization. However due to the high price of implementing NAC solutions, it is often one of the last security measures that an organization will implement in order to secure their networks, users and data.
The design and rollout of NAC products such as Cisco Identity Services Engine can be a daunting task considering that the implementation of NAC technology touches virtually every element of the client’s network including switching, firewalls, endpoint protection, PKI, user directory, etc. Moreover larger enterprise networks have significantly more devices and networks to secure. Because of these challenges Sentinel will be working with the client and their network security staff to begin designing and implementing these new Identity Services Engine features in a multi-phased approach. This multi-phased approach will allow the client and Sentinel to work through any Cisco Identity Services Engine implementation related issues and tuning before moving on to the next phase.
Resolution / Remediation
At a high level, Sentinel has broken this engagement up into six separate phases, as follows:
Phase I: Cisco Identity Service Engine Software Upgrades – During this phase, the client’s existing ISE nodes will be upgraded by Sentinel from Cisco ISE version 2.4 to Cisco ISE version 2.7, Patch 2. This is an important phase as the updated software will add new features as well as provide bug fixes for existing features. In addition to the software updates a new Policy Service Node will be added in the client’s United Kingdom Data Center.
The client’s existing distributed deployment is currently configured as (13) Cisco Identity Services Engine nodes running as Virtual Machines in the client’s existing VMware Virtualization environment. The client and Sentinel have already deployed the following Cisco ISE Nodes and Persona’s including a single ISE Policy Services Node per region:
- (9) ISE Policy Service Nodes (Five Nodes have Tacacs Device Admin enabled)
- (2) Primary ISE Administration Nodes
- (2) Primary ISE Monitoring Nodes
In discussions between the client and Sentinel is was determined that the backup and restore method would be used to upgrade all (13) ISE Nodes to Release 2.7 Patch 2. Advantages of this upgrade method include the following; It is the fastest upgrade method and is recommended by Cisco, Configuration settings and the operational logs from the previous ISE deployment can be restored if needed preventing from data loss, new nodes can be staged outside of maintenance windows thereby reducing the time of the upgrade during the production, multiple Policy Service Nodes can be upgraded in parallel reducing the upgrade downtime. The client has already confirmed it has the compute and VMware resources to pre-stage the new Virtual Machines and join them immediately to the upgraded Policy Administration Node.
Upgrade tasks will include the following; re-number the three existing Policy Service Nodes from the PCI VLAN (DMZ) and move to the proper internal VLAN, pre-position new ISE Nodes as needed to facilitate faster upgrades, upgrade all of the ISE Nodes to Release 2.7 Patch 2 using the backup and restore method, add a new Policy Service Node at the Data Center at the Leeds, United Kingdom location. The following new software and support components have been included:
- (1) – Cisco ISE Virtual Machine Medium
- (1) – Cisco SWSS Upgrades Cisco ISE Virtual Machine Medium
Phase II: Discovery and Wireless True-up – During this phase, the existing ISE policies, network configurations, and access segments will be analyzed, documented, and any recommendations will be provided. An overall access and security policy will be developed jointly with Stericycle and Sentinel. Adjustments to consolidate the wireless access policies will be made, in accordance to the overall agreed-upon access policy and design
Phase III: VPN Authorization and Client Posturing – During this phase, VPN authorization will be added to leverage the existing Cisco ISE implementation. This modified policy will include device posturing, to ensure endpoints has appropriate characteristics, such as Anti-Virus/Anti-Malware, OS versions, etc.
Phase IV: Proof-of-Concept, Cisco ISE Wired/Wireless Authentication/Authorization and StealthWatch – During this phase, a Wired Authentication/Authorization and StealthWatch Proof of Concept (POC) will be designed, installed and configured. This POC will include a subset of existing compatible switches and firewall(s) located in IT, Cisco ISE updated 802.1x authentication/authorization policies and templates, rapid threat containment (adaptive network control), Cisco ISE pxGrid integration with StealthWatch, StealthWatch installation and Configuration including the Secure Network Analytics (StealthWatch) Management Console, Flow Collectors and device Netflow, IPFIX and nvzFlow configuration (Anyconnect).
Phase V (Future): Wired Authorization – During this phase, the wired segments of the enterprise network will be configured for authentication and authorization which will prevent unauthorized devices from joining the network as well as defining access to network segments. Posturing policy will be extended from the VPN engagement in Phase II to also apply to the wired segments.
After all of the phases are complete, the client will have increased security for both on premise and remote employees across their enterprise network by implementing consolidated enterprise wide access policies.
Sentinel Helps A Manufacturer Modernize Their Wide Area Network To Support Cloud Services
A manufacturer was looking to modernize their corporate wide area network (WAN) to support cloud services consumption. This included Infrastructure as a Service (IaaS) and Software as a Service (SaaS) delivered through the cloud. The cloud offers companies the opportunity to innovate, increase agility, as well as leverage new platforms for new services and/or to modernize existing services. In addition, PaaS (platform) and SaaS (software) provide the opportunity to rapidly deploy applications from various providers such as Salesforce, BOX, Microsoft O365 and more. The business innovation and agility provided by these platforms dramatically changes the requirements of network communications and security.
Data centers, formerly the central choke point(s) of an organization, no longer provide most or all critical business services. Instead, public, private, and hybrid clouds host many of the services formerly relegated to centralized data centers. Some platforms also offer the opportunity for vendor independent connectivity and cost savings as well as bandwidth increases.
Organizations previously backhauled traffic to data center(s) where a majority of IT services were delivered. This resulted in centralized security controls and simplified the security infrastructure to some degree. Cloud services distribute the data center to many locations optimally consumed over public and private internet connections. These multi-routed traffic patterns create new challenges when it comes to distributed security requirements. Security policies and governance become even more critical because the business is consuming services from a variety of providers. Modern SD-WAN (software defined WAN) solutions solve these challenges by providing centralized control and orchestration, making every network edge a highly secure next generation firewall capable of enterprise-class security functions.
Strategy / Approach
A 2018 study by Gartner showed how SD-WAN offers benefits over traditional WAN services:
+ Emergence of public cloud computing and SaaS has rendered traditional enterprise WAN architectures suboptimal from both a price and performance perspective
+ SD-WAN is a mainstream product category that provides branch office connectivity in a simplified and cost-effective manner compared to traditional routers
+ SD-WAN adoption is growing rapidly. Many network service providers and non-MSPs now offer managed SD-WAN services.
+ Independent MSPs also offer flexible services more customized to an organization’s needs, as well as advanced security monitoring and response options for organizations that transcend traditional router management of availability and capacity.
Sentinel and Gartner both recommend that organizations currently using or developing applications through the hybrid cloud migrate to an SD-WAN architecture. It creates multiple paths to connectivity and provides users with a more direct route to important Microsoft Office 365 applications. Connectivity via the internet is likely the best option, assuming it is reliable. If your service provider has a direct connection to one of the Oracle cloud points of presence, your network must adapt to use both services while maintaining the most expedient path to Office 365. Office 365 also requires a number of ports and protocols to be open on the network, which marks another benefit of SD-WAN solutions with SaaS awareness. While Office 365 has been the focus of this summary, the guidance here applies to most SaaS providers and ensures enough flexibility will remain in your environment to easily manage future deployments.
Sentinel advises that any SD-WAN architecture should support advanced security services, including: next generation firewall capabilities, URL & content filtering, centralized policy management, monitoring and log capabilities, and anti-malware services. In addition, a proper SD-WAN solution should provide visibility into cloud services in order to treat traffic appropriately, plus the ability to support internal data center services on an ongoing basis.
For these reasons, Sentinel recommended Cisco SD-WAN (based on Viptela technology) for the manufacturing customer. This solution leveraged existing investments in Cisco ISR routers by adding intelligent software on top of the ISR hardware platform. It allowed the manufacturer to extend their SD-WAN services to IaaS providers, Sentinel CloudSelect (voice and collaboration), as well as Oracle Cloud (IaaS). Cisco’s SD-WAN solution also supports a plethora of SaaS and PaaS providers, including but not limited to Office 365, which the manufacturer is planning to deploy in the near future. This platform will provide a wide area network that is adaptable, multi-cloud ready, and has distributed next generation security – all controlled via centralized management and orchestration.
Resolution / Remediation
The original scope of work requested both a legacy dynamic multipoint virtual private network (DMVPN) solution with centralized hub sites as well as a software-defined WAN solution. Sentinel recommended that the customer skip the DMVPN and focus on a cloud-ready architecture based on SD-WAN instead. DMVPN was an efficient solution for creating a private meshed network over the internet, but it has become a bit outdated in the modern world of cloud-ready architectures and distributed security needs. DMVPN does not satisfy the distributed security requirements, nor does it add the intelligence and centralized configuration needed for modern cloud consumption models. SD-WAN features all of those capabilities and more, which is why Sentinel encouraged the manufacturer to consider shifting their approach.
