07 Feb
Its time for a Paradigm Shift for cybersecurity

ITS Safe™ Security Appliance

Seeing the Unseen

A shift in the security paradigm needs to address the Unseen attacks in the environment. Detecting the Unseen activities in the environment explains why there are so many attacks being reported on a daily basis.  The unseen attacks depend on the ability of the attackers to hide in plain sight.  We will outline several of them here to uncover the unseen activities within almost every network[1].

Security tools and their visibility

Figure 1 – Scope of security Testing

The image above describes the current state of Security Tools, Techniques and Practices. While the traditional tools and techniques are all point in time application of practices, we can also classify them as reactionary practices as well. Let’s examine the methods outlined above.

Security Assessments (review of security for a host, a network, software or other asset) are only valid up to the time the report is generated.  As soon as the observer generates the report, the Assessment of the environment ends, and it becomes stale[2].  This is a point in time observation.

Today’s Security Tools look for tomorrow’s attacks. Tools that security researchers and network testing teams all use to assess the activities inside the network are based on testing for Known threats[1], and how the environment will respond to the next attack.  These tools test the environment for detecting known threats[2] on potentially new attacks.

The ITS SafeTMsecurity appliance is designed to Detect, Defend against, and Destroy IntrudersTM. While other tools and testing activities look for the future state of security in the organization, the ITS Safe appliance examines all activities to uncover and detect unwanted connections that were completed before you began the observation of environment[3].

Everyday around the world, new activities are discovered in new and existing equipment, software, and third parties to organizations.  Firewalls are breached[4], Vendors we use are hacked[5], software we create is breached[6] and app we use on our phones are backdoors for attackers as well[7].

A comprehensive review of the cyber security digs deeper than reviewing the exposed 10-20% of the network, and actually reviews the active network as a comprehensive ecosystem.

Figure 2 – The visible network is a static view of the environment

IT Security Solutions recommends at least an annual Security assessment to determine the security posture and formal detection of internal activities.

IT Security Solutions, Inc. is a Pittsburgh based technology company with 25+ years of cyber security domain expertise catering to businesses of all sizes. The solutions offered range from technology security audits and penetration testing to continuous network scanning. The company recently launched ITS Safe™, a proprietary managed security solution that blocks hackers from attacking networks – the largest IT security threat facing businesses today.

As you can see there is much more than meets the eye when it concerns the security within your network. Call IT Security Solutions today, and let us help you protect your organization today!

www.IT-Security-Solutions.comwww.ITS-Safe.com

412-889-6870

info@IT-Security-Solutions.com

https://its-safe.it-security-solutions.com/contact-me


[1] Known threats are used in Virus scanners, network scanning, software analysis, and logfile monitoring tools.

[2] Security Tools cannot test for unknown threats because these events are currently not known.

[3] Think of this as reviewing the activities that are already active, that are not detected as tomorrow’s threats, because they are considered as part of the current environment.

[4] https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/

[5] https://www.wired.com/story/solarwinds-hack-china-usda/

[6] https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html

[7] https://www.helpnetsecurity.com/2020/03/06/hackers-target-consumers/


[2] The Security Assessment becomes stale because the users in the network add additional threats from their use of the environment.


[1] Every network we have examined include several of these activities, if not all of them.

26 Mar
Iron City Risk Avengers – Week of March 11th to 15th

In the News this week, RDA Conference & my conference at Duquesne emphasize comprehensive security for small businesses, PA is #2 for the worst in Cyber security, Georgia County pays $400K for Ransomware, New POS Malware, Citrix is hacked. Lastly, if you are not testing your security, guess who is.
Wow! What a busy week.

Connect with us:

Albert Whale – Albert.Whale@IT-Security-Solutions.com
Jim Loeffler – jaloeffler@getintune.com

The mission of the Risk Avengers podcast is to discuss current cyber security issues, procedures for protecting your business, as well as Compliance requirements for business owners.

Our 10 minute format is designed to make it easy for listeners to get up to date on the current People, Processes and Problems for your Business.

The show is Hosted by Albert Whale, Founder & CEO of IT Security Solutions, and Jim Loeffler, President of InTune Business Advisors.

Join us to discover the road for improved security and protecting your business, be it small or global.

The information discussed on this podcast is presented for informational purposes only. It is not intended as nor does it constitute specific information security or accounting advice and should not be acted upon as such.

21 Jan
A positive change, with Albert Whale and Jim Loeffler – Episode 8

This is the second episode for 2019, and what we are focusing on today is focusing on the positive effects for your business.  Are you the Weakest link? How do the attackers are get past your Firewall and Virus Scanners.

Here are two reasons:

• Hackers have the same tools.

• They know how to evade them.

  •  

Using the Internet allows attackers to follow you inside the firewall.

Facebook

Redit

Yahoo

Hotmail

Gmail

Read More “A positive change, with Albert Whale and Jim Loeffler – Episode 8”
23 Dec
Equifax Breach reported to be preventable – Episode 6

This could also be titled, making your Cyber Security program into a profit center.

Recorded on 12/17/2018.

Today we are reviewing the news about the recent Equifax breach.  The GAO and congressional hearing seem to indicate that there were three major misses in the implementation of cybersecurity, and if they were implemented correctly, would have prevented the breach.  When was your last assessment?  What were the metrics? How can your organization benefit from improved security efforts.  This and more on our 10 minute explore.

The mission of the Risk Avengers podcast is to discuss current cyber security issues, procedures for protecting your business, as well as Compliance requirements for business owners.

Our 10 minute format is designed to make it easy for listeners to get up to date on the current People, Processes and Problems for your Business.

The show is Hosted by Albert Whale, Founder & CEO of IT Security Solutions, and Jim Loeffler, President of InTune Business Advisors.

 

20 Nov
Penetration and Compliance Testing – Episode 2

This is the Iron City Risk Avengers – Episode 2.

This podcast is a 10 minute format with security information that you can digest easily.

There is much to discuss in the worlds of Penetration and Compliance Testing.  The first thing to take notice of is to start. Too many organizations fail to complete the testing, and wide up having a breach.  Many are not aware that a breach has occurred until it is too late.

The mission of the Risk Avengers podcast is to discuss current cyber security issues, procedures for protecting your business, as well as Compliance requirements for business owners.

Our 10 minute format is designed to make it easy for listeners to get up to date on the current People, Processes and Problems for your Business.

The show is Hosted by Albert Whale, Founder & CEO of IT Security Solutions (Albert.Whale@IT-Security-Solutions.com), and Jim Loeffler (jaloeffler@getintune.com), President of InTune Business Advisors.

Join us to discover the road for improved security and protecting your business, be it small or global.

 

The information discussed on this podcast is presented for informational purposes only. It is not intended as nor does it constitute specific information security or accounting advice and should not be acted upon as such.

Sidebar: