The Tech Break

Stressed about I.T? Not enough time? Not enough budget? Not enough resources?

If you’re anything like our customers you probably answered yes to one, some, or all of those questions. Every day we see, hear, and feel the pressures that I.T. teams deal with on a regular basis. But why are there so many pressures? Why can’t it just be easy? The fact is there is not just one answer to these questions. Every I.T. team is different just like every business is different. They have varied working budgets, critical resource and knowledge gaps, time constraints, and varying levels of growth; rapid, slow, or mature.  These are the things that continual test and challenge I.T. teams and consequently has built an I.T. standard of reactionary processes.

The first major obstacle we see with our customers is time. There is just not enough time to juggle the daily demands of I.T. while trying to complete projects on time. Solving day to day problems, as well as working on that project due by the end of quarter are not the only processes that experience time constraints. The process of learning new technology is a huge time trap. In this day and age, technology is moving fast and the ability to be agile in the ever changing business environment is what differentiates companies as well as I.T. teams. How can I.T. teams juggle day to day, new projects, and the need to build their knowledge in an industry that is perpetually advancing? We believe we have the answer but we don’t see time as the only issue.

The second obstacle our customers deal with is a lack of budget. One of the main reasons why I.T. professionals don’t have enough time is because they have to wear many hats. The superhero of each team doesn’t just focus on security or data center or collaboration. They do it all! If a team had an unlimited budget, they could hire on engineers to focus on specifics and do nothing else. They could update all infrastructure and have outside vendors do it for them. They could pay for endless hours of training making sure their team was up to date on every new technology. There is no unlimited budget so their investment in I.T. is crucial to their competitive advantage in the market place. This leaves the team working long hours to keep up with the demands of business objectives.

The final obstacle we see with our customers is a lack of resources. Now, a lack of resources is basically the big picture problem encompassing a lack of time and budget. We see our customers working extremely hard to align their I.T. objectives with the business objectives. This can be difficult in itself but with a lack of resources whether it is training, time, personnel, or budget we see hills turning into mountains. The process of I.T. has become reactive while the rest of the business has planned ahead with a thought out strategy.

Bird Rock Systems Advanced Managed Services is your I.T. strategy. As the motto goes “No worries…we make I.T. better!”

Stay tuned for Part II of the “We make I.T. better!” Series where we will discuss how we help you solve the problems mentioned in this article.

By Matt Hannula; Marketing Associate

How can we truly gauge how large cybercrime has become? Is it in the millions? Billions? Maybe even in the trillions? There are statistics that claim each of these audacious numbers but what does it even mean? How do researchers find this data, who contributes, and how do they even define cybercrime?

Steven Cobb, a CISSP for over 20 years, who leads a research team for security giant ESET, explained the implications of cybercrime statistics and taught us to be wary about the “truth” of cybercrime at a recent SDISSA lunch and learn.

When Bird Rock Systems isn’t securing the networks of their loyal customers, they are attending technology events acting as sponges soaking up the most relevant and up to date technology information.

This past week, the Bird Rock Systems sales team and engineers attended a San Diego Information Systems Security Association (SDISSA) event, an event they attend once a month.

Stephen Cobb opened the session with a bunch of graphs showing all types of statistics for physical crime, such as theft, assault, and murder. He then pulled up statistics from CSI and PWC. These stats looked good until you saw that they only tested 500 individuals who may or may not have been repeats and the response rate was only 15%. Anyone versed in doing a scientific study knows that this is not very compelling data.

The next best study on cybercrime was from 2005 by NCSS. Their study consisted of 8000 individuals with a response rate of 23%. Sure this was a step up in figuring out how much cybercrime companies are actually experiencing but it still was not very compelling.

So why is this relevant? Why do we even care about these statistics? Mr. Cobb presented this issue as a problem to how we are measuring cybercrime. It is almost impossible for us to track cybercrime for so many reasons. How do people define cybercrime? How often do companies report cybercrime that has happened? How much cybercrime is happening in residential environments compared to commercial?

The real reason we care about cybercrime statistics is because we as companies, trying to protect data as well as keeping our networks running with minimal downtime, attach a monetary value to cybercrime. How much does it cost my company every single time a breach has occurred or a user’s data is compromised? These numbers become very helpful when C-level executives are trying to justify making a decision on large investments to secure their networks and data.

Cobb stated that the Ponemon Institute put a cost of $200 per compromised user while Verizon in their own study said it costs about .59 cents per compromised user. These numbers are so far from each toher that Cobb says we cannot trust either of them as credible sources as a cost for cybercrime. So, Cobb defined his own cost of a breach with a time cost basis.

While in Europe, Cobb was attempting to get a check approved for about $10,000. First submission received a denial of approval. Cobb tried again and once again received a denial. He then called his bank and they said they would look out for the transaction. He submitted again and sure enough the check was denied. Cobb finally called his bank and stayed on the phone until the check finally submitted through. The time it cost Cobb to get his check approved in order to make sure it was not a fraudulent transaction is the cost Cobb puts on each security breach or compromised user. Not the breach itself as a cost but the cost it takes to protect oneself from a breach. And if you wanted to know his cost per breach, it is $66! Why? Well, taking into account the time he spent to have his check approved and his average hourly wage, $66 was the most logical number for Cobb to wrap his head around.

The moral of the story is that we cannot be naïve when it comes to cybercrime statistics because there are so many factors and implications that we cannot control or track. What we can do, is make critical investments into our networks, IT team, and security initiatives to make sure we keep cybercrime at bay!

I’m creating a brief presentation for a Capture the Flag event at USC, explaining our methodology for performing Security Assessments. First of all, recurring periodic security assessments are important for your environment. Security isn’t a set-it-and-forget-it attribute. Infrastructure changes over time and tons of new attack methods are discovered every day. Security is a game of intelligently assessing risk.

Just about every organization needs to adhere to regulations that spell out the minimum security measures to have in place, and how they should be assessed. For example, HIPAA/HITECH, PCI, FISMA, FERPA, and SOX all have standards to secure data. If you’re not bound by any of these, consider using ISO27002 as a generic resource to help guide your own IT security practices.

With regular assessments you can:

• ·         Maintain a focus on IT security
• ·         Increase awareness and understanding of security issues
• ·         Prioritize security investments and focus on the high importance/rewards intiatives
•          Find out whether your environment has already been compromised
• ·         Stay on top of the latest security threats
• ·         Demonstrate to customers and partners that security is important

If you already have a particular regulation like one of those mentioned above, download the appropriate standard as a starting point. Otherwise, choose one that is similar to your type of business. In either case, print it out, give it a good read, then start from the beginning.

Here are a few main areas and tips to focus on. All of the security standards have many more requirements than these, but we need to keep the blog to 500 words or less. :o

What ways can the data be compromised? Not just from the Internet, but what from the inside of the network? From remote offices? Rogue wireless access points? Audit the firewall rules and watch logs. Use secure protocols, like modern HTTPS, SSH and SFTP rather than HTTP, Telnet, and FTP. Do the services enabled on the servers enable more than necessary?

Timely patch management is important: operating systems on servers and workstations; infrastructure services such like email and DNS; Web applications; databases; desktop applications.

How is the network perimeter defended and segmented? Review the device configurations!

Reach out to peers at other companies, participate in user groups, attend a few meetups, and come to some of the Bird Rock Systems events! Compare your infrastructure with others out there and keep your organization in line with industry best practices.

Crack open your Security Policy and run it through its paces. This is usually one of the first things an auditor will do, to see what your administrators and end users can do. See if your own standards can hold up to a little scrutiny.

Again, this information is not intended to be exhaustive or complete. Other important topics include how well your organization works, how well your procedures are documented, and how well your staff members keep up to date with the craft; physical security; encryption; social engineering.

If you think about security like the accounting team thinks about cash flow, IT security should have checks and balances. Do periodic security assessments yourself, then bring in a third party to validate!

By Larry Hoehn, Enterprise Solutions Architect 

When most people think of endpoint protection, they think of antivirus software. But targeted attacks can use a new threat that is able to evade detection or some embedded malicious content in an iFrame could bypass antivirus software.

Palo Alto Networks acquired Cyvera and branded this product as ‘Traps’. You may have seen similar products on the market, like Microsoft EMET. However, Traps integrates into WildFire, Palo Alto Network’s sandboxing technology. Plus it’s a mature product, as you’ll see below.

Traditional antivirus-based protection is based on signatures – it requires prior knowledge of the threat in order to be effective. According to Palo Alto Networks, over 20,000 new forms of malware are created per day. Antivirus-based solutions have to build signatures against all of those new forms, then distribute those signatures out to all the endpoints. This takes time and has a negative impact on the effectiveness of many antivirus solutions.

Traps is very effective against zero-day based attacks. The attacker would run into one of the exploit prevention modules within Traps, the process gets terminated, the user is alerted that an attack was prevented, and the administrator receives an alert. Traps collects forensics and provide it to the administrator.

Traps is a very thin client on the endpoint (Windows only at this time, but including XP, 7, 8, 2003, 2008 and 2012). When a new process is opened, Traps injects prevention modules into that process. This prevents the attacker from using a couple dozen different techniques available in their arsenal.

If you a looking for a way to extend the lifespan of Windows XP or 2003 in your environment, Traps may be for you since Microsoft isn’t patching those Operating Systems any more.

With Traps, malware prevention is accomplished through a series of policies on the endpoint that significantly limits the risk of inadvertently downloading malware. As previously mentioned, Traps integrates with WildFire to determine whether a file is known to be malicious. Then Traps uses malware prevention modules to ensure that the malware never executes.

Traps is available in a one, three or five-year subscription. The price is different for workstation protection vs. server protection.

To summarize, Traps blocks known and unknown exploits, known and unknown malware, and provides forensics that can be used to protect the rest of the organization. Let me know your thoughts, especially if you’ve investigated or implemented a solution that provides this type of endpoint protection.

“It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently.”

—Warren Buffet

The life of an IT professional can be rather stressful and challenging. With businesses relying on the stability and availability of secure networks and performance computing, IT feels the pressure of making every project a success. As businesses become more agile, moving at the “speed of light,” any perceived latency or downtime can cause user and customer dissatisfaction which can equate to loss of profits, productivity and confidence.

As a countermeasure, it is recommended to partner with a technology solutions provider(s) that can help manage, strengthen and optimize IT workflows and environments that align with the goals of the business and the IT department.

Are Your Technology Partners Loyal to Your Success?

We meet with customers everyday looking to expand, improve performance and secure their IT infrastructure. We recognize that there is no one size fits all solution for customer challenges/initiatives, therefore, we seek to understand customer objectives before recommending a solution. Through authentic, transparent, and honest interactions with customers, we have been successful in earning customer trust and building strong relationships.

… IT Happens

To Bird Rock Systems, being loyal means consistent and persistent support. We believe in staying committed to our customers, especially during challenging situations.  If you have been in IT for a period of time, we all know *stuff* happens. As a countermeasure, we exercise caution and proactively backup configs and have backout strategies just in case. We are in it for the “long haul.” In the midst of challenge is where some of our most loyal relationships have emerged.

Hand in hand with loyalty, integrity is an important value to seek when partnering with a solutions provider which I will talk about in my next article. Stay tuned!

Written By Larry Hoehn

Here’s a brief overview of a couple of the new features and upgrades included with the new release PAN-OS 7.0. At a high level, the new version addresses these issues:

1. Turning alerts into action. According to a report from Ernst & Young, 33% of security professionals don’t know how long it takes to respond to alerts.
2. Discovering unknown threats. According to the 2014 Verizon DBIR, there were $400M financial losses from 700 million compromised records. Much was from unknown threats and 75% of attacks spread from Victim 0 to Victim 1 within 24 hours.

To help with the first challenge, the ACC tab has been redesigned with actionable data:

That new widget shows application usage – the bigger the box, the more application usage on the network. Red means critical, orange means important. You can quickly get more detail to find critical information with a few clicks. For example, application and user activity:

And network activity with threat levels:

To help with the second challenge (discovering unknown threats): Since WildFire already analyzes 20 million samples per week (and growing), Palo Alto added multi-version detailed analysis with a single virtual machine for different versions of software. For example, a file can be run through several versions of Acrobat to see if malware is targeted to a specific version of that application. They’ve also added a new verdict to WildFire to quickly analyze threats. Previously just “malware” or “benign”, a new verdict includes “Grayware”, for things like Adware and Trackware.

A new feature is the automated correlation engine. It’s an analytics tool that verifies compromised hosts in your network. It scrutinizes isolated events across multiple logs on the firewall, examines patterns, and correlates events to identify actionable information such as host-based activities that indicate a compromised host. The engine includes correlation objects that are defined by the Palo Alto Networks Malware Research team. These objects identify a suspicious sequence of events that indicate a malicious outcome. Correlation objects trigger alerts when they match on patterns that indicate a compromised host on your network. For example:

In the example above, if these four indicators are present, we have an automated trigger to alert there is a compromised host. The following screenshot illustrates how the automated correlation engine combines indicators of threats and highlights the resulting situation as “critical”, which means it exhibits signs of worm activity to help you determine where to focus effort for fast remediation.

There are many more updated capabilities, but these were a few I though you would think are interesting. When you get a chance, take a look at the new version and let me know your thoughts!

Written By Larry Hoehn

In my previous post, I discussed how wireless technology has a role when providing secure BYOD access. Along those lines, this article explains firewall technology’s role for a secure BYOD initiative.

Today's corporate workforce expects to access their corporate networks from personal mobile devices used both inside and outside the corporate walls. Providing this access to employees and contractors drives productivity gains and fosters innovation. While the benefits can justify the requirement, BYOD introduces elements of risk that legacy technologies have a difficult time addressing.

Old-school firewall port and protocol-based security focus on attacks directed from the outside in. This method assumes that devices inside the network are trusted, since they allow access without consideration for the user’s identity, the device type, or the application in use. This leaves organizations open to attacks from inside the network.

Modern solutions take a new approach – these solutions map user and device information to network security policies, enabling IT to enforce what a user can access with a particular device and authorized application. Firewall policies can also enforce, among other things, bandwidth on a per-user or per-department basis.

How this works:

1. Users and devices connect to the network.
2. Wired or Wireless architecture shares contextual data (IP address, device type, user role) with the firewall.
3. The firewall monitors for policy violations to the network based on who and what is connected to the infrastructure.
4. Applications can be controlled based on who and what is connected to the infrastructure, or blocked if there’s no legitimate use.

The big benefit:

Security against known and unknown malware, zero-day exploits, and advanced persistent threats. The firewall automatically implements and enforces protection in near real-time to defend against dynamic attacks.

Stay tuned for my next article, where I’ll discuss a solution with a product use case!

“Growth is never by mere chance; it is the result of forces working together.”

-James Cash Penney

2014 is Bird Rock Systems’ 5th consecutive year that we have been ranked among the fastest growing private companies for CRN Magazine (2010-2014) and 4th consecutive year for Inc. 5000 and the San Diego Business Journal (2011-2014). It is truly a great accomplishment and milestone for Bird Rock Systems as we continue to grow and expand into other territories, technologies and services.

Bird Rock Systems strives to continuously grow and improve year over year and quarter to quarter. We look for ways to better serve our customers with new services and solutions that help them solve problems, strengthen security, improve performance and efficiency. Bird Rock Systems regularly evaluates business processes and how we can work more effectively across sales, services and operations to ultimately deliver the best experience to our customers. By practicing these actions of continuous improvement, Bird Rock Systems has been able to grow every year since the start of the business in 2003.

We have a great team of people that enjoy taking care of our customers. Plus, we have some awesome customers that we get to work with and be an extension of their team to solve I.T. challenges. A special thanks goes out to all of our customers. We appreciate all of your support and business over the years!

Written by: Jeremy Rouse

Want to save money on your next wireless network rollout, without spending big bucks on underutilized controllers and still have High Availability? Check out Aruba Instant Access Points:

Large enterprises typically deploy wireless local area networks (WLAN) with access points managed by a central controller. But not every company needs the horse power or featuresof a physical controller-based WLAN. Considering the costs associated with a central controller, an additional controller for high availability (HA), plus licenses; the price tag can be substantial. Controller based WLAN certainly has it's benefits, and is appropriate in certain environments. In this article, we will focus on the benefits of a controller-less architecture.

SPEED

Aruba Instant Access Point (IAP) is a controller-less architecture for WLAN, enabling companies to rapidly deploy wireless networks. In an IAP deployment, the primary IAP is configured and the rest of the IAPs inherit their configurations from the primary. 

FEATURES

The system includes a virtual controller embedded into the access point providing administrators with features that are available on physical hardware controllers. Everything from central management, reporting, role based access and adaptive radio management; all is supported with Aruba Instant.

Like Aruba's controller based access points, IAPs leverage patented ClientMatch technology to ensure that devices are connected to the best AP, which prevents the Wi-Fi network from slowing down as people move throughout your campus.

SECURITY

Aruba’s integrated next-generation mobility firewall leverages deep packet inspection. It classifies traffic by application or application groups so that you can apply prioritization and policies based on your business needs. Additionally, Aruba access points support RFProtect, which provides integrated IPS and spectrum analysis capabilities.

RELIABILITY

Aruba Instant employs a fully distributed architecture and is resilient to failure. The primary virtual controller serves as both an Aruba access point and a full functioning "controller". If an Aruba IAP functioning as the primary virtual controller fails, another IAP automatically inherits the role of the primary virtual controller with no service disruption.

USE CASE

I recently had a customer who wanted to upgrade their existing wireless network. Due to the high costs of the controllers and HA requirements, they decided not to move forward even though their legacy WLAN was problematic and out of compliance. When we introduced them to Aruba Instant, they discovered that deploying Aruba IAPs provided all the controller features, security and high availability they required. In addition, they were able to leverage the latest 802.11ac standard without expensive controllers. Our wireless team put together a complete solution that included professional services to migrate off of their existing infrastructure and tuning to maximize coverage. They have rolled out IAPs to multiple sites and are very pleased with the performance.

If you would like to learn more about Aruba's controller-less wireless architecture, please contact your local Bird Rock Systems representative or visit our contact page.

In coming articles, I will discuss how Aruba Instant access points integrate with the Aruba’s cloud solution (Aruba Central), integration with AAA solutions like Clearpass, and discuss Airwave for administering and monitoring multiple IAP networks.

Written By: Larry Hoehn

In my last post, I discussed combining technologies to provide secure BYOD access. Before we jump into the specifics, let’s pick apart the technology components – starting with the wireless technology.

Modern wireless solutions provide awareness of all traffic across the network to support a variety of users, devices, and applications. Old-school network architectures mandate that parallel networks be constructed to address different needs– for example, one VLAN for employees, a second for full-time contractors, and a third for guests. In other cases, multiple SSIDs were required. Today’s design methods support multiple user categories on a single network.

How It Works

During the network sign-on process, the identity and role of each user or device is learned. Employees and other authorized users may be treated as a single class, or divided according to a series of administrator-defined policies. These policies follow the user throughout the network, and are applied uniformly across wireless, wired, and remote access connections.

Learn This

This entire premise is made possible by using a firewall instance around every user: tightly controlling what the user is permitted to do and providing separation between user classes. To provide the highest level of security, the solution requires knowledge of user identity when making access control decisions. Our wireless and next-generation firewall solutions enable us to deliver this level of security. 

The wireless technologies we work with provide us an important point of authentication and policy enforcement. Policy control is tied to user identity rather than port, IP address, or MAC address. This makes it impossible for a user to bypass security controls, except in the case of breached credentials. (Protect your passwords! We will talk about that in a future post.)

A use case for this is a guest user on the guest network that attempts to bypass the guest network by configuring a laptop with the MAC address and IP address of an employee also known as spoofing an address. With the proper policies in place, that malicious guest user will be denied access to the employee network because of his guest privileges regardless of mac address or IP address of the device. 

Role Based Policy, Granular Control & API Integration

Taking this a step further, role-based policies can limit maximum and guarantee minimum amounts of bandwidth for a particular user or class of users. This allows IT to provision a specified amount of service to bandwidth-hungry applications. In addition, granular control of users, such as automatic disconnect from the network, role re-assignment, and dynamic updates of firewall policies are available as well.

Behind the scenes, additional functionality is enabled by powerful API integration between various IT solutions from different manufacturers. The APIs can enable captive portal authentication systems, or query external databases to control advanced behavior. This includes integration with solutions that provide services such as virus protection, content inspection and filtering, intrusion detection and prevention, and content transformation.

An example of this could be a posture assessment. A check can be performed to make sure anti-virus scans have been run within the past week and provide different network access depending on the criteria of this test.

We Can Help!

As you can see, there is a lot of flexibility, control and added security that can be delivered with the proper solutions, policy and controls in place when it comes to BYOD. For more information, please contact your local Bird Rock Systems Account Manager or send us a message on our Contact page. 

In my next post, I will do a deeper dive on the next-generation firewall part of the equation. Then I’ll wrap the wireless and firewall technologies together. Stay tuned!

Photo credit: John.Karakatsanis / Foter / Creative Commons Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)