Sentinel optimized the architecture to support internet only, internet plus secondary internet, and internet plus private (MPLS) services. The technology makes intelligent decisions on the best paths for specific services, and by defining policy within the central manager, can continue to adapt to the enterprise needs. It’s no longer necessary for highly skilled individuals to manually define, distribute, and deploy configuration changes. In an effort to streamline operations, Sentinel ensured the central manager had the capability to control the entire network fabric, including application optimization, cloud services, intelligent routing, and security services.
While the customer initially requested the identification and placement of WAN services at edges and hub locations, Sentinel advised that any hub sites be replaced with a fully meshed solution featuring strong cybersecurity. Hub locations can still be used to deliver high speed or peering services if desired, however the intelligent and automatically distributed design presented by Sentinel gave the manufacturer greater adaptability and scalability to handle any current and future needs. New voice and collaboration services were deployed into the customer's environment via Sentinel CloudSelect data centers in Illinois and Arizona. The Sentinel team also coordinated with Oracle to establish IaaS, production, and disaster recovery services through their cloud data centers in Virginia and Arizona.
Oracle also offers direct connectivity to various carriers, including the customer's current service provider AT&T as well as CenturyLink, which the customer plans to use for private services in the future. If the manufacturer wants to deploy cloud-to-cloud services such as Azure ExpressRoute within their environment at some point, Oracle can easily provide any Microsoft and Azure connectivity.
The Sentinel team deployed the SD-WAN solution into the manufacturer’s environment, which significantly increased their cloud capabilities and provided a centralized control for simplified management of services, applications, and security. This streamlined approach improved efficiency and made it easier than ever for the customer to scale out as they continued to grow.
Sentinel Develops An Omnichannel Solution for a Credit Union
A Chicago area credit union sought to improve their operational efficiency and service levels across all communication channels. This was in response to its members, who advocated for more personalized, omnichannel assistance as they worked to achieve financial goals. In order to make this a reality, contact center agents required easier access to customer information and more descriptive context while interacting with multiple applications, including core banking, online banking, and authentication systems.
The credit union wanted to leverage and extend the value of its existing Cisco Communication and Collaboration systems, while simultaneously establishing a strong platform for future growth. They also aimed to provide additional survivability, redundancy, and resiliency for its data and communications environment, as well as improve secure remote worker capabilities to better address the new pandemic requirements of their employees.
The credit union chose to work with Sentinel Technologies because of its extensive expertise in Unified Communication, Collaboration, and Customer Service Centers. The Sentinel team took time to learn about the specific project requirements and began to outline possible solutions. Sentinel quickly determined that an omnichannel solution to complement the credit union’s existing environment was the best course of action.
The omnichannel solution seamlessly integrated with all existing applications, and gave agents instant visibility into critical information with application pop, click-to-dial, data exchange, and more. Credit union members received more personalized, consistent service as a result. The organization improved customer service levels and streamlined processes more efficiently than ever before, all while extending the value of their legacy investments and positioning the credit union for future growth.
Sentinel worked closely with the credit union to develop a secured access environment for remote knowledge workers and agents. Sentinel also migrated their critical data and voice applications to a strategically located secondary data center, which resulted in redundant survivable connectivity and routing.
Once their project with Sentinel had been completed and deployed, the credit union was able to deliver:
+ Personalized member experience
+ Improved service levels
+ Greater agent efficiency
+ Application redundancy/survivability
+ Secure remote worker capability
Small Businesses and Servers
The number of people working remotely was already growing before the pandemic, but COVID-19 sent the entire concept into overdrive as organizations sought to maintain productivity while keeping employees safe. There has been a 9x increase in work from home situations since 2019, as around 62% of Americans currently have the capability to perform essential job functions outside of a traditional office or place of business.
While many organizations have fully adjusted to this new remote work standard, some have struggled to achieve a healthy balance of resources, security, and productivity in the face of an unprecedented situation. If you weren’t already prepared to have all employees work from home, chances are you spent a good portion of the spring and summer trying to catch up and make sure everyone’s needs were met. Some businesses, particularly smaller ones, might still be having trouble maintaining day to day operations.
As a result, many employees have resorted to finding alternate ways of getting things done. It’s estimated that more than half of the remote workforce has used personal cloud apps or email to share documents, files, or data with co-workers. This includes documents with confidential or sensitive information. Around 41% of workers say they have actively ignored or purposely found ways around certain security safeguards during the pandemic so they can get work done.
These sorts of behaviors create additional risk for your organization. Cyber criminals know this, and have been taking advantage every chance they get. According to a recent study by Dell Technologies, there has been a 75% overall rise in cybercrime since the start of the pandemic, with a 50% increase in attacks compared to this time last year. Ransomware is by far the most popular type of attack, up more than 109% from 2019. That’s not even taking into account the recently reported breaches of several U.S. government agencies and major corporations by Russian hackers.
A few weeks ago, we provided a few tips on how small businesses can stay secure while working remotely during the pandemic. Beyond focusing on your endpoints and network when reinforcing security measures, your organization should also consider additional protection by ensuring there’s a next-generation server in your environment. Recent improvements in efficiency and affordability have made it easier than ever for small businesses to adopt and deploy a server to improve overall data access and management during a time when it’s more essential than ever.
Servers are easy to set up and use, are no longer expensive (a quality server can cost as little as $500), and create an additional layer of security for your data. They enable you to monitor all incoming email to better detect and destroy any malicious files or links, which is a common point of attack. Backups and document version control are simplified when everyone is working off a single server. Since each machine or endpoint that contains copies of sensitive data increases the likelihood of it being stolen or encrypted in a breach, keeping everything localized on a server that’s more secure than a laptop or phone is a smart way to stay protected.
Another benefit of a server is that it enables you to control who has access to what data. Placing restrictions on certain files and knowing who is accessing them at any given time can prevent people from unknowingly sharing sensitive data, thereby helping to reduce breaches. Many cloud services have also become a point of attack for cyber criminals, particularly those that only require a username and password to gain access. A dedicated server with built-in security is an improvement for businesses that have relied on the cloud for storage and software solutions.
There are a number of security features you should look for when purchasing a server. Make sure it has a lockdown mode, so if an intrusion is detected hackers will be unable to make any changes. Prevent cyber criminals from adding malicious code or backdoors into your server by maintaining secure firmware upgrades. When you purchase a new server, it’s incredibly important that the server is shipped directly from the factory to your business to ensure the chain of security remains intact and nobody has the opportunity to tamper with your loaded hardware, software, and firmware. Lastly, select a server capable of securely wiping all data. If your server ends up redeployed, taken out of service, or suspected of compromise, you’ll need to thoroughly clear it of any data so no bad actors have the opportunity to access or recover it.
An investment in a server is an investment in security and future growth. While now might not seem like the best time for any business to add or upgrade a server, it can improve efficiency and provide greater assistance to those working remotely. That can make a big difference in these challenging times. Plus, servers are designed to be scalable so they can grow with your business. You can add storage capacity to a server, pair it with other servers, or deploy productivity applications to support collaboration, mail, messaging, and other shared services.
As you can see, there are many benefits when small businesses choose to deploy a server in their environment. If you are interested in learning more, please contact Sentinel for additional information.
Sentinel's 2020 Holiday Gift Guide
It’s been…a different kind of year, to put it mildly. While life has fundamentally changed for many people during the COVID-19 pandemic, there’s still a fair amount of normalcy to our days that helps make things just a little bit easier. For example, you might not be going into the office for the time being, but hopefully you’re able to do the same work from home as needed. You might not be able to go see a movie or enjoy a meal at a restaurant (depending on where you live), but streaming services and delivery drivers can bring those things straight to your couch. It might not be as fun or as social, but it beats not having those things at all.
On the upside, the inability to travel or purchase tickets to events hopefully means you haven’t spent as much money this year. There’s so much you can do with a little extra cash in your pocket! Donate more than usual to your favorite charity or causes! Pick up an extra gift for a special someone in your life, or even yourself because you’ve earned it! Speaking of which, with the holidays once again upon us, we wanted to share a few technology-focused items that caught our eye this past year. These would make for some great holiday gifts, if you were so inclined to pick any of them up. Consider this year’s list particularly helpful for those of us stuck at home during this pandemic. As usual, there’s a relatively wide range of prices on these, depending on how much you’re looking to spend.
PhoneSoap 3 [$80 on Amazon]
Hand sanitizer and disinfectant wipes have been pretty hard to find these last several months, and while people are doing their best to keep their bodies and surfaces clean, we sometimes forget about how many things we touch on a daily basis. Research indicates that most smartphones have about 10x more bacteria and germs than your average toilet seat, which means if you’re not cleaning it every day there’s a high potential it could end up as a reason why you get sick. PhoneSoap 3 makes it super easy to keep your phone clean. It’s both a sanitizer and a charger, using UV-C lights to kill 99.99% of all bacteria and germs on your phone. Not only that, but it’ll clean any other object that fits inside the case, including keys, credit cards, jewelry, and earbuds.
August Wi-Fi Smart Lock [$218 on Amazon]
Whether or not you’re spending most of your time at home these days, it’s still important to keep your house, apartment, or condo secure. Most entry doors have deadbolt locks on them, and while they are an important safety device, it’s also a minor hassle to dig through your pocket or set of keys when you have to lock or unlock one. August’s Wi-Fi Smart Lock aims to make that whole process even easier. It can be installed on top of any single cylinder deadbolt lock and uses your smartphone or smartwatch to function. Not only will the door unlock when you approach it, but this device also provides remote access when guests or family members are locked out and you’re away from home. There’s an auto-lock function that activates after 30 minutes, and it tracks the status of your door so you know when people are coming and going. If you’re concerned about thieves hacking your smart lock, there are multiple encryption elements and multi-factor authentication included. And if your phone is lost or stolen, you can easily deactivate the smart lock so nobody else can get access. As an added bonus, you can also connect your smart lock to your home voice assistant (Alexa, Siri, Google, etc.) and ask about your door status or command it to lock/unlock from your couch.
LARQ Self-Cleaning Water Bottle [$95-$118 on Amazon]
Are you drinking enough water? Your doctor probably doesn’t think so. It helps if you keep a water bottle with you throughout the day as a reminder to stay hydrated. Disposable plastic bottles may be convenient to use, but they’re not the most environmentally friendly option and can get expensive when you drink a lot of water every day. A reusable water bottle is a far better option, but then there’s the hassle of having to frequently clean it. LARQ’s self-cleaning water bottle simplifies everything. Similar to the PhoneSoap 3, it uses UV-C LED technology to eliminate 99.99% of bacteria and germs that may accumulate inside of your water bottle. You can activate it with the touch of a button, but it also automatically activates every two hours to ensure everything stays clean. It’s vacuum insulated to keep beverages either cool or hot for up to 12 hours, and holds a charge for up to a month. There are few things that make it easier to stay hydrated.
Eero Mesh Smart Router [$175 on Amazon]
If you’re stuck working from home every day, you’ve probably learned about the importance of having a strong and fast Wi-Fi setup. Video conference calls can get pretty frustrating when your signal is weak and you’re stuck with choppy audio and video. Even the strongest wireless setups can end up a bit strained if your kids are eating up bandwidth watching TV on a streaming service while you’re trying to get things done in your home office. Eero’s Mesh Smart Router is a Wi-Fi system that comes with three pods that can be placed at different spots in your house to ensure a strong wireless signal in those areas. It works with any ISP and connects to your digital assistant (Alexa, Google, etc.) so you can manage or change network settings with simple voice commands. If you’re having bandwidth issues, the system can re-route traffic to the area or device that needs it most. For example, if you want to disconnect all smartphones on the network to improve the signal on your laptop, it’s easy to do. These routers also automatically update with bug fixes and security patches to help keep your network safe.
Philips SmartSleep Wake-Up Light [$170 at Amazon]
If you’ve been struggling with a good night’s sleep for much of this year because of everything going on in the world, there’s a good chance that tiredness is affecting your mood and productivity on a daily basis. There are a number of products and over the counter medicines available to help you get a restful and deep sleep, and the Philips SmartSleep Wake-Up Light is one of the few that uses technology to ease you into and out of slumber. The first thing it does is measure the temperature, noise, light, and humidity levels in your bedroom and recommends adjustments you can make to help you fall asleep faster. You can connect the device to a smartphone app that allows you to set alarms with up to 20 different sounds, lights, and intensity levels. It has the capability to simulate sunrise and sunset, mixed with ambient noises such as rain or ocean waves. There are light-guided breathing exercises that can help calm your mind and relax you for sleep, along with a soft light function in case you wake up in the middle of the night so you can see some of the room around you without jarring the senses. Of course it also has the traditional alarm clock functions (with snooze), for those that enjoy loud buzzers or listening to the radio first thing in the morning. This device is essentially a next generation alarm clock, so if you’re adamant about improving the quality of your sleep, this might be worth checking out.
Awair Element [$148 on Amazon]
Indoor air quality has become exceptionally important in 2020, as many retail, restaurant, and entertainment businesses have invested in high quality air filters and purifiers to help keep an airborne illness from spreading to customers. Of course air quality affects more than just the spread of viruses. It can impact your productivity, sleep quality, immune system strength, and general concentration. That’s not even taking into account those with asthma and other breathing challenges. While the Awair Element can’t actively change the air quality at your home or office, it will provide important information about how your indoor activities are impacting your air quality and the way you feel. It tracks five key elements: temperature, humidity, carbon dioxide, volatile organic compounds (found in things like building materials and cleaning products), and PM2.5 (microscopic particulates from vehicle exhaust, wildfires, cooking, etc.). You’ll be able to see how your actions impact the health of your space and receive tips on ways to improve indoor air quality. The device can connect to your smartphone via Bluetooth and even send notifications when your air quality reaches unsafe levels.
Happy Holidays from your friends at Sentinel! Wishing you a safe and healthy rest of 2020!
Sentinel Is Grateful For 2020
Thanksgiving is traditionally the time of year to take stock of the past and place special emphasis on the many great things that have happened in your life. It’s something that’s particularly important in 2020, when a pandemic rapidly spread across the globe resulting in challenges from both a health and economic perspective. Many have considered this year to be a nightmare so far, and it’s understandable if you simply want to wipe the slate clean and forget everything that has happened. Another way to look at it is that all of the darkness made it that much easier to see the bright spots in our lives. We may have gained a new appreciation and respect for family, friends, and our communities. Things like eating at restaurants and going on vacations to other countries may have felt trivial at the time, but upon further reflection were deep sources of joy and excitement in our lives.
Instead of constantly thinking about everything we’ve lost in 2020, let’s spend this Thanksgiving expressing gratitude for everything we still have, along with hope for a better future ahead. For example, if you’re reading this, it means you’re still alive! It also means you have an internet connection and the ability to read. Your health is also exceptionally important, and you should consider yourself lucky if you’ve managed to avoid any serious illnesses so far this year. If you have children it may have become a bit frustrating if schools in your area have remained closed, but hopefully this has also been a great opportunity to get in some genuine, quality family time. The same goes for those maintaining a job, particularly if you can work remotely. Above all else, please remember that you’re doing your best given the circumstances, and there’s so much to look forward to in the coming months.
At Sentinel, we remain grateful for so much, including our customers, our partners, and our employees. Our mission is to help ensure your organization has all of the technology required to stay connected, secure, and fully operational in both good and bad times. We’re here to serve you in any way possible, so let us know what we can do to make your day-to-day easier. As part of our Thanksgiving tradition, we asked some of our employees to share some of the things they’re most grateful for in 2020. Here are a few of our favorites. You can see more on our Facebook, Twitter, Instagram and LinkedIn. Let us know what you’re #GratefulFor on our social media channels!
Small Business Tips For Staying Secure While Working From Home
Due to the COVID-19 pandemic, back in March most organizations were forced to quickly adapt to conducting their business and working with others in a remote capacity. While a majority of large enterprise organizations were reasonably well equipped to handle such a sudden shift, some rushed to expand their networks and capabilities to meet the demands of employees. This often meant making compromises for the sake of expediency, and setting themselves up for a number of challenges months later.
Small businesses faced even greater difficulties, as some didn’t have the tools and bandwidth readily available for such an emergency, nor did they have enough flexible capital to buy it in a timely fashion. Yet several months later, everyone continues to try their best, and has (for the most part) adjusted to the day-to-day new normal of working from home. The problem is that while organizations of all types have been busy fundamentally changing how they operate, cyber criminals have been busier than ever attempting to breach weakened defenses and take advantage of new security gaps accidentally created during the shift to remote work.
There was a 33% increase in malware attacks during the first few months of 2020, and that percentage has only gotten higher since then. Late spring and early summer saw a 600% increase in phishing attempts, while there’s also been a 630% increase in threats targeting cloud services. These numbers are worrisome, and a big reason why IT administrators and security professionals need to redouble their protection efforts.
Given that a security breach almost always results in lost/stolen data, disruption of business, heavy financial costs, and damage to your reputation, it remains essential to keep your network, systems and employees safe. This is especially true for small businesses. So here are a few relatively easy and somewhat inexpensive ways to help strengthen the security of small businesses throughout these uncertain times as everyone continues to work from home.
Use a VPN
Establishing your own Virtual Private Network (VPN) enables users to securely connect with the network, servers, and cloud services back at the office. This creates an added layer of protection for your endpoints, particularly in situations where employees are using personal devices (laptops, tablets, etc.) to conduct company business while at home. A VPN also makes it that much easier to access critical files and applications, share documents, and collaborate with co-workers.
