BizTech - Technology Solutions That Drive Business en Why Gap Analysis Is a Key Step in a Robust Security Strategy <span>Why Gap Analysis Is a Key Step in a Robust Security Strategy</span> <div><p>An effective security strategy can do more than just protect an organization's critical assets; in the long run, it will save money as well. At the CDW Managing Risk SummIT in Boston, we spoke with Gabe Whalen, a principal field solution architect for CDW, about how to develop a robust strategy. Visit our <a href="" target="_blank" title="CDW Managing Risk SummIT">CDW Managing Risk SummIT landing page</a> to view more articles and videos from the event.</p> <p><strong>&gt;&gt;<a href="" target="_blank" title="CDW Cybersecurity Insight Report">Download CDW's Cybersecurity Insight Report</a> to learn more about how organizations are managing risk in the more effective ways.</strong></p> </div> <span><span lang="" about="/user/81" typeof="schema:Person" property="schema:name" datatype="">matt.mclaughlin</span></span> <span>Tue, 08/14/2018 - 19:35</span> <div> <div>Tweet text</div> <div>Learn what CDW #security expert Gabe Whalen recommends for an effective strategy to defend your data #CDWSummit2018</div> </div> <div> <div>Video ID</div> <div><p>1047068707</p> </div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT24650</p> </div> </div> <div> <div>CDW VV2 Strategy</div> <div>Security</div> </div> <div> <div>CDW Segment</div> <div>Med/Lar</div> </div> <div> <div>Customer Focused</div> <div>False</div> </div> <div> <div>Buying Cycle</div> <div><a href="/awareness" hreflang="en">Awareness</a></div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="" data-title="Learn what CDW #security expert Gabe Whalen recommends for an effective strategy to defend your data #CDWSummit2018" data-via="BizTechMagazine" data-button-background="none"> <span> <span>Aug</span> <span>14</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-googleplus cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="" data-title="Learn what CDW #security expert Gabe Whalen recommends for an effective strategy to defend your data #CDWSummit2018" data-via="BizTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="" data-title="Learn what CDW #security expert Gabe Whalen recommends for an effective strategy to defend your data #CDWSummit2018" data-via="BizTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href=";" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-googleplus cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> Tue, 14 Aug 2018 23:35:08 +0000 matt.mclaughlin 41851 at How Digital Tools Can Help Small Banks Beat Out Larger Rivals <span>How Digital Tools Can Help Small Banks Beat Out Larger Rivals</span> <span><span lang="" about="/user/9856" typeof="schema:Person" property="schema:name" datatype="">eli.zimmerman_9856</span></span> <span>Tue, 08/14/2018 - 12:55</span> <div><p>Despite significant digital disadvantages, community banks and credit unions are doing <strong>a better job satisfying their customers</strong> than big banks, new research finds. But concluding that digital initiatives are an overrated aspect of competing for new customers is mistaken, analysts said. </p> <p>In a survey of more than<strong> 2,300 bank customers</strong> conducted earlier this year, Celent, a technology consultant to the financial services industry, found that <a href="" target="_blank">small-bank customers are significantly more likely to recommend their banks</a> to friends than customers of large banks. </p> <p>This is despite the fact that every large institution offers <strong>a robust range of digital banking options</strong>, from online bill-paying to voice-activated bots, while some community banks continue to <a href="">struggle with things as basic as online account-opening</a>. So why the big difference in customer satisfaction rates?</p> <p>“Said simply, small institutions deliver <strong>a superior in-person experience to clients</strong> <strong>who are less digitally directed</strong> than clients of the large banks. The difference points to important things smaller institutions are doing well,” Bob Meara, a senior analyst with Celent, said of the study.</p> <p>However, those “less digitally directed” customers tend to be a self-selected group of mostly older customers who don’t necessarily highly value digital and mobile banking. That customer base will decline over time. Meanwhile, younger customers, who do far more of their banking online, represent <strong>a critically important customer base</strong> for banks because such customers may remain loyal for decades.</p> <p>“Today’s advantage may be tomorrow’s liability,” Meara explained. “The digital lead enjoyed by big banks will become increasingly important — and pay increasingly handsome dividends.”</p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">How to Approach Digitization vs. Personalization in Banking</h2> <p>Celent found that <strong>44 percent </strong>of <strong>community</strong> bank and credit union customers are highly likely to recommend the institutions they use to others. For big banks, that number is only <strong>27 percent</strong>.</p> <p>For large institutions, argues Meara, the challenge appears to be <a href="" target="_blank">a lack of personalization both within their branches and online</a>. Data suggest that customers appreciate the convenience of the digital services offered by their banks, but <strong>don’t feel their banks communicate with them in a personalized way</strong>, especially given the amount of information banks have about them.</p> <p>Smaller banks are faced with the opposite problem: For them, the task ahead is to catch up with their larger rivals online while retaining their in-branch advantages. </p> <p>“This is not a debate over high tech versus high touch,” Meara said. “<strong>Both are imperative</strong> for institutions seeking to deliver excellent customer service.”</p> <p>For those smaller banks and credit unions tempted to double down on their strengths, focusing on in-person customer service instead of mobile banking, the data appears to <strong>warn against that</strong>: Customers under age 45 are the most likely to say they do <a href="" target="_blank">all or most of their banking online</a> and want only “some banking matters” handled in person. On the other hand, two-thirds of customers over age 60 prefer to do all or most of their banking in person.</p> <h2 id="toc_1">How to Create an Effective Mobile Banking Strategy</h2> <p>To grow, small banks need to <strong>add more robust digital and mobile banking options</strong> for their customers. But with limited resources, they have little margin for error when in choosing where to focus their efforts.</p> <p>So, what do banking customers want when it comes to digital experiences? In its <a href="" target="_blank">Global Banking Benchmark report</a>, Forrester Research said the highest-rated mobile banking apps offered did four things in particular: </p> <ul><li>Made bill-paying easy.</li> <li>Allowed person-to-person payments without the need to share sensitive data.</li> <li>Offered a digital wallet.</li> <li>Used the mobile device’s camera to simplify tasks such as depositing checks.</li> </ul><p>“Banks that are taking a methodical approach to mobile banking, where they <strong>constantly update and refine their offerings</strong>, are experiencing higher usage rates and customer satisfaction than those that see it as a channel that can be upgraded every three years,” said American Banker, <a href="" target="_blank">reporting on Forrester’s report</a>.</p> <p>Peter Wannemacher, a senior analyst with Forrester, told the publication that the better-performing banks are using funds more effectively. “It’s not just that some banks are investing more, but they’re investing more wisely,” he said. </p> <p>His advice to community banks is to <strong>focus efforts on the particular digital service</strong>s their customers — as well as their targeted customers — want most, rather than trying to chase big banks’ latest innovations. They should also examine how their own apps are being used and invest appropriately.</p> <p>Wannemacher noted that many banks whose mobile apps were found wanting lacked features that aren’t expensive to build, such as search functionality, but that make the app more convenient to use. </p> <p>“<strong>It’s not just about spending money</strong> on new features,” he said. “You can have all the features in the world and it won’t help you if your mobile app is inconvenient to use.”</p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11496" hreflang="en">Bob Keaveney </a></div> </div> Tue, 14 Aug 2018 16:55:50 +0000 eli.zimmerman_9856 41846 at How Digital Transformation Is Reshaping Financial Services <span>How Digital Transformation Is Reshaping Financial Services </span> <span><span lang="" about="/user/3" typeof="schema:Person" property="schema:name" datatype="">ricky.ribeiro</span></span> <span>Mon, 08/13/2018 - 12:37</span> <div><p>This summer, Florida-based <a href="" target="_blank" title="BrightStar Credit Union">BrightStar Credit Union</a> is set to release a revamped, customer-facing mobile app, designed to be as smooth and as quick as possible, with a uniform design across different platforms and new features, such as debit card controls that allow customers to react to potential fraud more quickly.</p> <p>“It’s about keeping pace with other industries,” says Matt Meyer, vice president of IT and CIO for BrightStar. “Ride-sharing apps have been a disruptor to taxi services, and there are lessons to be learned there for the financial industry. Consumers want ease of access, they want ease of payment, and they want that speed.”</p> <p>With people relying increasingly on online and mobile banking, <strong>the race is on for banks, credit unions and other <a href="" target="_blank" title="Financial Services technology providers">financial services organizations</a> to embrace digital transformation</strong>.</p> <p>For banks and credit unions, this often involves devoting resources to the mobile consumer experience by pursuing projects like BrightStar’s app upgrade, and also scaling up infrastructure to process more transactions and eliminate downtime. For capital markets firms, digital transformation efforts are often focused on data analytics and high-performance computing, as organizations try to leverage Big Data and automation to shave every possible millisecond off transaction times. In both cases, the emphasis is on growing the business and improving the customer experience through technology.</p> <p>“Digital transformation means we have the power to transform the financial services industry to be even more customer-centric,” says Tobin McDaniel, senior vice president of digital advice and innovation for <a href="" target="_blank" title="Charles Schwab">Charles Schwab</a>. “We’re no longer just competing with other financial firms for consumers’ attention and loyalty. We’re competing with anyone who’s offering a positive experience, including consumer and technology brands. It’s critical to remember that the purpose of digitizing a process or creating an app should be to focus on making people’s lives easier.”</p> <p>Experts note that financial services firms, like those in many industries, <strong>need to think about how to bake advanced technology into every aspect of the business</strong>; that’s a departure from years past, when business leaders tended to regard IT as merely a department that helped deliver discrete solutions.</p> <p>“Digital transformation is a business strategy. It’s not a technology strategy,” says Jerry Silva, research director for <a href="" target="_blank" title="IDC Financial Insights">IDC Financial Insights</a>. “It’s about making the business agile and responsive to the market.”</p> <h2 id="toc_0">Digital Transformation Unlocks New Opportunities for Credit Unions, Banks and Capital Markets</h2> <p>With its app improvements — including features like a peer-to-peer payment system — BrightStar is attempting to both support customers’ regular banking activities and to put the app at the center of the customer experience.</p> <p>“There’s only so many branch locations we can have,” Meyer says. “It’s a challenge to make sure there’s always a branch right next to you — that’s impossible. But with today’s technology, I can put that branch right into your hands.”</p> <p>Early in 2017, <a href="" target="_blank" title="Alaska USA Federal Credit Union">Alaska USA Federal Credit Union</a> rolled out <a href="" target="_blank" title="ClickSwitch">ClickSWITCH</a>, an automated account switching solution that allows new customers to quickly and safely change their recurring payments and direct deposits from their previous financial institutions to Alaska USA. <strong>Around 30 percent of new members are using the solution</strong>, says Shawn Brume, senior vice president of information management governance, and the service has helped the organization continue to grow by 4 percent to 6 percent annually.</p> <p>“That is transforming the business,” says Brume. “It totally changes the way we bring new members on board.”</p> <p>While customer-facing apps are at the center of many banks’ and credit unions’ digital transformation efforts, capital market firms are more concerned with analytics and artificial intelligence, says Silva.</p> <p>“We did a survey last year, and those are the top two areas of investment,” he says. “In capital markets, being able to make those trade decisions not only faster but smarter and based on historical information is becoming more and more important.”</p> <p>Silva says that leaders at most financial institutions understand the importance of digital transformation, but that l<strong>egacy infrastructure is slowing down many organizations’ efforts</strong>.</p> <p>“Many of the largest banks worldwide rely on a core banking system that was built 35 years ago, written in COBOL, run on IBM mainframes,” Silva notes. “Those are not easily changed. You can’t create new products and services very easily on those. And the people who know how to program for them are retiring. They’re extremely risky to just pull out and replace with a more modern system.”</p> <p>While these hurdles are real, McDaniel says that outdated mindsets can be as limiting as outdated IT systems. When Schwab launched its fully digital robo-adviser system, dubbed Schwab Intelligent Portfolios, the company “basically created a startup within a 45-year-old brokerage firm,” he says.</p> <p>“The goal was to focus on what it would take to build something fundamentally new, without a fear of potentially disrupting our existing products and services, because it was the right thing to do for consumers,” McDaniel says.</p> <h2 id="toc_1">Customer Service Innovation Fueled by Digital Transformation</h2> <p>As financial institutions use technology to engage their customers on a deeper level, they will create better relationships and provide more value. Silva points to a bank in Europe that allows customers to shop for homes from the bank’s website and highlights properties that customers can afford, and he predicts that stateside banks may soon do something similar for customers looking to buy a car.</p> <p>“It’s about stickiness,” he says. “If you can offer something, and the bank across the street can’t, you’re more likely to stay with that bank.”</p> <p>In addition to allowing financial institutions to better compete for existing customers, <strong>digital transformation may pave the way for engaging new customers</strong>; for example, people who have historically not had the time, expertise or resources to invest with a financial adviser. Mike Brady, Alaska USA’s CIO, says he looks forward to solutions that enable automated savings and investment based off of analytics.</p> <p>“An algorithm could look at your savings and your spending habits and determine when you can afford to put $5 into savings — and then, when it grows enough, put the money into a short-term CD,” says Brume. “I don’t think we’re that far away.”</p> <p>As customers continue to shift their activity away from the branch and toward mobile and online solutions, Brume says, banks and credit unions will need to find new ways to help their customers build wealth — or risk losing them. “Our survival goes hand in hand with ensuring our members’ success,” Brume says. “And that all comes through digital transformation.”</p> </div> <div> <div class="field-author"><a href="/author/calvin-hennick" hreflang="en">Calvin Hennick</a></div> </div> Mon, 13 Aug 2018 16:37:14 +0000 ricky.ribeiro 41841 at 3 Reasons HCI Adoption Is on the Rise for Small and Medium Businesses <span>3 Reasons HCI Adoption Is on the Rise for Small and Medium Businesses</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/09/2018 - 10:16</span> <div><p>For larger businesses with dedicated IT teams, the wonders of <a href="">hyperconverged infrastructure</a> are well known. But now, small and medium businesses are starting to embrace the ways HCI can work to <a href="">offer SMBs an operational edge</a>. In fact, a new study by Techaisle Research shows that HCI adoption is poised to <strong>double over the next year and a half</strong> as the benefits become apparent, particularly as it pertains to digital transformation.</p> <p>A <a href="" target="_blank">blog post from Techaisle Research</a> about the study notes that HCI adoption allows SMBs to grow “in lockstep with new business or customer demands,” and is viewed as an <strong>important element of business growth</strong>.</p> <p>“The SMBs that are fully committed to digital transformation are on the fastest path to adoption, as <strong>HCI is an important element of a future-ready, resource-sensitive IT approach</strong>,” the blog post notes.</p> <p>HCI platforms, much like converged infrastructure platforms, combine computing, storage, networking and virtualization capabilities into a single appliance. With HCI, however, all of the components are pre-integrated and controlled by one software-management layer. Moreover, as all components are provided by a single vendor, it offers IT managers a level of control and visibility they can’t normally achieve with piecemeal infrastructure.</p> <p>As SMBs begin gravitating toward solutions from vendors such as <a href="" target="_blank">Cisco Systems</a>, <a href="" target="_blank">Dell EMC</a>, <a href="" target="_blank">Hewlett Packard Enterprise</a>, <a href="" target="_blank">Nutanix</a> and <a href="" target="_blank">VMware</a>, among others, these businesses are coming to realize several important benefits that can give them the operational edge and simplicity they crave.</p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">1. HCI Cuts Costs and Resource Needs</h2> <p>While adopting HCI won’t immediately translate to cost savings, implementing it effectively in line with business needs can save businesses bundles in the long run.</p> <p>At <a href="" target="_blank">Midwest Acoust-A-Fiber</a>, for example, adopting a <a href=";pfm=srh" target="_blank">Scale Computing</a> HCI solution <strong>saved the company about 50 percent over the cost of a traditional architecture</strong>. Moreover, it saved the company from needing to <a href="">hire additional personnel</a>.</p> <p>“People just keep getting more expensive, and hardware gets cheaper. So, now if we need more performance we can just throw more hardware at the problem,” Systems Administration Manager Daniel Penrod <a href="">told <em>BizTech</em> in a previous interview</a>.</p> <h2 id="toc_1">2. Hyperconvergence Eases IT Management</h2> <p>For companies with limited staff and resources, HCI can deliver a simpler way to manage all IT assets.</p> <p>“HCI’s integrated, software-defined architecture provides SMB IT staff with an ability to <strong>deliver sophisticated capabilities</strong> without needing to maintain an elaborate web of resource connections,” the Techaisle blog post notes.</p> <p>In a prime example, <a href="" target="_blank">PreCheck</a>, a healthcare background-check company tapped HCI to ease migration and ongoing management, Robert Wilcox, PreCheck's infrastructure manager, told BizTech.</p> <p>"It's really <strong>simplified the environment</strong> and reduced the overhead of the hardware. We've gone from a three-tiered model to one tier," he said. "It's a complete ecosystem, and if I need to scale up, I can just buy another node and slide it in. It gets picked up by the system, and <strong>everything is done automatically</strong>."</p> <h2 id="toc_2">3. HCI Improves and Simplifies Small Business Scalability</h2> <p>Moreover, since HCI is an integrated, modular solution, IT can scale capacity as needed without the need to invest in new resources or buy capacity in advance, Techaisle notes.</p> <p>Dave Wiley, IT manager at <a href="" target="_blank">Mayfran International</a>, a Cleveland-based manufacturer of machine tool products, material-handling equipment and filtration systems, noticed an improvement in scalability immediately within the first year of investing in a Cisco <a href=";ctlgfilter=&amp;searchscope=all&amp;sr=1" target="_blank">HyperFlex HX</a> hyperconverged system.</p> <p>“We needed more disk capacity, so we expanded from three servers to four. <strong>Scalability proved to be smooth</strong> with HCI,” <a href="">Wiley told <em>BizTech</em> in a previous interview</a>.</p> <p>And the IT manager wasn’t the only one that noticed the change.</p> <p>“<strong>End users could tell immediately</strong> that we installed faster servers,” he said.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Thu, 09 Aug 2018 14:16:46 +0000 juliet.vanwagenen_22746 41831 at What It Takes to Defend Against Growing Threats to ICS and SCADA Systems <span>What It Takes to Defend Against Growing Threats to ICS and SCADA Systems</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 08/08/2018 - 12:34</span> <div><p>As <a href="" target="_blank">utilities get smarter and more connected</a>, the threat landscape for energy systems becomes vaster and more dangerous than ever before.</p> <p>The <a href="">ever-increasing threat of attacks</a> against industrial control systems (ICS) and <a href="" target="_blank">supervisory control and data acquisition</a> (SCADA) systems makes building a <strong>strong, layered defense</strong> critically important for energy and utility companies.</p> <p>A layered defense should consist of a combination of <strong>security frameworks, security technology solutions and security services</strong> designed to provide an overlapping set of controls that protect against risks.</p> <h2 id="toc_0">Security Frameworks Build Strong Policies for Cyberdefenses</h2> <p>Security frameworks offer guidance for organizations seeking to design a comprehensive set of security controls. They provide best practices and advice that companies can customize for a specific operating environment. An excellent source for framework standards is the <a href="" target="_blank">National Institute of Standards and Technology</a> (NIST), a federal agency that produces cybersecurity standards for use in government and industry.</p> <p>The <a href="" target="_blank">NIST Cybersecurity Framework</a> (CSF) is a wide-reaching set of materials that provides <strong>advice on five core activities in the cybersecurity realm</strong>. The CSF helps organizations adopt a risk-based approach that balances the costs and benefits of specific security controls.</p> <p>The <strong>five activities include</strong>:</p> <ul><li>Identify core risks to an organization’s systems, assets, data and capabilities.</li> <li>Protect systems and data to limit or contain cybersecurity incidents.</li> <li>Detect occurrences of cybersecurity events.</li> <li>Respond appropriately to detected events.</li> <li>Recover from the impact of cybersecurity incidents.</li> </ul><p>While the CSF is designed to be used across industries, NIST also provides <strong>specific guidance for energy and utility companies</strong> operating SCADA and other ICSs. “<a href="" target="_blank">NIST Special Publication 800-82: Guide to Industrial Control Systems (ICS) Security</a>” provides detailed information on ICS threats, vulnerabilities and security controls.</p> <h2 id="toc_1">Solutions Keep Energy Sector Security Threats at Bay</h2> <p>SCADA and ICS cybersecurity programs use a variety of technical solutions to meet the<strong> confidentiality, integrity and availability requirements</strong> of these critical infrastructure systems. Controls include multifactor authentication, firewalls, mobile device management, anti-virus, security information and event management systems, virtual private networks and patch management technology.</p> <p>Multifactor authentication <strong>adds enhanced security to access control systems</strong>. Rather than simply relying on an easily stolen password, multifactor authentication supplements “something you know” authentication with an additional requirement based on either something users possess, such as a smartphone or token (“something you have”), or user’s biometric feature, such as a fingerprint or voice (“something you are”), to verify identify. Multifactor authentication should always be used to protect access to sensitive SCADA systems, even if it’s not required to access a wider enterprise network.<strong> Firewalls segment networks from each other</strong>, carefully restricting traffic that may flow between them.</p> <p>They are commonly found separating internal networks from the internet, but they can also be used internally to segment sensitive networks from general-purpose networks. Many energy and utility companies use firewalls to separate their SCADA networks from their general productivity networks.</p> <p>When technology professionals use firewalls to separate networks, they must also provide authorized users access to those networks remotely. <strong>Virtual private networks </strong>(VPNs) provide an ideal solution. Authorized users employ a VPN client to create a secure, encrypted connection to the SCADA network, where they may access infrastructure. VPN access is typically restricted using multifactor authentication.</p> <p>Both SCADA systems and the workstations that engineers use to access those systems must have carefully monitored configurations. Patch and configuration management solutions allow cybersecurity professionals to ensure all devices on SCADA/ ICS networks are configured according to the organization’s security standards, and that patches are up to date.</p> <p>If users access SCADA systems using <strong>smartphones, tablets or other mobile devices</strong>, specialized configuration management is often required. <strong>Mobile device management </strong>(MDM) or <strong>enterprise mobility management </strong>(EMM) solutions allow administrators to manage configurations, security patches, applications and other settings on devices, and also remotely lock or wipe devices reported as lost or stolen.</p> <p>Anti-virus software is standard on almost every enterprise system, from laptops to servers, and that should also be true in a SCADA environment. Devices capable of running <strong>anti-malware software </strong>should run it at all times and be configured to receive automatic signature updates on a daily basis, if not more frequently.</p> <p>Finally, organizations should prepare for the eventuality that they may experience a security incident on their SCADA/ICS networks. Security information and event management (SIEM) solutions act as a collection and correlation point for log and event information from every cybersecurity technology deployed systemwide. Security professionals use SIEM as a centralized monitoring dashboard and the jumping-off point for security incident investigations.</p> <p>As organizations design their SCADA security programs, they may wish to begin with industry standard frameworks, such as those available from NIST. Those frameworks offer guidance to help energy and utility companies select the security technology that best meets their needs.</p> <h2 id="toc_2">Services Bolster Internal Defenses with Outside Support</h2> <p>In addition to building a strong set of cybersecurity technology controls, energy and utility companies should also consider security services from third-party vendors with specific expertise in SCADA and ICS technology. Vendors offer a wide variety of security services, including <strong>implementation and management of security controls</strong>.</p> <p>Many organizations use third-party assessors to <strong>conduct testing on security controls</strong>. That approach is widely considered a best practice in cybersecurity circles because it introduces a degree of independence into the assessment process by using personnel who did not design the controls to perform the evaluation.</p> <p>Vulnerability testing services conduct automated and manual scans of SCADA and ICS networks to detect the presence of known vulnerabilities that require remediation. Penetration testing services go a step further by attempting to exploit vulnerabilities to gain access to the ICS network, demonstrating the potential effects of a malicious attack.</p> <p><em>Learn how energy and utility companies can address the growing threats they face by reading the white paper, "<a href="" target="_blank">Securing SCADA Networks</a>."</em></p> </div> <div> <div class="field-author"><a href="/author/biztech-staff" hreflang="en">BizTech Staff</a></div> </div> Wed, 08 Aug 2018 16:34:47 +0000 juliet.vanwagenen_22746 41821 at Managing Risk SummIT: Modernizing Security and Risk for Today's Threat Landscape <span>Managing Risk SummIT: Modernizing Security and Risk for Today&#039;s Threat Landscape</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 08/07/2018 - 18:11</span> <div><p>To thrive in the digital economy, today's organizations need to continuously and rapidly adopt advanced technologies. But these advancements can wreak havoc among those accountable for managing security and risk. While modernized networks and applications may boost business and open new doors for customers, they simultaneously introduce new vulnerabilities at the same incessant pace.</p> <p>Moreover, bad actors intent on stealing corporate assets are hardly the only challenge as organizations regularly battle insider threats, whether innocent or malicious. And if all of that weren’t enough, risk executives and managers are now facing new – and more — compliance requirements and questions — all intended to make corporate data safer.</p> <p>Join <em>BizTech</em> as we cover CDW's Managing Risk SummIT from August 14-15 in Boston.</p> </div> <div> <div>Event Image Toggle</div> <div>Off</div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="" data-title="Managing Risk SummIT: Modernizing Security and Risk for Today's Threat Landscape" data-via="BizTechMagazine" data-button-background="none"> <span> <span>Aug</span> <span>07</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-googleplus cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="" data-title="Managing Risk SummIT: Modernizing Security and Risk for Today's Threat Landscape" data-via="BizTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href=";" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-googleplus cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="" data-title="Managing Risk SummIT: Modernizing Security and Risk for Today's Threat Landscape" data-via="BizTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> Tue, 07 Aug 2018 22:11:22 +0000 juliet.vanwagenen_22746 41816 at How Technology Can Help Fight Retail Shrink <span>How Technology Can Help Fight Retail Shrink</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 08/07/2018 - 12:22</span> <div><p>Retail shrink — or a reduction in inventory due to shoplifting, employee theft or other errors — is affecting retail bottom lines across the country. <p></p></p> <p>This loss of inventory collectively cost retailers in the U.S. more than <strong>$42 billion in 2017</strong>, according to<a href="" target="_blank"> the Sensormatic Global Shrink Index from Tyco Retail Solutions and PlanetRetail RNG</a>, the former of which is a solutions firm focused on loss prevention. The U.S. market in particular represents almost half of global dollars lost.</p> <p>Retailers aren’t blind to the issues of retail shrink. Stores have been aware of these problems for years and have adopted a variety of different measures in response, including electronic article surveillance (EAS) and upgraded video cameras. Sephora, for instance, has <a href="" target="_blank">implemented EAS systems and traded analog cameras</a> for IP cameras with the aim of improving security and offering more robust data to bolster analytics around loss, training and business decisions.</p> <p>As radio frequency identification tags, computer vision and artificial intelligence begin to enter the realm of retail, many stores are tapping these tools in new ways with the aim to combat retail shrink. </p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Retailers Keep Track of Inventory with RFID</h2> <p>RFID — which, unlike EAS, allows retailers to keep tabs on individual items by giving them unique identifiers — has become a commonly adopted technology for loss prevention in recent years. In fact, a <a href="">recent IDC study</a> uncovered that <strong>80 percent</strong> of retailers have set aside funds to spend on visibility platforms, such as RFID and Internet of Things devices, and <strong>60 percent</strong> already have a visibility platform in place.</p> <p><a href="" target="_blank">Business Matters magazine reports</a> that RFID can be used for security in two ways: <strong>access control and protection against theft</strong>.</p> <p>According to the publication: “For access control, RFID devices such as smart cards, fobs and wristbands can be used as electronic keys. As each individual can be given access to different areas, it means that you can control not only who can enter but also where different employees may and may not go.”</p> <p>When it comes to theft, companies can tag stock and equipment, which will alert staff if anyone takes an item outside the building without permission or payment.</p> <p>Stores including Target, Lululemon Athletica and Levi Strauss have touted the technology as a way to offer more accurate visibility into inventory and other aspects of supply chain visibility, <a href="" target="_blank">Retail Dive reports</a>.</p> <p>"RFID can be most beneficial when it comes to <strong>enhanced inventory control and loss prevention</strong>, where RFID can help give you much greater visibility into and more granular control over your inventory," Emily Mitchell, chief operating officer of password-cracking firm <a href="">Sagitta HPC</a>, which specializes in breaking authentication and encryption technologies, <a href="">tells</a>, "Traditional barcodes can only identify products on a basic level, and all products of the same type have identical barcodes."</p> <h2>Emerging Tech Joins the Battle for Loss Prevention</h2> <p>While tracking technology is becoming commonly used in traditional retail stores, <a href="">entirely new store formats</a> — <a href="">such as Amazon Go</a> — are transforming the customer experience, eliminating the need for interaction with cashiers and employing new types of technology that could make it easier to catch shoplifters.</p> <p>A store prototype in Santa Clara, Calif., for instance, uses AI and cameras to track what customers pick up, then <strong>automatically charges them</strong> as they leave the store.</p> <p>“<strong>Ceiling-mounted cameras</strong> track shoppers and the items they pick up, with computer vision software identifying each item so the customer can be charged electronically via an app on their way out,” <a href="" target="_blank"><em>The Mercury News</em> reports</a>.</p> <p>With each item automatically detected using computer vision with <strong>98 percent accuracy</strong>, attempts to shoplift could prove fruitless, as it did for one journalist who tested out the technology’s efficacy for <a href="">MIT Technology Review</a>.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Tue, 07 Aug 2018 16:22:22 +0000 juliet.vanwagenen_22746 41811 at How Technology Can Help Retail Stores Thrive in an Increasingly Online World <span>How Technology Can Help Retail Stores Thrive in an Increasingly Online World</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Mon, 08/06/2018 - 13:57</span> <div><p>Retail is alive and kicking.</p> <p>Sure, brick-and-mortar stores have had to adapt to the new competition of online resellers over the last two decades, but they've not only remained in business — they're actually growing. A <a href="" target="_blank">2018 study</a> shows that in-store sales grew by as much as <strong>5.4 percent in 2017</strong> over the previous year. Technology is playing a key role in the fight. </p> <p>Leaders at many retail companies know they want to deploy innovative technologies that will <strong>improve productivity and efficiency</strong>, but they often don't know where to start. When it comes to IT initiatives, a bit of hesitation can actually be a good thing. Rather than rushing to deploy the latest technologies that are creating buzz at trade shows, retailers should ensure that their solutions meet their business needs and help their employees be more productive. This is not to say that retailers should drag their feet when it comes to new IT investments — only that they should be strategic about such initiatives, and mindful about connecting disparate technologies in a way that optimizes benefits.</p> <p>Technologies designed to <strong>boost employee productivity</strong> can have a significant impact on a retail store's operations, giving managers quick insight into whether an initiative is working as planned. For example, if the implementation of <a href="">mobile point-of-sale devices</a> increases sales, that's a <strong>concrete, measurable benefit </strong>that will show up in a matter of weeks. An effective digital transformation strategy may follow the model of "think big, act small, move fast."</p> <p>In other words, retailers should make bold plans, but should first deploy solutions that capture low-hanging fruit, and then move on to bigger projects.</p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2>6 Tools That Can Improve Retail Employee Performance</h2> <p>Technologies that can help retailers improve employee performance and help retailers thrive include: </p> <p><strong>1. Mobile devices</strong>: Retailers are arming floor employees with <strong>tablets, smartphones and purpose-built mobile point-of-sale (mPOS) devices</strong> to connect associates with back-end data from the local store and corporate data centers. While workers at many stores have long had the ability to look up inventory information from desktop computer stations, mobile devices and apps allow employees to stay with shoppers on the sales floor, thereby improving customer service. Tablets are predominant with many retailers, but smartphones are getting bigger and more powerful, and more stores are beginning to consider deploying them as employees' primary mobile devices. </p> <p><strong>2. Enterprise mobility management</strong>: When retailers deploy mobile devices, it's critical that they adequately manage and monitor their deployments. <a href="">Enterprise mobility management</a> (EMM) tools help organizations manage not only physical devices, but also mobile applications and content. Such solutions help retailers <strong>know where their devices are at all times</strong> and how they're being used, and ensure that any sensitive data (such as payment card information) is adequately safeguarded. Mobility management is also important for ensuring that devices are used only for work-specific applications. This is especially important in a sector that often employs younger workers, who may be tempted to use mobile devices to play games or send messages to their friends. </p> <p><strong>3. IT infrastructure</strong>: Supporting mobile solutions and other technologies requires robust networking, storage and processing systems. Some retailers are fielding store-based edge computing solutions, including micro data centers, to support systems without having to route data traffic to a centralized data center. <a class="gr-progress" href="">Micro data</a><a href=""> centers</a> are self-contained solutions that provide not only essential infrastructure, but also <strong>physical security, power, cooling and remote management</strong> capabilities. </p> <p><strong>4. Data analytics</strong>: Retailers are awash in data — everything from sales numbers to customer loyalty information to employee schedules. <a href="">Stores that make better use of that data</a> than their competitors can greatly <strong>improve productivity and efficiency</strong>. Predictive analytics are particularly important for inventory management and omnichannel fulfillment, as the intelligent use of data can ensure that products are in stock where and when customers expect to find them. </p> <p><strong>5. RFID</strong>: The falling cost of radio frequency identification (RFID) tags has led to a growing number of retailers using the technology to better track individual products. In many cases, in fact, vendors are tagging items with RFID themselves, meaning that retailers only need to implement a tracking system to make use of the technology. While <strong>loss prevention</strong> is a common use case for RFID tagging, the practice can also prevent frustrating situations where an item is shown to be in stock but cannot be located for a customer. </p> <p><strong>6. Beacon technology</strong>: More and more, stores are using mobile beacons to <strong>improve interactions with customers</strong>. For example, by pushing out special offers to shoppers who linger in front of a high-ticket item but need an extra incentive to convince them to make the purchase. Beacon technology can also help retailers keep track of where their employees are during their shifts, giving managers the visibility to ensure that staffers are located where they are needed most.</p> <p><em>Learn more about how retailers are improving the customer experience by connecting data, devices and sales associates in the CDW white paper "<a href="" target="_blank">Technology to Boost Retail Productivity</a>."</em></p> </div> <div> <div class="field-author"><a href="/author/biztech-staff" hreflang="en">BizTech Staff</a></div> </div> Mon, 06 Aug 2018 17:57:12 +0000 juliet.vanwagenen_22746 41806 at 9 Reasons Organizations Are Embracing Hybrid Cloud Environments <span>9 Reasons Organizations Are Embracing Hybrid Cloud Environments</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/02/2018 - 22:40</span> <div><p>Organizations everywhere are embracing hybrid cloud models. In manufacturing, for example, <strong>hybrid cloud adoption is expected to double by 2023</strong> to support the pivot to new technologies, like Internet of Things devices, <a href="" target="_blank">according to a recent report by ABI Research</a>.</p> <p>But the industrial sector isn't the only business tapping this digital transformation tool. Several organizations are embracing hybrid cloud, in particular, because it allows organizations to experience many of the benefits offered by both <strong>private and public clouds</strong>.</p> <p>Here are a few of the benefits that are leading organizations to embrace hybrid clouds:</p> <h2 id="toc_0">1. Hybrid Clouds Offer Faster Service Delivery</h2> <p>Procuring a physical server takes time. The expense must be approved, the purchase made, the server delivered and the hardware installed and configured. The process may take several weeks or more to complete. By tying resources to the public cloud, organizations give themselves the option of <strong>provisioning new infrastructure</strong> perhaps in a matter of minutes rather than weeks or months.</p> <p>This is especially important for companies that are growing quickly or experiencing unpredictable spikes in resource demand.</p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_1">2. More Flexible Expenses Let Organizations Go from CAPEX to OPEX</h2> <p>Traditional IT resource provisioning can create serious headaches around cash flow. Investments must be planned and budgeted years in advance, and companies must either set aside funds for large purchases or else pay off their infrastructure over a period of years.</p> <p>Cloud resources let organizations <strong>shift </strong><strong>their</strong><strong> IT spend</strong> from a capital expense (CAPEX) model to an operating expense (OPEX) model. Many business and IT leaders prefer a manageable and predictable monthly expense, which can free up capital for other investments and free up time for management to focus on pressing problems beyond paying for their infrastructure.</p> <h2 id="toc_2">3. Hybrid Models Reduce Administrative Burdens</h2> <p>The cost of on-premises infrastructure isn’t tied to hardware alone. In addition to utilities and facilities, the total cost of physical resources includes the staff who “care for and feed” servers and storage infrastructure.</p> <p>When more resources are placed in the public cloud, this<strong> frees up IT staff for other projects</strong>. Rather than spending their time on patching and hardware refreshes, they can pursue the organization’s IT strategic goals.</p> <h2 id="toc_3">4. Cloud-Based Collaboration Empowers Staff</h2> <p>By moving all file servers — and, therefore, all documents — to a cloud-based collaboration system, organizations empower staff to <strong>edit, share and collaborate on any document</strong>, on any device, from anywhere. By making this move, IT no longer needs to be concerned with backups and recovery from unstructured data.</p> <p>In addition, separating documents from endpoints greatly simplifies the process of refreshing devices.</p> <p>As more employees work remotely, collaboration solutions are becoming increasingly important. Alongside facilitating collaboration on documents, spreadsheets and presentations, the public cloud also gives organizations a path to adopt video collaboration solutions without making significant capital investments for new hardware.</p> <h2 id="toc_4">5. Cloud-Backed Data Enhances Security</h2> <p>For a long time, security concerns held organizations back from pushing resources to the public cloud, but attitudes are quickly changing. In fact, there are ways in which a hybrid cloud model can actually help organizations keep sensitive data more secure.</p> <p>For instance, lost laptops are a <strong>$1 billion business problem</strong>. Potentially greater than the loss of an expensive piece of computing equipment, however, is the loss of the sensitive data inside it, which may include personnel records, financial information and valuable intellectual property.</p> <p>For organizations operating within a hybrid cloud model, however, a lost laptop does not typically create an all-hands-on-deck emergency. With data backed up in the cloud, employees can recover it no matter what happens to their machines, and IT can <strong>remotely wipe data from lost laptops and mobile devices</strong> so that it doesn’t get into the wrong hands.</p> <h2 id="toc_5">6. A Global Platform Allows Organizations to Grow Reach</h2> <p>Back in the days when practically all IT services were accessed locally, local storage and processing made a lot of sense.</p> <p>Today, <strong>most services need to be available anywhere</strong> in the world to accommodate remote and traveling employees. Running services that must be accessible around the globe is a good reason to move a service to the cloud.</p> <h2 id="toc_6">7. Cut Costs in the Cloud</h2> <p>This is a tricky one. Although cost reductions have, historically, been a significant driver of enterprises’ moves to push resources to the public cloud, some organizations have seen mixed results. This doesn’t mean that adopting a hybrid cloud model won’t drive down expenses, only that organizations must <strong>carefully evaluate their specific use cases </strong>and run the numbers<strong>,</strong> rather than simply assume that cost benefits will materialize on their own.</p> <p>Without knowing specifics, it is impossible to say which cost reductions may arise from adopting Software as a Service (SaaS) solutions, developing services for the cloud or moving current services from a private data center to the public cloud. The answer depends on the nature of the specific application and its associated dependencies.</p> <h2 id="toc_7">8. Bolster Competitiveness and Agility</h2> <p>Moving to the cloud gives everyone access to enterprise-class technology. It also lets smaller businesses keep up with — or even move faster than — larger, more established competitors.</p> <p>Pay-as-you-go services and cloud business applications make it possible for small organizations to <strong>“run with the big boys”</strong> while staying <strong>lean and nimble</strong>, even as they attempt to disrupt the marketplace. In the past, it was virtually impossible for a small startup to invest in the same types of technology that large enterprises maintained in their corporate data centers. The cloud helps to even the playing field.</p> <h2 id="toc_8">9. Simplify Service and Streamline Innovation</h2> <p>The cloud helps organizations <strong>simplify service delivery and reduce support and administration.</strong> It may even allow them to eventually get out of the data center business entirely, if that is their aim.</p> <p>This level of simplicity is particularly attractive to startups. In Silicon Valley, most new companies are opting not to build their own data centers, reasoning that they can create one in the cloud with a few clicks of a mouse.</p> <p>Learn how to build your hybrid cloud strategy by reading the CDW white paper “<a href="" target="_blank">Hybrid Clouds Deliver the Best of Both Worlds</a>.”</p> </div> <div> <div class="field-author"><a href="/author/biztech-staff" hreflang="en">BizTech Staff</a></div> </div> Fri, 03 Aug 2018 02:40:57 +0000 juliet.vanwagenen_22746 41796 at Top Penetration Testing Tools and Types to Safeguard Against Cybersecurity Threats <span>Top Penetration Testing Tools and Types to Safeguard Against Cybersecurity Threats</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/02/2018 - 11:42</span> <div><p>Maybe it’s that mail server that <strong>IT forgot to decommission</strong> when the company transitioned to <a href="" target="_blank">Office 365</a>.</p> <p>It could be the smart thermostat or the new printer that’s still running the default password. Or perhaps it’s that <a href="" target="_blank">iPad</a> logged onto the hotel Wi-Fi network.</p> <p>Companies of all sizes have a <strong>seemingly endless number of IT security vulnerabilities</strong>, any one of which can land them in trouble.</p> <h2 id="toc_0">What Is Penetration Testing?</h2> <p>One way to discover such holes is by conducting a penetration test, <a href="">an exercise in which an ethical hacker</a> aims to break into a network, application or device to uncover vulnerabilities and warn organizations about them before malicious hackers can exploit them.</p> <p><strong>Not all penetration tests are created equal</strong>. “A good pen tester is not just about finding that little hole on your network but about helping you figure out how that hole got there in the first place and why it wasn't patched or protected,” says <a href="">Joel Snyder</a>, senior partner at <a href="" target="_blank">Opus One</a>, a Tucson, Ariz.-based IT security consulting firm. “It’s an educational process. <strong>The goal is to knock off 100 things</strong>, not one.”</p> <p>A major part of that process is the opportunity to work closely with security professionals. “I feel that most of the value that the client derives from us doing assessments is from them being able to sit down with us and have conversations instead of just relying on a written report,” says <a href="" target="_blank">Ian Odette</a>, a CDW security consulting engineer.</p> <p>Before hiring a pen tester, it’s important for organizations to understand how pen tests work, the different types and when it makes sense to conduct one. Here are just some of the most prominent penetration testing types used by ethical hackers.</p> <p><a href="" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>BizTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_1">Red Teaming Exercises </h2> <p>Conventional targeted penetration testing is very focused: A company hires a tester to attempt to attack its website directly. The problem is that real hackers don’t stick to a tight scope; they just go around the site if necessary, explains Ross McKerchar, CISO at security technology company <a href="" target="_blank">Sophos</a>.</p> <p>“<strong>Hackers aren’t standing still</strong>,” says Laura DiDio, principal of <a href="" target="_blank">Information Technology Intelligence Consulting</a> research firm. “It’s like watching X-Men. The mutations are evolving so quickly.”</p> <p>Red teaming, on the other hand, employs a more comprehensive collection of attack methods, including cyber and social engineering. A targeted attack aims to break into the front door; a red team can go around the building, check the windows and try to persuade a staff member to let them in, adds McKerchar.</p> <p>Not every organization is ready for a penetration test. A small business without a strong security plan is probably better off <strong>hiring a consultant</strong> to help build one or employing a managed services provider.</p> <p>Companies that are ready to test their systems might be wise to start with a vulnerability scan or a network assessment before a full pen test. For instance, <a href="" target="_blank">CDW’s Threat Check</a> is a free service that passively scans a company’s network to uncover vulnerabilities. A team from CDW then discusses the results with the company. If there are security solutions that can help, the company can test tools from <a href="" target="_blank">Cisco</a>, <a href="" target="_blank">Tenable</a> and others for free.</p> <p>“If you have a security program and have the basics covered — good passwords, patching, encrypting devices, running anti-virus, running firewalls, etc. — then it makes sense to think about your more critical assets,” says McKerchar. “<strong>We have many layers of defense</strong>. The interesting question is which layers are working well, and that's something a red team can help you with.”</p> <h2 id="toc_2">Black Box Testing vs. White Box Testing</h2> <p>There are additional types of pen testing beyond red teaming exercises. A tester conducting a black box assessment, like a real outside attacker, <strong>doesn’t get any information</strong> from the company, whereas <strong>a white box assessor is given upfront information</strong> about the organization’s infrastructure, including network diagrams and application source code.</p> <p>Alternatively, a gray box assessment falls between black box testing and white box testing: The assessor gets some information but not nearly as much as a white box assessor.</p> <h2 id="toc_3">Network Penetration Testing vs. Web Application Penetration Testing</h2> <p>Penetration tests also vary based on their targets. Network penetration tests, for example, focus on network services, such as firewalls or DNS servers, whereas web application penetration tests are highly specialized attacks on one application at a time.</p> <p>Organizations should consider testing customer-facing applications that drive the most revenue and contain the most customer data, advises McKerchar.</p> <h2 id="toc_4">What Are Some Examples of Penetration Testing Tools?</h2> <p>Pen testers also use an <strong>array of open-source and commercial tools</strong>. Some of the most effective include:</p> <ol><li> <p><a href="" target="_blank">Nmap</a>, an open-source utility that maps a network by taking a range of IP addresses and trying to make connections to every device that responds in that network range using a variety of protocols. “It’s the fastest, quickest way to see what’s going on inside a network,” says Snyder.</p> </li> <li> <p><a href="" target="_blank">Burp Suite</a> by PortSwigger Web Security is a commercial web vulnerability scanner with manual testing tools.</p> </li> <li> <p><a href="" target="_blank">Kali Linux</a> includes hundreds of tools preinstalled on it.</p> </li> <li> <p><a href="" target="_blank">MetaSploit</a> by Rapid7 is a powerful tool for pen testers to illustrate vulnerabilities.</p> </li> <li> <p><a href="" target="_blank">Nessus</a> by Tenable is a vulnerability scanner that can generate an initial list of issues. “Everyone should run it on their own networks on a frequent basis,” says Snyder.</p> </li> </ol><p>“A good pen tester has at their fingertips <strong>dozens or even hundreds of tools</strong>,” says Snyder. The tools used depend on the type and stage of the attack.</p> <p>A pen tester’s strategy begins with reconnaissance followed by attempts to get a foothold onto the target. He or she then aims to move laterally across resources or escalate the attack. The reconnaissance stage could include everything from looking at Whois records or email headers to social engineering to get that initial foothold.</p> <p>“An attacker isn't just going to scan your systems looking for unpatched systems,” says Mark Lachniet, information security solutions practice manager for CDW. “They're going to go after the <strong>path of least resistance</strong>, which is the way people are easily tricked.”</p> </div> <div> <div class="field-author"><a href="/author/melissa-delaney" hreflang="en">Melissa Delaney</a></div> </div> Thu, 02 Aug 2018 15:42:23 +0000 juliet.vanwagenen_22746 41791 at