1 min read
How To Respond When You’ve Been Breached
An employee calls the helpdesk saying that they can’t access their files, and there’s a note on the screen saying to email the attacker to send...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
In a recent installment of the Channel Futures' talk show, It’s 501 Somewhere, Ingalls talks about how the security landscape has shifted amid COVID-19 and the resulting work-from-home paradigm shift.
Kris: Hi there, welcome to It’s 501 Somewhere, virtual style. I'm your host Kris Blackmon and I am joined here today by Jason Ingalls, CEO of Ingalls Information Security.
Jason: Yup, thanks for having me.
Kris: Where are you coming to us from today?
Jason: So, I live in a small town outside of Alexandria, Louisiana which is right in the middle of the state about three hours from New Orleans to the northwest. A nice place, we have our kids here. We raise our kids and we moved here mostly so that we could be by one set of grandparents.
Kris: Now, Louisiana's getting pretty hard hit right now.
Jason: We had Mardi Gras right before this really hit and unfortunately was already here and so everybody in Louisiana goes down to New Orleans for Mardi Gras. My wife and I were there too. You know, the week before Fat Tuesday, we were there that weekend; the week before. And so, everybody brought it home that seems like I mean I'm not a scientist but it sure looks like it and we had definitely been hit harder than most places but you know part of being from Louisiana is known how to take a hit and keep on going.
Kris: So, you are my go-to MSSP guru always there to answer a question whenever I have one on the fly. And, I just wanted to pick your brain for a little bit. What's going on right now? You know, we hear about Zoom bombing. We hear about you know hackers saying, oh, scouts honor, we're not gonna try to get into health care professionals systems these days. We hear about MSPs freaking out wondering, you know, what they need to do to secure, you know, their clients' workforces who are totally not set up for this just a few weeks ago. So, what's uh, what's really taking up your time over there?
Jason: Well, you know we're making sure that we're collecting and analyzing the right data for our clients and for clients that didn't really have a remote workforce before. We didn't have VPN logs to look at because there were no VPN logs to have. No one was VPNing in or, you know, working remotely for the most part. You know, we're making sure that we're reaching out for our partners to talk to them. And, we work with a lot of MSPs, as you know. And, we just want to make sure that our partners have access to anything cybersecurity risk management related.
Kris: So, when we're talking about what people should be on the lookout for in regards to protecting their data. Whether it's MSPs protecting their end clients or internal IT teams. We were talking a little bit before we started rolling and you'd mentioned that there were three things that people needed to really be concerned with. Run through those for me.
So, the most important thing right now, in my opinion, is availability. Do you have access to resources, because we're in a crisis?
Jason: We do a lot of crisis management. We do a lot of incident response. So, one of the most important things to consider is, and, there are a lot, but in general, from a cybersecurity perspective, we boil that down to three. Confidentiality, integrity, and availability. Right? So, the most important thing right now, in my opinion, is availability. Do you have access to resources, because we're in a crisis? Right? In fact, all the policies that you see being generated by the government right now are availability based policies.
Kris: Mm-hmm!
Jason: Let's make sure we have access to our resources to fight this pandemic. Right?
Kris: Face masks!
...if not, how do I get access so that I can continue my mission in the middle of this? Because IT companies are an essential part of the economy right now.
Jason: Yeah, so the same thing makes sense for IT companies. Do I have enough for resources and if not, how do I get access so that I can continue my mission in the middle of this? Because IT companies are an essential part of the economy right now. We gotta continue to work. Availability is the most important thing. Followed by integrity and confidentiality which means, you know, does the...is the thing working? Does the VPN system handle all of our clients? Are all of our clients able to get all their employees through this? Is it doing what it needs to and are they having access problems? And then, finally, confidentiality. I don't mean that in the sense that, well, we'll worry about that later. It's that it should have come bundled along with it. Right? So, is the information that we're processing and transmitting and storing available ONLY to the people who are authorized to get to Those are the three things that we worry about. But, right now, because we're in crisis the availability of those resources are critical.
Kris: So, where do MSPs go in order to, and, this is me being ignorant, in order to gauge that availability, to ration that availability? I mean, I made the joke about the face masks a little while ago but you know the government flat-out told us that we didn't need to be wearing them because there were none available you know lo and behold a few weeks later
Jason: On second thought, you probably should do that anyway.
Kris: Here's how to make one out of a bandanna and scrunchies. Which has been a great, popular Pinterest project. So, where is it that we should be, you know, really kind of focusing when we are looking at the availability of those resources?
Jason: So, availability, right? So, you know, you think about availability in terms of how do you ensure availability. Right? And, they're three things you got to look at there too.
Kris: You like your threes.
Jason: I do, because, you know, maybe my brain just works in threes. People, process, and technology. Right? So, do you have the people in a position with a process to get out the technology in an efficient way? So, that you don't have any bottlenecks, because that's where availability falls over; is where bottlenecks exist.
Kris: So, when we're talking about MSPs, you know, you look at the managed services space and by and large just like any other industry in the US it's made up of SMBs. And, a lot of these managed service providers service SMBs. And, the number one classic objection from any SMB to their managed service providers is; Oh, we're too small, we don't need that. We don't need that security. We don't need that extra backup. So, now all of these, you know, end-users and their poor MSPs are scrambling to try to get these guys all set up to work from home. So, what are some of the baselines that they should be hittingfrom a security perspective? And, what are some of the things that they might not think of that they really need to be?
Jason: First and foremost, you know, when we think about what, think of, when you think of...I can't tell MSPs what's best for their clients. I'll never do that because they know, they understand them better than I ever will. But, from a cybersecurity, risk management, perspective we need to think in layers. I think of IT as like a wedding cake. There's layers to it. Right? This layer has to be functional for anything above it to work. And, cybersecurity works like that too, but there but you have to have controls at layers. And so, the bottom layer. Right? When you think about, okay, what does that mean? I would say behavioral-based antivirus on every endpoint no matter if it's at the home or it's been, it's, it's, it's, a work piece of equipment that you've issued out. So, um, you need to be able to burst out endpoint protection to all of the endpoints that your clients are now using, that maybe they weren't before. Or, make sure that you've got that coverage because that is going to be where the initial intrusion occurs in ninety-four percent of cases that we see. And so, making sure you got good behavior-based endpoint. Making sure that you're using multi-factor authentication on all of the VPN, or any web-based access tool that you're using is critically essential. Then, finally looking at the data, and understanding the new pattern of business that is happening for all of your clients. That will help you understand when there is an outlier. If that potentially is a security risk it is critically important. So, being able to look at those VPN logs, being able to put them through something they can look at them for you. Because they're too big problems in cyber, there's too much data and there aren't enough people to go through it. Right? And so, finding, finding the ability to get through that data and actually doing the exercise. And, making sure that you're doing a good job of protecting the confidentiality of the businesses' employee access to IT. Those are the things, you know, MFA, endpoint protection, and review of logs. Those are the three major things.
Kris: I really appreciate your time.
Jason: Oh, it's my pleasure. Thanks so much for having me. Cheers!
Kris: Until next time, It's 501 Somewhere!
Jason: Cheers!
Kris: Cheers!
1 min read
An employee calls the helpdesk saying that they can’t access their files, and there’s a note on the screen saying to email the attacker to send...
The Emotet – TrickBot – Ryuk ransomware killchain is an advanced cybersecurity threat that organizations and Cybersecurity professionals face....
Ingalls Information Security, a leader in Incident Response and technology enabled Cybersecurity Risk Management, is celebrating its 10-year...