Category: News and Events

Cloud Security: The Shared Responsibility Model

Arby News and Events , ,
Cloud Security: The Shared Responsibility Model

Have you ever asked yourself what the biggest threats are in the cloud?  The answer may not be what you’d expect it to be.  Rather than big named malware or cyber attacks, the biggest risk in the cloud happens due to service misconfigurations.  Despite the cloud’s clear operating model, teams continue to make simple mistakes or overlook the simple task of properly configuring the services they use in the cloud.

Security in the Cloud is a shared responsibility as both customer and provider has their respective responsibility, these are usually based on the Shared Responsibility Model.  The model defines which segments each are responsible for.  At a glance, are you doing your part?  Or did you assume it was handled by your provider?

One common misconfiguration misstep comes from pre-configured deployment services.  Most misunderstandings arise from thinking that after being given the configurations that they too will handle update patching and even maintenance of said configuration.  It falls on you the user to do these responsibilities and make sure that your system is safe!

Another common cause of misconfiguration is from human error.  As per our nature, we are bound to make errors along the way when working even if we take as much precaution as we can.  This is where automation can help make sure that these errors don’t occur.  Let’s say the operating system your team uses for your systems has a new patch that needs to be deployed. Instead of someone patching each of the production virtual machines, that team member should patch the original template of the virtual machines and a build system should redeploy production.

For safety measures as well, it is always in best practice to verify that your providers are doing their part in keeping you secure.  This is not to say that your provider is not doing their job, usually the 3 big cloud providers have an overwhelming amount audit evidence you can browse, its always just better to keep the habit of counter checking when security is involved.

Interested in learning more about our Cloud Security Solutions?  Contact us at 8893-9515 and we would be happy to answer your inquiries!

Five Data Protection Requirements in Healthcare that Unitrends can Help you Solve

Arby News and Events , , , , ,
Five Data Protection Requirements in Healthcare that Unitrends can Help you Solve

When it comes to business continuity, the healthcare industry faces many unique requirements and challenges.  With the need of 24 hours, 7 days a week and 365 days availability, and the need to safeguard the content of their electronic health records (EHRs), it can be a hard task to fulfill while still keeping within a reasonable budget.

This is where Unitrends can help.  Below are a few unique requirements that the healthcare industry faces and how the Unitrends solution meets to solve them.

  1. Uptime Requirements

When it comes to recovery time objectives (RTO), most industries have them in hours as they have more time to work with.  This doesn’t follow for the healthcare industry as they need their RTOs in a matter of seconds or minutes.

Unitrends Instant Recovery can failover applications in literally seconds. Unitrends Recovery Assurance delivers automated recovery testing, site and application failover, ransomware detection, and disaster recovery compliance, both locally and in the Unitrends Cloud.

  1. Highly Targeted by Ransomware

Due to the nature of healthcare, data of patients are critical for the business to function.  Ransomware criminals are aware of this and that is why the industry is a prime target.

Unitrends products can do security scans against your production applications – but using your backup data instead. It can spin up your applications in a specific order, isolate them from production, execute security tests, and automate reports and alerts immediately upon detection of ransomware

  1. Highly Regulated

For companies that need to work with the Protected Health Information (PHI) must ensure that all the required physical, network, and process security measures are in place, well documented and strictly followed.  This is required by HIPAA.

Unitrends offers a portfolio of 15 all-in-one enterprise physical appliances that are pre-loaded and pre-tuned with powerful software that not only covers on-premises backup but also long-term retention and disaster recovery in the HIPAA compliant Unitrends Cloud.

  1. Must Control Highly Proprietary Data

Healthcare IT must know where their physical data is located at all times of the lifecycle as well as control who can access it.

Unitrends Recovery Series and Unitrends Backup software can replicate data locally, to a remote site or to the HIPAA-compliant Unitrends Cloud. From any of those locations data can be stored for long term retention and / or used for disaster recovery purposes.

  1. Support Large Numbers of Non-computer Savvy Users

Usually, the general staff of healthcare are considered to be beginners or illiterate when it comes to new IT related technologies that have come out in the recent years.  This makes them very prone to mistakes which in turn can keep their IT counterparts quite busy.

With a common and intuitive user interface across all products, even untrained IT staff can easily find individual files in backups. A few clicks and the entire recovery process, from login to file restoration usually takes less than 5 minutes.

To learn more about Unitrends, you may contact us at 8893-9515 and we would be happy to help you!

Cisco Meraki: Your First Year is on Us

Arby News and Events , , ,
Cisco Meraki: Your First Year is on Us

Are you thinking of switching or experiencing the simplicity of the Meraki Dashboard? Or are you a current Meraki user looking to expand your Meraki lineup?  You’re in luck! For a limited time only, Meraki will be running a “First Year on Us” promo.

For a limited time only, any customer that purchases a new Cisco Meraki cloud management license for 3 years or more will get an additional year added at no extra cost! The extra 365 days are added automatically in the dashboard. No further steps required.

First Year On Us is available globally. License renewals do not qualify for this promotion.

Why Cloud Networking and the Meraki Dashboard

Meraki is a powerful tool that businesses can use to manage their network infrastructure efficiently and effectively. It provides a user-friendly interface that enables IT administrators to monitor and control their network from anywhere, at any time.

One of the main benefits of using Meraki is its ease of use. The dashboard is designed to be intuitive and straightforward, with a simple drag-and-drop interface that makes it easy to configure and manage network devices. This means that even non-technical staff can quickly learn how to use it.

Another advantage of using Meraki is its scalability. It is designed to work with networks of all sizes, from small businesses to large enterprises. As your business grows, you can easily add new devices and expand your network without having to worry about compatibility issues or other technical challenges.

Meraki also provides comprehensive network visibility and analytics. It allows you to monitor your network in real-time, so you can quickly identify and troubleshoot any issues that arise. Additionally, it provides detailed analytics and reports that can help you make informed decisions about your network infrastructure.

For more information about this promo, you may reply to this email or directly call us at 893-9515 and we would be happy to help!

*Terms and conditions will apply.

CT Link Advisory: Contact Number Changes

Arby News and Events , , ,
CT Link Advisory: Contact Number Changes

Earlier in the year, the National Telecommunications Commission (NTC) released the Memorandum Order 10-10 2017 which states that numbers covered in the area 2 code like Metro Manila and some parts of Bulacan, Cavite, and Laguna will have their numbers expanded 8-digits from the current 7-digits.  So, in compliance, we will be expanding our corporate and fax numbers.  Don’t worry! We are still using the same number as before, it will just have the addition of the extra digit that is required of us from our phone provider. Below are our new numbers in which you can reach us:

Landline: 8893-9515

Fax: 8893 5856

These changes will be effective on October 6, 2019.  So, for your further inquiries with us please contact us with our new Landline number!

Who We Are

CT Link Systems, Inc. is a leading IT Solutions Provider based in the Philippines. With over 25 years of experience in the industry, we have been continuously evolving our solutions to match the developing IT landscape. Our goal is to become our client’s “Link to Cloud Technology” by providing them with cutting-edge technology and the most cost-effective solutions available.

We understand that the world of technology is constantly changing, and we are committed to keeping up with the latest trends and adapting to them. We started with computer telephony and have expanded our offerings to include multilevel security, workspace, and hybrid cloud solutions. Our aim is to help your company implement these solutions and gain a competitive edge over your rivals.

CT Link was established in 1998 with the mission to provide companies with a technology partner that they can rely on. Our approach is to form continuous partnerships with leading international vendors in different solution areas. By doing so, we can provide our clients with access to the latest and most innovative technologies available in the market.

We take pride in our team of highly skilled and competent engineers. Our engineers are not only well-versed in the latest technologies but also invested in continuous product training and certification to fulfill our clients’ requirements. They will guide you through every step of the process, from planning to implementation and support, to ensure a smooth transition to the new technology.

At CT Link, we believe in forming long-lasting partnerships with our clients. We take the time to understand your business’s unique needs and work together to find solutions that are tailored to your specific requirements. Our expertise covers a wide range of industries, including healthcare, education, and retail.

Ransomware Attack Hits Hundreds of Dental Clinics all over the US

Arby News and Events
Ransomware Attack Hits Hundreds of Dental Clinics all over the US

Towards the end of August, another big ransomware attack hit the dental industry in the US.  Hundreds of dental offices were compromised suddenly causing many dentists to be unable to access their patients records.  This attack was orchestrated by a ransomware gang which compromised a software provider and using their product to spread the said Ransomware.

 For this case, the compromised providers were The Digital Dental Record and PerCSoft, who collaborated on the product DDS Safe, a medical records retention and backup solution specifically marketed to dental offices in the US.

According to ZDNet (you may view the original article here), a hacker group was able to compromise DDS Safe which they used to deploy REvil (Sodinokbi) ransomware.  This was then only discovered the Monday after when the dentists came back to work and found that all their patient records were encrypted and beyond their reach.

Two offices opted to pay the ransom as they were in dire need of their patient records.  Others implemented the solution provided by The Digital Dental Record and PerCSoft.  However the recovery had issues as comments on their Facebook group were filled with responses of either it didn’t work or they weren’t able to recover all their data.

This isn’t the first time an incident like this has happened, there were two more cases where a managed service provider was compromised.  The first incident happened in June where a group was able to compromise unidentified MSPs, which used Webroot SecureAnywhere consoles to infect PCs with the REvil (Sodinokibi).  The second time happened just a week before the DDS Safe attack, where 22 Texas counties were infected with ransomware.

To learn more about ransomware and the measures you can take to protect your company, you can contact us at 893-9515 and we would be happy to answer your inquiries!

AIP Scanner: Automating Data Protection for your Organization

Arby News and Events , ,
AIP Scanner: Automating Data Protection for your Organization

Organizations these days have large amounts of unstructured data just being left alone in their on-premises data repositories and SharePoint libraries.  With the amount of data usually amounting to terabytes (or even Petabytes in some cases), it can seem like a daunting task which can take long hours to accomplish.  However, with the help of some tools and apps, this seemingly difficult task may not seem that daunting anymore.

This is where Azure Information Protection (AIP) Scanner comes in.  AIP Scanner can scan your on-premises data repositories against the standard Office 365 sensitive information types and custom types you build with keywords and regular expressions.   Once the data is discovered, the AIP scanner(s) can aggregate the findings and display them in Analytics reports so you can begin visualizing your data risk and see recommendations for setting up protection rules based on the content.

Benefits

Below are some key benefits that one organization who is currently using AIP Scanner have mentioned:

Enhanced functionality:  AIP scanner has the capability to not only scan sensitive data, but also to apply labels and encrypt files. PDF and RMS-encrypted files can be scanned as well, given that the operator is an accredited RMS superuser.

Simplified management processes: AIP scanner has an integrated view with centralized logging for the scanner results which make viewing and managing them easier especially when you are scanning large amount of data.

Consistent scan results across the enterprise: With AIP Scanner, you can reuse Office 365 DLP information types meaning that you don’t have to rebuild policies between your cloud scans and third-party products.

To learn more about AIP scanner, you can visit the original article here or you can contact us at 893-9515 and we would be happy to answer your inquiries!

Citrix Case Study: Saint Francis Hospital

Arby News and Events , , , ,
Citrix Case Study: Saint Francis Hospital

Saint Francis Hospital and Medical Center is an acute care hospital located in Hartford, Connecticut. Since its founding by the Sisters of Saint Joseph of Chambéry in 1897, Saint Francis has grown into New England’s largest Catholic hospital, with 617 beds and major clinical concentrations in oncology, cardiology, orthopedics, rehabilitation, and women and infant services.

The challenge: Consolidating 34 legacy applications into a single EMR Platform and addressing their Mobile device risk growth.

As an early innovator in the healthcare industry, they were already deploying computerized physician entry (CPOE) systems far back as 20 years ago.  This was at the time before patient management software were an American healthcare standard.  At present however, the IT leaders in the organization have recognized that they need to simplify and consolidate their 34 legacy applications into a single unified electronic medical record (EMR) platform if they want to continue to be ahead of the industry.  This is especially challenging when considering that a majority of the hospital’s doctor’s work in independent offices.

The Solution: Deploying a new EMR system across thousands of workstations and mobile devices

Saint Francis had already been using Citrix technology for years, specifically Citrix XenDesktop and Citrix XenApp (now VirtualDesktop and VirtualApp respectively).  These products helped Saint Francis with their on-demand application delivery for both their physical and virtual desktop infrastructure (VDI).  However, the main problem they encountered after they did a preliminary security audit was that there were security gaps due to the approach they took with mobile devices.  So to ensure that they kept their users empowered with the choice of their own device, they decided to also use XenMobile to help lessen the security threats. “When XenMobile arrived on the scene, we were able to get all the features we wanted, along with a simple licensing package from a vendor we already trusted.” Says Paul Dzierwinski, manager of systems administration at Saint Francis.

After 18 months of preparation, the hospital was successful in transferring their 1.3 million patient records in a smooth rollout.

Key Benefits

Helping ensure the timely launch of a new enterprise-wide platform

  • The team checked with all workstations to ensure that during launch period that each endpoint would run smoothly.

Facilitating the exchange of patient information and reducing medical errors

  • The streamlined EMR system helped convenience customers so that patient records could be shared securely via the system to the intended recipient, be it hospitals, doctors or healthcare entities.

Enabling anytime, anywhere access to EMR data as part of a larger BYOD initiative

  • The bring-your-own-device (BYOD) initiative has helped end users have a seamless experience while making sure that Saint Francis has a degree of control for security, being able to wipe a lost phone is one of the possibilities.

To learn more about Citrix products, you can visit our product page or you may contact us at 893-9515 and we would be happy to help you!

2018 Security Review: Looking at Old and New Threats

Arby News and Events
2018 Security Review: Looking at Old and New Threats

Cybersecurity is something all companies big and small need to pay attention to as more attacks are becoming increasingly more popular.  With company data being a corner stone of a business, it is no wonder attacks are becoming more frequent, if they can take your data then they can profit, its as simple as that.  Therefore, taking the time to review what has happened in the past is becoming more crucial in finding ways to make sure that you don’t fall victim to attacks that already have known fixes.  So, let’s look at some stats in 2018 from Trend Micro and see what the kind of attacks were done.

Messaging threats

Business emails are now a very important messaging tool within an organization or to external organizations and clients.  However, this has made it an attractive platform for cybercriminals as well.  In 2018, there was an increase of use of various messaging threats, there was an 82% increase in phising URLs compared to 2017.  There were also new modes of phising attacks done recently which made use of chats, SMS and other communication applications.

Year-on-year comparison of blocked access to phising URLs by unique client IP address statistics 2017 and 2018

Besides phising, another form of messaging attacks that was widely used in 2018 was the business email compromise (BEC).  A BEC attack usually is done by either initiating or intercepting communication and to mislead employees to release or transfer funds to their own account.  This form of attack has a low success rate, however when it does succeed, the financial loss could be massive.

Top positions of business email addresses compromised pie chart

Ransomware

Ransomware on the other hand has seen a steady decline in 2018.  From the over 600,000 ransomware cases in 2017, now down to around 50,000 in 2018.  This can be attributed to more solutions readily available in the market that are keeping the threats at bay.

statistics of ransomware-related threads and new ransomware families in 2017 and 2018

Cryptocurrency mining on the other hand has seen a new peak in 2018, with over 1.3 million detections, which is a 237 percent growth from the previous year.  There have been ample of ways that cryptocurrency-mining attacks have been perpetuated throughout the year, some examples are via penetration of ad platforms, popup ads, malicious browser extensions and many more.

cryptomining detections in 2017 and 2018

To get a more in-depth security review, you may visit the original Trend Micro Security Review here.  If you have any inquiries on how to keep your business safe, please contact us at 893-9515 and we would be happy to help!

Security Advisory: SWAPGS Attack

Arby News and Events ,
Security Advisory: SWAPGS Attack

A new Security Vulnerability was recently announced by Microsoft which can be considered a variant of the old Spectre vulnerability.  This new vulnerability is called the SWAPGS attacks.  Its name comes from the fact that the vulnerability leverages on the “SWAPGS instruction”, one of the predictive executions within the affected processors which helps improve the speed of our computers.

So which systems are affected?

The researchers from BitDefender, the ones responsible for the discovery, have stated that the vulnerability affects all Intel CPUs manufactured from 2012 to the present.  However, Red Hat has also come out with its own security advisory  stating that the vulnerability affects x86-64 systems using both Intel and AMD processors, which AMD itself disputes as its own statement on this matter states they are not affected by the vulnerability.  The advisory also stated that from the industry feedback, they are not aware of a way to exploit this vulnerability of Linux kernel-based systems.

Is this attack easily executed?  Am I the target for these attacks?

With the details of these attacks fully disclosed, the chances of becoming a victim of these attacks are a lot higher.  However, as these kinds of attacks are very time consuming, cyber criminals would be more likely to attack more lucrative targets such as organizations or their key personal rather than target smaller individuals.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.

What can I do to prevent this?

Firstly, this vulnerability was already included in the July 9 security update of Microsoft, so if you’ve already up to date with the security patches you don’t have to do anything.

As for existing Trend Micro users, given that this is a local type of vulnerability, Trend Micro IPS rule cannot be created for this. Vulnerability exploitable with only local access requires the attacker to either have physical access or be logged on to the vulnerable system. DPI can only detect attacks over the network.

As stated above, it would be best to immediately update your OS Security Patches, you may find a list below:

For more inquiries regarding this vulnerability, please do contact us at 893-9515 and we will be happy to answer them!

Beyond Office: Maximizing and Securing your investments with Office 365

Arby News and Events ,
Beyond Office: Maximizing and Securing your investments with Office 365

Are you Maximizing your Office 365 Investment? How about Securing Your Corporate Data?

So your business has invested (or is looking to invest) in Office 365, you’ve made sure that every user has a subscription and everyone is fairly happy using all the familiar office apps like Word, Excel and PowerPoint.  This however is only scratching the surface of your investment in Office 365, there is much more to office 365 then the office suite. 

Microsoft Office 365 is a cloud-based subscription service that provides users with access to a suite of Microsoft Office applications, including Word, Excel, PowerPoint, and Outlook, as well as other productivity tools and services such as OneDrive, SharePoint, and Teams.

One of the main benefits of Office 365 for businesses is that it enables remote collaboration and productivity. With the cloud-based platform, employees can work on documents simultaneously from different locations and devices, which improves productivity and teamwork. Additionally, the service allows for easy sharing of files and documents, as well as real-time editing and commenting, which can save time and reduce errors.


Another advantage of Office 365 is that it provides businesses with a flexible and scalable solution. Companies can choose the subscription plan that best fits their needs, and easily add or remove users as their workforce changes. This means that businesses can avoid investing in expensive software licenses and hardware upgrades, and can instead rely on a cost-effective, pay-as-you-go model.


Office 365 also offers enhanced security and compliance features, including data encryption, multi-factor authentication, and compliance with industry regulations such as HIPAA and GDPR. This can provide peace of mind for businesses that handle sensitive data or operate in heavily-regulated industries.
Finally, Office 365 is designed to integrate with other Microsoft tools and services, such as Dynamics 365 and Power Platform, which can further enhance productivity and business processes.

Learn first-hand from our experts from Microsoft on how you can maximize your investment into office 365 as we take a look at some lesser used applications from the suite.  We’ll also be briefly be discussing one of the new security aspects in Office 365, Azure Information Protection (AIP), which will help you complete your DLP requirements in this age of digital transformation.

Get in touch with us at 893-9515 to learn how you and your company can register for this upcoming workshop!