banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

Pandemic Threat Reality

 

Mimecast held their 2020 Cyber Resilience Summit remotely this year covering a wide range of topics. You can read our previous blog “Mimecast Cyber Resilience Summit 2020 – Key Takeaways” for those highlights. In addition, Mimecast provided some alarming data on the pandemic threat reality that we are facing.

 

Mimecast collected 100 days of detection data from January 2020 to April 2020. The results below reveal a 36.9% INCREASE in threat detections, where the key focus of threat actors has become high volume Spam and Impersonation. Here’s the breakdown: 

Read More
Wed, Sep 30, 2020
Share:   

Mimecast Cyber Resilience Summit 2020 – Key Takeaways

 

Mimecast held their 2020 Cyber Resilience Summit remotely this year, providing some interesting updates to their suite of cyber security tools.  As a leading Email Security Gateway, Mimecast has expanded their portfolio over the last few years into a more robust and comprehensive framework that they have dubbed “Email Security 3.0”.

 

The Email Security 3.0 Framework can be broken out into three zones of protection:

Zone 1:  Perimeter – This is your traditional email delivery path and is saturated with relentless attacks.  In order to protect against these threats, Mimecast leverages their advanced Targeted Threat Protection including impersonation protection, attachment sandbox, and URL Protection.

Read More
Mon, Sep 21, 2020
Share:   

US-EU Privacy Shield Perforated - GDPR after Schrems II

On July 16, 2020, the European Court of Justice (ECJ – the EU’s high court) invalidated the EU-US Privacy Shield Framework as a potential mechanism for meeting the GDPR's cross-border personal data transfer restrictions.

Effective immediately, U.S. companies that process EU “personal data” can no longer rely on registration under the Privacy Shield and must establish an alternative legal basis for any continued EU-US transfers.

Previously, cross-border transfers to the US were permitted under three mechanisms: 1) the Privacy Shield (http://privacyshield.gov), 2) Standard Contractual Clauses (SCC), and 3) Binding Corporate Rules (BCR).

Read More
Tue, Aug 18, 2020
Share:   

Conditional Access – Deployment Best Practices

Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “Ask the Engineer Q&A Roundtable” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions.

Read More
Mon, Jun 15, 2020
Share:   

State-Backed Hackers Targeting All Exchange Servers

On February 11 2020, Microsoft released a patch for Exchange Servers that would fix a vulnerability pertaining to unauthorized access to the backend of the Exchange Control Panel. There is now confirmation from a source at the United States Department of Defense that multiple nation-state backed actors and other ransomware gangs are actively and maliciously exploiting this vulnerability on unpatched systems. The vulnerability results from the Exchange Server failing to properly create unique cryptographic keys at the time of installation. The hackers’ sophisticated exploits circumvent encryption, granting them full access of the server.

It is imperative that the latest patches from February 11th be applied as even a single Exchange instance puts you at risk.

Read More
Tue, Mar 10, 2020
Share:   

Understanding Office 365 Impossible Travel

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies login from Dallas and immediately sends an IT security alert.

Read More
Wed, Oct 23, 2019
Share:   

4 Crucial Tips for Maintaining a Web Application Firewall for Retail

 

Retailers are under intense competition to deliver personal, seamless and differentiated on-line shopping experiences to ensure customer loyalty and drive growth. And while a retailer’s website must be extremely responsive and meet high user expectations, it must also be highly secure.

A cloud-based web application firewall (WAF) provides e-commerce sites with a level of data protection that eliminates website vulnerabilities, blocking bad actors and harmful traffic without degradation of the site’s performance.

Here are 4 crucial tips for retailers who have implemented a WAF

Read More
Thu, Sep 12, 2019
Share:   

Takeaways from Cisco Live!™ 2018

I recently returned from this year’s Cisco Live! in Orlando. It was a busy week jam packed with great speakers, engaging sessions, demos and product announcements. There was so much going on at any given moment it was hard to get to every session of interest. Now that I’m back I’ve had some time to digest all I learned and thought I would share my key product takeaways for network security.

Read More
Tue, Jun 26, 2018
Share:   

Reboot Your Router Now! The Latest on VPNFilter

Do you have a Small Office Home Office (SOHO) grade router at home? Is it possible you have rogue devices on your corporate network? Does Supervisory Control and Data Acquisition (SCADA) traffic traverse your network? If you answer yes to any of these questions, then this post is a must read!

Read More
Wed, Jun 06, 2018
Share:   

Optimizing Firewall High Availability in Azure

 

Firewall capabilities fall short in cloud environments like Microsoft Azure due to the fact that Azure and other major public cloud providers offer limited access to their API’s. This creates a problem for enterprises as they look to security independent software vendors (ISVs) to enhance their security capabilities in the cloud the same way they would in the data center.

Read More
Tue, May 22, 2018
Share: