banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

NIST and CMMC – What You Need to Know

If your organization has been working towards NIST 800-171 and is now on the journey to achieve CMMC 2.0 (the Cybersecurity Maturity Model Certification) it can be difficult to understand what you’ve already achieved and what’s left to do. Both standards are intended to reduce threats and strengthen cybersecurity for sensitive government data. Here’s some details on how they relate to each other and what’s involved to take the next steps toward CMMC compliance.

Read More
Tue, Apr 19, 2022
Share:   

Key Takeaways on Infinidat InfiniGuard

On February 9, 2020, Infinidat rolled out some major enhancements to its InfiniGuard enterprise data protection platform. The announcement themes revolved around enhanced data protection, faster recovery and overall cyber resilience.

Here are some key takeaways and features worth noting:

Read More
Tue, Feb 15, 2022
Share:   

What’s New in CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC) Framework is used by the DoD to verify that sensitive data being handled by defense industrial base (DIB) contractors is properly protected on the contractors’ systems to avoid risk of a compromise from a cybersecurity attack. CMMC uses third-party assessment organizations to verify contractors’ safeguarding of controlled unclassified information (CUI) including International Traffic in Arms Regulations (ITAR) data, federal contract information (FCI), and compliance with certain mandatory practices, procedures and capabilities that can adapt to evolving cyber threats.

What’s New in CMMC 2.0

In November 2021, the DoD announced CMMC 2.0. It’s important to understand key changes and timelines associated with CMMC 2.0, how it compares to CMMC 1.0, and what you need to do to prepare. 

Read More
Tue, Feb 15, 2022
Share:   

What Level of GCC is Right for You?

Microsoft 365 GCC vs. GCC High

How do you know which level of GCC is right for you? Here’s key criteria to help you distinguish GCC and GCC High so that your organization makes the move to the right cloud.

Government Community Cloud (GCC)

You can think of GCC as a government version of the Microsoft 365 commercial environment. It resides on the Azure Commercial infrastructure and has many of the same features, but servers must be located in the continental United States (CONUS) as mandated by FedRAMP Moderate. Although the servers are only in CONUS, access to data is available on a global basis. In general, non-defense-related government agencies and contractors can deploy GCC. 

Read More
Tue, Feb 01, 2022
Share:   

Understanding CMMC 2.0 Domains

The CMMC 2.0 model consists of 14 domains. Here’s what each one is and what it covers.

Access Control: This domain requires your organization to establish who has access to your systems and what their requirements are to operate effectively. As well as who has remote access, internal system access, and the limitations of their roles in system.

Read More
Tue, Jan 11, 2022
Share:   

Data Protection, The Last Line of Defense Against Ransomware

Ransomware has rapidly become the single largest cyber threat we face today and if the first half of 2021 was any indication, things are only going to get worse. Colonial Pipeline, Kia Motors, JBS Foods, Kaseya and CNA Financial have been some of the more notable, high-profile attacks this year. In the case of the Colonial Pipeline, the attack impacted over a dozen U.S. states and cost the company $5 million. Colonial Pipeline was able to recover ~$2.3M of the ransom, but that is often not the case. CNA Financial was not as fortunate and needed to pay an estimated $40 million to retrieve the encryption keys for their data. And ransom from the Kaseya attack, which impacted an estimated 800 to 1,500 businesses, is said to be in the range of $70M which would make it the largest ransom ever paid (should Kaseya decide to pay).

Read More
Thu, Aug 19, 2021
Share:   

Optimizing O365 Impossible Travel

Cloud security is a constant concern for organizations of every size. Stopping malicious actors from accessing your company’s systems and data is a top priority, but is made difficult by the number of different exploit techniques coupled with the sophistication of the attacks. One area of particular concern is legitimately compromised user credentials. For example, if a password I use frequently (maybe even a strong one) is exposed in a breach of an e-commerce company. The malicious actor located in Moscow who obtains this userID (likely an email of mine) and password then does a quick lookup on LinkedIn and finds that I work at Daymark. From here, the exploit is obvious. They now have a legitimate username and password combination and while we do employ multi-factor, there are constant threats to that.

Read More
Tue, Apr 06, 2021
Share:   

An Inside Look at Azure Security Center

Properly securing assets is a constant challenge for IT. Staying one step ahead of the bad actors is a never-ending job and with a well-known shortage of IT security professionals, it’s critical that those of us responsible for protecting systems, networks and data are smart about deploying tools that will help remediate or minimize cybersecurity risks. Microsoft built Azure Security Center to help. It aligns Azure resources with Microsoft best practices to mitigate risks associated with security vulnerabilities that could lead to a breach or other security incident.

Microsoft Security Quick Facts

Read More
Wed, Mar 24, 2021
Share:   

Securing Identities with Zero Trust

As COVID forced organizations around the world to send their workforce home, creating the work from home (WFH) phenomenon, IT and security teams rapidly focused on Zero Trust approaches to security to mitigate challenges of enabling secure remote work. Modern workplace employees are getting their work done any way they can these days – using personal devices, sharing data through new services, maxing out home WiFi, and collaborating outside the confines of traditional corporate network security. It has created an IT balancing act between security and WFH productivity.

Read More
Tue, Jan 26, 2021
Share:   

Continuous Access Evaluation: Near Real Time Policy and Security Enforcement

Secure access to email and other business productivity tools continues to be a top priority for IT administrators. Microsoft services, such as Azure Active Directory and Office 365, use OpenID Connect for authentication and OAuth 2.0 for authorization. Here’s how that process works: When Outlook connects to Exchange Online, the API requests are authorized using OAuth 2.0 Access Tokens. They are valid for one hour. When the tokens expire, the Outlook client is redirected back to Azure AD to refresh them. This provides an opportunity to re-evaluate policies for user access. If a user has been disabled in the directory or because of a Conditional Access policy, the admin might choose not to refresh the token.

Read More
Tue, Jan 05, 2021
Share: