Three Important Questions to keep in mind when securing your SAP environment

Three Important Questions to keep in mind when securing your SAP environment

Are you sure you are securing your SAP environment properly?

With the sensitive data stored in most SAP systems (HR, financials, and even more important, customer data), it would not be an exaggeration to say that it would be the main priority of attacks of cyber criminals.  This doesn’t mean that SAP does not prioritize security, this just means that security solutions have been continuously improving with the help of 3rd party enhancements.  In partnership with SAP, there are security solution partners such Trend Micro that ensure that enterprises are secure from attacks such as malware, denial-of-service attacks, cross-site scripting and other advance and targeted attacks.

So if you aren’t sure if you are properly securing your SAP environment, you can refer to this security question checklist below:

What are my security risks? Are you improving your ability to respond to customer feedback by moving customer applications to the cloud? Are you improving supply chain efficiency by opening an application to provide more visibility or communication with partners?

With how business-critical applications are now web accessible, cyber criminals now have more entry points in which they can exploit vulnerabilities in operating systems, web servers and even the business-critical application itself.  Although vendors release patches to fix these vulnerabilities, if they are not implemented on a timely basis, the system will still be at risk within those transition points.

Does my security integrate with my SAP environment?

You also need to consider whether your security can integrate well with your native SAP security.  SAP provides capabilities like the SAP Virus Scan Interface (VSI) as part of SAP NetWeaver ®  to allow certified third parties, like Trend Micro,  to augment native security capabilities.

What are the security requirements for my environment?

Cloud and virtual environments each introduce unique requirements for security. Understanding how your security solution is optimized for those environments is critical to make sure you can easily manage security and reap the expect cost, performance and agility benefits.

If you have any further inquiries on how you can better secure your SAP environment, you may call us at 893-9515 and we would be happy to help!

University of Kansas Hospital: A Cisco Umbrella Case Study

University of Kansas Hospital: A Cisco Umbrella Case Study

The challenge: gaining transparency to secure sensitive data

Ranked among the nation’s best hospitals every year since 2007 by U.S. News & World Report, The University of Kansas Hospital is the region’s premier academic medical center. Physicians teach as faculty members at the KU School of Medicine and are at the forefront of medical discoveries taking place at the KU Medical Center, a research leader in cancer treatment and prevention, neurology and liver and kidney transplantation.

Like every hospital, University of Kansas Hospital prioritizes its IT security as to avoid threats such as malware from affecting or theft of its patient’s sensitive data.  This means that they have to safeguard every medical device that is connected to their network, any compromise to this could cause a life-or-death situation.  Besides this, as an academic hospital as well, they also deal with a lot of sensitive research data and intellectual property.

When the time ransomware was beginning to impact hospitals around the world, University of Kansas Hospital started to look for security solutions that would help deliver their commitment for the best possible healthcare experience.  This led them to realize that visibility was a major challenge and attacks were starting from DNS.

The solution: security that starts at the DNS layer

To start improving the existing security design, University of Kansas Hospital started to initially implement different solutions to help produce very basic information about the infected machines, however they lacked full visibility into the source of the infection.  Meaning that they could see the malicious sites being accessed but only trace the infection only till the proxy server, IP address, or their DNS server.

 “First we just pointed our external DNS requests to Cisco Umbrella’s global network, which netted enough information to prompt an instant ‘Wow, we have to have this!’ response,” Duong says. “When our Umbrella trial began, we saw an immediate return, which I was able to document using Umbrella reporting and share with executive stakeholders. Those numbers, which ultimately led to executive buy-in, spoke volumes about the instant effect Umbrella had on our network.”

After they did an initial test of pointing their external DNS requests through the Cisco Umbrella global network, it provided enough information for them to immediately start a trial with Umbrella.  After beginning their trial, they were able to see immediate returns, which were then documented through Umbrella’s reporting and shared to their executive stakeholders.  This eventually led to an executive buy-in for Umbrella.

The result: Bolstered security and unprecedented insight

For University of Kansas Hospital, Deploying Umbrella was fast while also giving them an immediate time-to-value experience.  In just one hour of Umbrella going live, they saw a huge increase in visibility, protection, and blocked malicious traffic.  From their usual 100,000 hits against the network (20 to 30 percent of which were ransomware), they were able drop the number down to nearly zero with Umbrella.

Once they enabled AD integration as well to their Umbrella (which took only an hour), they were able to move from struggling to find attacks to being able to correlate users with events and trace every clock of their online journey.  This also gave them ways on how to investigate and understand each threat that was hitting their network to help better understand user behavior to help better mitigate them as efficiently as they can.

Cisco Umbrella has dramatically improved the incident response of University of Kansas hospital for the better, one incident before Umbrella would have taken 2 days now has been lessened by at least 75% or even can be done in 30 minutes.



To learn more about Cisco products, you can visit our Cisco Product Page here or you may call us at 893-9515 and we would be happy to answer your inquiries!

LeasePlan: a Citrix SD-WAN Customer Testimonial

LeasePlan: a Citrix SD-WAN Customer Testimonial

LeasePlan, a global leader in fleet management and driver mobility, has more than 1.7 million vehicles across its over 110 branches across 32 countries.  LeasePlan has chosen Citrix as their solution for virtual desktops and applications (Citrix Virtual Apps and Desktops) to help simplify their IT needs and lower their IT costs across their multiple branch locations in which they rely as well on a network powered by Citrix.

Global IT Operations Manager Ronan Murray says, “NetScaler is the Swiss Army knife of our data center. We use most of the functions, from WAF to SSL Caching to load balancing.”

Everything is managed from LeasePlan’s data centers in Ireland, and branches are connected to the center with dedicated multiprotocol label switching (MPLS) lines.

“MPLS is a relatively old technology now, meaning it’s mature, and it’s safe,” Murray explains. “But it’s also expensive, and as we need failover, our backup circuits are only used when the primary link fails. We spend several million Euros a year on our global network. Agility was also an issue, activating new circuits can take months and we need new locations stood up in days and weeks. We need to be able to move at the speed of our business, which is accelerating all the time.”

LeasePlan branches had to have their internet connections routed over MPLS lines and through their Dublin Data centers, which caused suboptimal performance for their business-critical applications such as Skype.  Murray says, “with the increased demand for cloud services, having local ‘breakout’ connections is more and more important. People need to be closer to their SaaS services to get the best possible user experience, backhauling internet traffic through our data centres is sub-optimal for our users.”

“We chose Citrix SD-WAN because we had a really positive proof of concept experience,” Murray says. “The Citrix product set is really, really good. Citrix SD-WAN is incredibly clever in the way that it moves traffic around, the way it monitors issues on the network, and is able to pass traffic between different circuits depending on variations within those circuits.”

SD-WAN helps manage traffic across different connections such as broadband, ADSL,4G and even smaller MPLS links, this results in a faster, more reliable connectivity with SD-WAN optimizing traffic, resulting in a dramatic cost reduction for LeasePlan.

Powering the transition from data center to cloud

With SD-WAN, LeasePlan can provide secure local internet breakout for its branches so they can access cloud applications using a local connection and connect directly to the data center for hosted applications.

“The biggest benefit that SD-WAN has brought LeasePlan is not the savings, the extra bandwidth, and the other features—it’s the ability to pivot very simply to the cloud,” Murray says.

“When we need data from the data center, we go there. When we need data from the cloud, we go direct to cloud. We’re not hair-pinning or backhauling data through the data center anymore, and that gives a much better user experience, a much more efficient model for IT, and a much more efficient model for the end users.”

Availability and security

Using SD-WAN, IT can manage traffic at a very granular level, prioritizing individual applications over particular circuits. The result is high availability and low latency for users. Murray gives an example:

“When we went live with SD-WAN in Norway, the internet circuit wasn’t ready, so we just went live purely with a 4G SIM card in the back of the device. We got 50 meg down and 10 meg up, and the users there were ecstatic. They are getting bandwidth, performance, and availability like they haven’t seen before—from a SIM card! That’s pretty incredible.”

Communications are secure, too.

“A secure tunnel is created across every circuit and even every queue for MPLS,” Murray says. “Overall, that’s more secure than MPLS alone.”


If you have any inquiries with regards to Citrix SD-WAN, you may read the source article here or you may contact us at 893-9515 and we will be happy to answer your questions!

Managed Detection and Response: Helping to Fill in Business Security Gaps

Managed Detection and Response: Helping to Fill in Business Security Gaps

Managed detection and response (MDR) is an outsourced service that provides organizations with threat hunting service and responds to threats once they are discovered.  What sets it apart from other security services is the human element in which security providers provide access to their security resources such as their researchers and engineers who will now provide analysis to incidents while monitoring their networks.

The challenges MDR can solve

One of the more significant solutions MDR can provide to businesses is solving the lack of security skills within their organization.  Unlike bigger organizations, not all businesses can afford to hire and train dedicated security personnel that can do full-time threat hunting, which then gives them access to security which normally would be out of their reach.  This benefit is more apparent in medium sized organizations as they are targeted by cyberattacks while not having the proper resources or manpower to defend themselves adequately.  However, it must be pointed out that even if organizations budget costs and manpower to a dedicated team, they might not be able to find the right personnel in the first place.  In 2016, there were 2 million unfilled cybersecurity positions, a number that is expected to rise to 3.5 million by 2021.

                      What an organization stands to gain when MDR comes into play

Another challenge that is often overlooked by businesses is the sheer amount of alerts the security team receive on a daily basis.  Not all the alerts are malicious, but they can’t be easily identified so they must be checked individually, and threats found must also be scanned for correlation to see if there is a connection to find any bigger attacks planned in the future, and all of this take time.   MDR tries to address this problem by not only discovering the threats but also doing an analysis on the factors and indicators involved in an alert.  Analyzing and contextualizing are the most important skills of a security professionals’ arsenal, as security technologies can block threats but knowing the reasons and the patterns of the incidents can help you block bigger threats in the future.  MDR tries to solve the skill gap in cybersecurity that smaller organizations cannot usually afford due to their limited resources.

How does Trend Micro’s MDR work?

Trend Micro’s MDR provides a wide array of security services, including alert monitoring, alert prioritization, investigation, and threat hunting. It uses artificial intelligence models and applies them to endpoint, network, and server data in order to correlate and prioritize advanced threats. By investigating prioritized alerts, Trend Micro threat researchers can then work with organizations to provide a detailed remediation plan.

To learn more about Trend Micro’s MDR, you may read the original article here or you can contact us at 893-9515 and we will be happy to answer your questions!

VMware vSAN: The Key Benefits

VMware vSAN: The Key Benefits

Our ever-changing marketplace has been forcing organizations to adapt constantly to ensure that they stay competitive, this is more prevalent in an organizations IT.  This has brought them to the public cloud to try and increase their business agility while at the same time lowering their costs, but due to data governance, risk mitigation and cost, many organizations found they are still in need of their private cloud, meaning they need multiple clouds to ensure business operations are being efficient.

Hybrid cloud, a multi-cloud operational model, is the next phase of IT evolution which organizations are evaluating as their solution to help them solve challenges of integrating multiple clouds.  VMware’s vSAN offers organizations the logical next step to their hybrid cloud journey, below are some of the key benefits (info-graphics) when using vSAN in your organization:

  1. It is natively integrated
  • vSphere integrated HCI simplifies architecture, enhances security and maximizes performance

  1. It has a lower CAPEX cost
  • Experience the benefits of HCI with the lowest dollar per IOPS

  1. It is operationally simpler
  • Roll out infrastructure and applications with ease and limited training

  1. It is SDDC and Cloud Ready
  • Futureproof HCI with the widest deployment options – even public cloud


To learn more about vSAN, you may refer to our product page here or you can contact us directly at 893-9515 and we be happy to help answer any questions you may have on vSAN!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

As part of CT Link Systems efforts to give back to the community, we have teamed up with Kaisa Heritage foundation, a non-profit organization advocating Filipino-Chinese cultural and community development, to set up a Corporate Social Responsibility (CSR) program in which computer equipment was donated and sessions are being conducted to help the literacy of computer applications of the attendees.

There were many directions in which the program was headed during inception, however we decided that the best way to give back to the community was through sharing our knowledge that we have gained throughout the years.  The “Train the Trainer” program to expand the trainee’s computer competency, focused mainly on Microsoft Office 365 applications.  Our aim for the training sessions is to help improve the productivity of teachers who more often then not, use the Office 365 in their day to day life.  Another objective of ours was to introduce to them useful collaboration features in Office 365 that they may not be aware of due to the monotonous use of the traditional Microsoft Office suite.

Through the help of Kaisa Foundation, we were able to also partner with different educational organizations such as The Teachers Gallery, a non-profit organization that aims to offer learning opportunities related to inclusive education to both teachers and the broader education community, and AiHu Foundation, a non-profit organization promoting computer education for out-of-school youths.  These organizations provided the program with all of our participating teachers while our employee volunteers acted as the teachers and facilitators for the program.  Sharing the knowledge and skills through this training program has never been more rewarding for our employee volunteers knowing that what they shared will stream down to the teachers’ students.

As part of the CSR program, Kaisa has received 8 units of HP 280MT Desktops with Microsoft Windows 10 OS and HP N223v monitors.  Besides the computer equipment, other necessities were donated to the Angelo King Heritage Center to ensure that the CSR program would be able to be help in Kaisa such as Microsoft Office 365 (Business premium) subscriptions, Cisco Meraki MX64 firewall, Datto AP60 access point devices, 3COM PoE switch, and an internet subscription from Converge.  This was all made possible by the generous help from our vendor partners from HP Inc., Cisco and Microsoft who have helped us through the program.

 

 

CT Link Systems, Inc. Sponsors the Upcoming DPCC Summit 2018!

CT Link Systems, Inc. Sponsors the Upcoming DPCC Summit 2018!

CT Link Systems, Inc. is co-presenting the upcoming Data Privacy & Cloud Computing (DPCC) Summit 2018 this coming November 8, 2018.  CT Link has decided to sponsor this event as one of its initiatives to help give back to the IT community as it celebrates its 20th anniversary this year.

DPCC Summit 2018 is the venue in which the foremost experts on cloud computing in the Philippines come together to share their knowledge and experience to help advocate its benefits to businesses around the country.  Learn as well how they kept compliant to data privacy laws while using cloud computing in their organizations.

To learn more on how to join this exclusive IT Summit, you may email registration@dpcc2018.com with your inquiry or you may visit DPCC Summit 2018’s official site HERE to register.

Office 365 Update to Help Protect you from Macro Based Malware

Office 365 Update to Help Protect you from Macro Based Malware

We are now in an era where it’s hard not to make use of new technologies such as Cloud Storage.  With your data available anywhere you are through the connection of the internet, this has helped many businesses become more flexible in their operations.  However, we are always skeptical on how safe our data is since our data is stored somewhere we do not know and if these locations are secure from cyber criminals.

Now if you are an Office 365 user, you can rest easy as they have just recently announced that they are now integrating their Antimalware Scan Interface (AMSI) to the app!  AMSI was integrated to Office 365 as a way to help improve security against attacks that make use of malicious macros and scripts that target office documents by detecting them early on or by stopping them from executing.  Below is a quote from the Microsoft Security Team for their reasoning in bulking up security against macro attacks:

“Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros.”  

If AMSI is familiar to you, it might be because it isn’t something new as it was already being used by Microsoft as early as 2015 when they announced that Powershell adopted it as well for security purposes.  To give a background on AMSI, it is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution. Any application can interface with AMSI and request a scan for any data that may be untrusted or suspicious.

If you want a more in depth read on how AMSI is helping protect you from attacks, you can read the original blog post from the security team here or you can contact us at 893 9515 and we will be happy to help you!

Cisco Announces new small Business WiFi Solution, Meraki Go

Cisco Announces new small Business WiFi Solution, Meraki Go

Cisco has recently announced that they would be releasing a new solution for the small business and single-site location market, Meraki Go. The Meraki Go is a set of Wifi Access points tailor-made for small and home business, with features to get a business going while all being managed through a simple to use app.

This makes it a great tool to help small business owners manage their WiFi needs through a simple guided on-boarding process in which users can configure multiple WiFi networks in minutes.  This allows the businesses more control on their network as they will be able to separate their guest and corporate traffic for added security.  Meraki Go can also set limitations on certain applications and even block clients from accessing certain websites to keep your network safe.  This also ensures that bandwidth usage is prioritized to critical business applications rather than it being used up by video streaming and other bandwidth heavy applications.

Below is an introduction video for Meraki Go:

Currently Meraki Go is not available yet in the Asian market, it is currently available for purchase online on the western markets.  We will be posting an update as soon as we hear any new updates.  To learn more about Meraki go, you may visit their main site here or you may contact us at 893 9515 for more details!

New Exploit “Faxploit” affects HP OfficeJet All-in-One Printers

New Exploit “Faxploit” affects HP OfficeJet All-in-One Printers

Security researchers have recently demonstrated at the security conference DEF CON 2018 a vulnerability that can be exploited via HP OfficeJet All-in-One Printers.  It is being dubbed “Faxploit” by the researchers, Eyal Itkin and Yaniv Balmas.  The attack takes advantage of security flaws in the implementation of the fax protocol used by OfficeJet printers, making many businesses susceptible to the attacks.

The researchers have stated that for this particular exploit, all the attackers need is a fax number to exploit the vulnerability, which they can then hijack the network and all systems connected to it.  They then can infect the network with their malware or even worse, outright steal your business’ important data.  Researchers have said that the impact of this exploit is not a small one as it is surveyed that businesses have actually increased their fax usage by almost 82% in 2017, so even with many new technologies, fax is still one of the most used ways to move documents.

Faxploit is yet another example where unsecured devices that businesses use on a daily basis can result into vulnerabilities in their network that many cyber criminals can use to steal data or hold them ransom.  Especially now that the Internet-of-things (IoT) ready devices are getting more and more mainstream, attackers are finding more ways to hit businesses where they are at least protected since this is more or less still in the beginning phases.   These threats can stay longer in the system due to the device’s inability to protect itself, making attacks stealthier and more destructive to the organizations network.

However, HP has released patches for the vulnerabilities (CVE-2018-5924 and CVE-2018-5925) and users are recommended to apply the firmware updates to make sure they will not be affected.

For those who are interested in a more proactive approach for these types of attacks, Trend Micro’s managed detection and response service allows customers to investigate security alerts without the need to hire qualified incident response staff. It provides alert monitoring, alert prioritization, investigation, and threat hunting services to Trend Micro customers. By applying artificial intelligence models to customer endpoint data, network data, and server information, the service can correlate and prioritize advanced threats. Trend Micro threat researchers can determine the extent and spread of the attack and work with the customer to provide a detailed remediation plan.

To learn more about “Faxploit” you may read Trend’s original article here, or you may contact us at 893-9515 and we will be happy to answer your inquiries!