During my last blog post, I discussed the differences between vulnerability scanning and a penetration test. Now that I, hopefully, explained why you want both and how they are useful, it is time to discuss what to do with this information. Both a vulnerability scan and a penetration test will give you the standard way to fix the vulnerability. I hate to say this, but I doubt your network is standard, and if you do fix it, you will most likely break something else.
If you’ve heard anything about blockchain, or Bitcoin, or the nearly 2000 crypto coins offered so far, you’ll likely to have also heard some pretty wild and far-reaching prognostication about the many ways in which it will alter the very fabric of society, government, and power relationships. We are told that this revolution in tech, this Internet 3.0, this 6th wave of digital technology [Bill Tai] will first revolutionize payments; then obviate governments’ role as monetary mint; then revolutionize everything from identity management, to supply chain management, to energy markets, and even our corporate model of value creation.
With the rise in shadow devices being used by employees, your corporate network is at elevated risk of an attack. Shadow devices include all devices not directly issued by the company, but are being used on the corporate network(s). What people do not realize when they bring these devices into the workplace is they open up a potential for ex-filtration of data from the corporate network.
I still talk with people in the security industry that confuse a vulnerability scan with a penetration test. These are very different yet complimentary tools.
A vulnerability scan can be run against your external IP range, as well as your internal IP range. If you run it against your external IP range you will see what the hackers see when they look at your network from the outside. If there are any known vulnerabilities, the scanner should pick it up and report it to you. This would be the first step in getting your network more secure.
Guest blog co-written with Precision Solutions Group, Inc.
As the technology landscape continues to change and evolve at lightning speed, CIOs and CTOs have more on their plates than ever before. For many, spending time on valuable business drivers—the ones that give your business a competitive advantage—takes the backseat to managing and maintaining an IT environment that’s increasingly complex. This challenge is diverse, with many tech leaders needing to oversee everything from vendor management, to rising cyber security concerns, to the many facets associated with maintaining business continuity. And at the end of the day, these tasks leave little time to focus on innovation.
Throughout this blog series, we’ll touch on three major challenges that today’s tech leaders are facing, along with some suggestions to alleviate the burden. Let’s start with our first challenge: vendor management.
Virtualization has been rising in popularity during the past few years due to its ability to provide a viable solution for companies to increase productivity while reducing IT infrastructure costs. By switching to virtualization, companies have been able to control workloads in data centers while reducing energy consumption and IT infrastructure.
Before we discuss the specific benefits of switching to virtualization let’s first define what virtualization is and some of the reasons why more companies are making the change.
Throughout the evolution of IT infrastructure there have been many ways in which one could manage resources of numerous devices. In terms of servers, the evolution has taken us from physical servers to virtual servers, and in recent years to cloud computing. With these changes have also come changes in management of resources. In the physical server days most of the changes were manual and done by hand. As virtual machines gained prominence so did scripting, monitoring, and over provisioning. In present day, we are continually bombarded with information on private and public clouds, which need to be managed with tools that are unique and allow for faster response time of applications, less infrastructure, and IT teams that can manage more workloads with fewer staff.
The security of today’s information systems go far beyond the general protection measures that were once considered to provide ample security against intrusion. For many companies that are implementing new technologies one of the top priorities in today’s world is security. There are many different aspects that define the overall security of a company’s infrastructure, one of which is patch management.
You might have heard of a Distributed Denial of Service (DDOS) attack in the news. It is a very common attack method used by hackers today. In a sense, nobody is really “hacking” your network. No data is stolen, and you don’t need to report it to the authorities, but it is an attack on your network. What a DDOS attack does is flood your Internet bandwidth so legitimate traffic cannot get to your site.
Microsoft has recently announced a new vision centered around Microsoft Teams.
In Microsoft’s FAQ for this, it defines Intelligent Communication Vision as:
What is Microsoft’s new vision for Intelligent Communications?
We’ve enjoyed great success across Office 365 with over 100M monthly commercial active users counting on Office 365 every day to get their work done. We are now aiming to bring the capabilities of Skype for Business in the cloud into Teams to deliver a single hub for teamwork, with built-in, fully integrated voice and video. By tightly weaving communications into the apps teams use to collaborate every day, alongside AI, Microsoft Graph, LinkedIn, and other data and cognitive services, we will enable Intelligent Communications, revolutionizing calling and meeting experiences.