Change Cloud Passwords Regularly
As mentioned earlier, there has been a 630% increase in attacks on cloud services over the last few months, and that’s largely because so many organizations rely on the cloud to store critical data and applications. While most cloud providers have their own security that is generally strong, attackers have found the most success breaching with a stolen or hacked user password. In order to prevent this from happening, it’s important to require users to change their passwords on a relatively frequent basis. Even more important is imposing strict guidelines to ensure strong passwords. This includes a combination of upper and lower case letters, along with numbers and symbols. Also make sure all passwords are 14 characters at a minimum. The longer the password, the harder it is to crack, and the less frequently you’ll need to change it.
Use Multi-Factor Authentication
In addition to a strong and regularly changed password, enabling multi-factor authentication into your security infrastructure makes it that much harder for cyber criminals to breach your remote environments. When attempting to access a VPN, cloud, or application, users will first be asked to enter their password, and then be required to do one of the following:
+ Approve a push notification to their personal device (smartphone, etc.)
+ Enter a limited time code via a token or smartcard they are carrying
+ Submit some type of biometric identification (fingerprint, retina scan)
This ensures that even if a password has been stolen or hacked, an attacker will not be able to gain access to sensitive areas or materials without additional approval methods. Many multi-factor authentication solutions are easy to use and relatively inexpensive for those operating with a very limited budget.
Keep Your Security Up To Date
While rushing to get every employee set up with all of the essential equipment and applications required to work from home, a few things might have fallen through the cracks. One of them could be regular updates to your security solutions. If you miss an update, you could also be missing bug and security flaw fixes that cyber criminals could use to their advantage. Staying on top of those things pays dividends in the long run, and will continue to ensure your critical assets have optimal protection for the future.
Secure All Devices and Endpoints
Yes, a VPN will give your users an extra layer of protection when they access the company network, servers, and cloud services, but there are still other back door entrances attackers can use to try and breach your systems. If remote employees are using personal devices for company business, that doesn’t prevent a malware intrusion or phishing attempt from finding its way onto that device and exploiting it to gain entry to your network. The employee may visit a malicious site by accident during their off-work hours and might not even realize it, leading to problems when they log in to work at home the next day. In lieu of providing every user with a designated work laptop and/or phone that has a whole host of security features already installed, you should require all employees to download and install strong security solutions on any personal devices that will be used to access corporate assets. This will harden your overall security posture and significantly reduce the risk of a breach through an unprotected endpoint.
These are five relatively easy and inexpensive ways to help keep your organization secure while everyone continues to work from home. Even small businesses should be able to adopt them without much difficulty. If you need to set up a VPN, deploy multi-factor authentication, and/or find security solutions for your remote workforce, please don’t hesitate to contact Sentinel for more information. Our experts can provide guidance, and we even offer workshops to help uncover any weaknesses or gaps in your remote security infrastructure.
The Demon of Disaster - A Halloween Tale of Terror
It’s Halloween week again, which is traditionally the time of year when we lean into everything scary and terrifying. Of course in 2020, it’s basically been ten full months of scary and terrifying moments. While the horrors of Halloween may ultimately pale in comparison to the horrors of day-to-day life, at least this holiday at least allows us to have a little fun with the things that give us nightmares. That said, Sentinel is pleased to share yet another spooky installment of our yearly traditional tales of technology terror, where the worst fears of IT administrators come to life! Take a quick moment to turn out the lights and grab a snack to anxiously munch on, because this one will keep you on the edge of your seat.
Drew was the IT Director at an insurance company. His primary responsibilities included making sure the organization’s technology environment remained fully operational and user friendly. If employees had trouble accessing their systems or forgot their passwords, he would step in and help them out. As the company wasn’t particularly large and only had a couple hundred staff spread across three floors of a large office building, they felt an IT department comprised of two people was enough to keep things running smoothly. While Drew and his fellow team member did their best to maintain the systems, network, and applications, they frequently found themselves in high demand and sometimes struggled to find the time for regular updates or lower priority tasks.
One of the best parts about working for an insurance company is that they’re prepared to handle just about any situation. They’ve seen it all, and know how to manage risk. So when some faulty wiring started a massive fire that destroyed their office building, nobody was too worried. Everyone had gotten out safely, and all the furniture and equipment could easily be replaced thanks to a settlement check. As they began the search for a new permanent home, the bosses wanted to get all the employees back to work as soon as possible. They quickly rented a temporary office space, and asked Drew to restore the IT infrastructure so agents and other staff could access essential programs and client information.
Drew cracked open the company’s disaster recovery plan and soon realized something was wrong. There were references to systems and applications that had been phased out of the environment a while back. Certain employees listed as part of the disaster recovery team no longer worked at the company. It dawned on him that the plan itself hadn’t been updated in nearly two years, one of the “lower priority” tasks that kept getting pushed aside while tending to maintenance requests and password resets.
The dread slowly creeping in, Drew broke out in a cold sweat as he feared he would have to orchestrate a full disaster recovery without an accurate or up-to-date plan to guide him along the way. The first step was to check the backups and start working to restore the organization’s most essential systems and applications. This tragedy became a nightmare upon the discovery that all backups had been set at one week intervals, a recent move made by the other member of his team in an effort to free up more storage space. Drew recalled approving the decision as a temporary measure while they were waiting to secure funding to purchase additional storage. The most recent backup available was six days ago. Key data, including hundreds of contracts and claims, were either partly or completely lost.
Then there was the matter of the client database. While the application the company used to manage all of their client accounts could be easily restored through the cloud, all of the names, addresses, and other pieces of personal information were stored on a separate server that proved to be exceptionally difficult to restore and reconnect with the app. As a result, agents and other employees were unable to access client details for nearly a week. That entire time, claims went unprocessed and dozens of customers called in to express anger and frustration. Some even decided to drop the insurance company and their business elsewhere.
Needless to say, the bosses were furious as well. It’s one thing to have a major accident that takes the company offline for a couple of days. It’s another to exponentially worsen the situation with additional delays and only a partial recovery. Not only did they lose time, money, and productivity, but it permanently damaged their reputation as an insurance agency able to help clients bounce back from some of the worst moments of their lives. How are they supposed to help others recover when they can’t recover their own business?
While Drew did the best he could to help his company get back to a mostly functional state in the days following the fire, he was fired from his job soon after for failing to have proper backups and an up-to-date disaster recovery plan in place. Even though the trauma has passed, he still wakes up on occasion in the middle of the night, shaking in terror and worried he’s not ready for what comes next.
Don’t be like Drew. Make sure you have strong backups and a disaster recovery plan that’s tested and updated at least once a year. Sentinel offers a number of backup and DR solutions to help ensure your organization can get back to work quickly following all types of incidents. Please contact us if you’d like to learn more.
How Sentinel Designed a New Way to Show Employee Appreciation
By Kelly Duff, Sentinel Employee Experience Manager
If there has ever been a year for Sentinel to show its employees just how much they’re appreciated, it’s 2020.
Over the past several years, September has served as a time to celebrate the myriad of ways employees contribute to Sentinel. Wellness fairs, BBQs, happy hours, and baseball games were just a few of the events held at our offices over the course of Employee Appreciation month. They enabled everyone to spend some quality time and have fun with their co-workers outside of standard day-to-day business.
Sadly, COVID-19 impacted our ability to host those traditional events this year. But since we’re always evolving at Sentinel, we decided to get creative and take our efforts virtual for 2020.
We partnered with the American Cancer Society to hold a three-part virtual wellness fair that focused on colorectal cancer, vaping, and sun safety. After the sessions, employees had the opportunity to fill out a survey for a chance to win a $50 gift card.
As part of our fundraising efforts, employees had a great time “competing” in a silent auction for prizes that included laptops, an assortment of Sentinel swag, spa gifts, a Fire TV cube, along with movie and game night themed baskets. We gave out a discount to our online company store in exchange for charity donations, providing employees with added incentives to purchase some highly coveted Sentinel-branded merchandise.
Our fundraiser resulted in a $21,000 donation to the American Cancer Society, which doubled last year’s amount.
We also assembled a care package for every employee that included a custom Sentinel mask, water bottle, and tote as a thank you for all their hard work over the past year – particularly during this challenging time.
Lastly, we launched a new recognition platform where employees can actively show their appreciation for one another. This system will enable employees to qualify for company-sponsored quarterly and annual awards, such as “Innovator of the Year” and “Sentinel Superstar”.
We are so grateful for our team here at Sentinel. While we couldn’t all get together to celebrate Employee Appreciation month in person this year, it was still great to be able to celebrate virtually as one team. Sentinel is always looking for talented people who are passionate about technology. If you’d like to join our team, make sure to check out our job openings!