Information Technology Navigator

On February 11 2020, Microsoft released a patch for Exchange Servers that would fix a vulnerability pertaining to unauthorized access to the backend of the Exchange Control Panel. There is now confirmation from a source at the United States Department of Defense that multiple nation-state backed actors and other ransomware gangs are actively and maliciously exploiting this vulnerability on unpatched systems. The vulnerability results from the Exchange Server failing to properly create unique cryptographic keys at the time of installation. The hackers’ sophisticated exploits circumvent encryption, granting them full access of the server.

It is imperative that the latest patches from February 11^th be applied as even a single Exchange instance puts you at risk.

Read More

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies login from Dallas and immediately sends an IT security alert.

Read More

 

Retailers are under intense competition to deliver personal, seamless and differentiated on-line shopping experiences to ensure customer loyalty and drive growth. And while a retailer’s website must be extremely responsive and meet high user expectations, it must also be highly secure.

A cloud-based web application firewall (WAF) provides e-commerce sites with a level of data protection that eliminates website vulnerabilities, blocking bad actors and harmful traffic without degradation of the site’s performance.

Here are 4 crucial tips for retailers who have implemented a WAF

Read More

I recently returned from this year’s Cisco Live! in Orlando. It was a busy week jam packed with great speakers, engaging sessions, demos and product announcements. There was so much going on at any given moment it was hard to get to every session of interest. Now that I’m back I’ve had some time to digest all I learned and thought I would share my key product takeaways for network security.

Read More

Do you have a Small Office Home Office (SOHO) grade router at home? Is it possible you have rogue devices on your corporate network? Does Supervisory Control and Data Acquisition (SCADA) traffic traverse your network? If you answer yes to any of these questions, then this post is a must read!

Read More

 

Firewall capabilities fall short in cloud environments like Microsoft Azure due to the fact that Azure and other major public cloud providers offer limited access to their API’s. This creates a problem for enterprises as they look to security independent software vendors (ISVs) to enhance their security capabilities in the cloud the same way they would in the data center.

Read More

Becoming a publicly traded company has a profound impact on the way a business operates. The technology that is in place, and how it is deployed, can also come under close scrutiny. That was certainly the case for one of Daymark’s life science clients whose pending IPO put a spotlight on network security and data protection. In this blog, Steve Caprio, Daymark Cloud Consultant, answers some questions on the security journey of this enterprise.

Read More

Daymark consultants are on the front lines every day listening to our customers’ pain points and then architecting and deploying solutions to help solve some of their toughest IT challenges. They have amassed a wealth of knowledge from these real-world experiences and are happy to share them. Today we sat down with Matthew Mansell, Senior Network Consultant at Daymark, to talk about a recent networking project at a pharmaceutical company with 400 employees and a multi-building campus.

Read More

Cybercriminals continue to use phishing attacks on individuals within enterprises. With increased sophistication and multiple attack vectors, businesses must be vigilant at every step of the way to prevent infiltration. Let me share a recent example-

Today I received an email from a recruiter. It’s not out of the ordinary for recruiters to ping us with resumes hoping that we will see a fit for their candidate. This one was well written, had a company logo, and a picture of the sender. Including pictures is a growing trend with recruiters

Read More

When making a decision to move production workloads to the cloud, one of the first things that is considered is cost. However, there are frequently many hidden costs that are not factored into the cloud decision until they appear in the real world. For instance, what is the cost to end users’ productivity if they don’t have the correct access to the application or system that now resides in the cloud? What new burdens are placed on the IT team if end users, now managing identities in two places, constantly require assistance to access their work? What costs are associated with securely authenticating end users to the workload?

Read More