Cisco Umbrella: Camuto Group Case Study

Cisco Umbrella: Camuto Group Case Study

The Challenge

A US footwear and lifestyle brand company, the Camuto Group, has been thriving in their industry due to the unique designs that sets them apart from the competition.  However, the company’s creativity is also one of its IT’s main pain points when it comes to security.  With almost 100 employees working remotely and another 250 roaming laptop users, it makes it difficult for IT to allow the flexibility to access the wide range of edgy sites which many web filtering solutions block incorrectly.

Tom Olejniczak, Camuto Group’s network engineering manager says that they found the traditional approach to securing the web experience (Proxy servers) caused too many problems that needed manual resolution.  Meaning whenever someone could not access a site, someone from IT had to go to that user to help resolve the issue, which was not feasible for them given the multiple remote and roaming users.

They needed to find a network security solution that protected on and off-network devices which didn’t add to their latency that could help them as malware and social media started to cut into the productivity of the users.

The Solution

Tom says that the company has been following Umbrella as their first line of defense since it was still OpenDNS.  However, to test if there were better alternatives, they decided to try two similar products to Umbrella.  The result of the test was that Umbrella outperformed both products whether it was by malware protection and overall user experience.

This was achieved by deploying Umbrella’s virtual appliances.  This gave them the visibility to see if internal networks or Active Directory users were infected or targeted by attacks without the need to touch devices or reauthenticate users.  Users working out of the corporate network are protected via Umbrella’s roaming client which was simple to put in place as adding someone to a group in Microsoft Active Directory.

The Camuto Group saw immediate impact on the security, almost four hundred detections of malware were redirected on a daily basis.  The solution itself also was great for user experience as it is unobtrusive and even helped improve the speed of the internet slightly, about five to ten percent.

The ability to white and black list sites was one of the main concerns of the company that Umbrella helped solve quite easily.  Tom says that they are able to choose safe and HR-acceptable categories for content filtering fast, it would usually take them about 3 minutes make a change.

To learn more about the Cisco, you may check out our product page here or you can contact us directly at 893-9515 for more details!

University of Kansas Hospital: A Cisco Umbrella Case Study

University of Kansas Hospital: A Cisco Umbrella Case Study

The challenge: gaining transparency to secure sensitive data

Ranked among the nation’s best hospitals every year since 2007 by U.S. News & World Report, The University of Kansas Hospital is the region’s premier academic medical center. Physicians teach as faculty members at the KU School of Medicine and are at the forefront of medical discoveries taking place at the KU Medical Center, a research leader in cancer treatment and prevention, neurology and liver and kidney transplantation.

Like every hospital, University of Kansas Hospital prioritizes its IT security as to avoid threats such as malware from affecting or theft of its patient’s sensitive data.  This means that they have to safeguard every medical device that is connected to their network, any compromise to this could cause a life-or-death situation.  Besides this, as an academic hospital as well, they also deal with a lot of sensitive research data and intellectual property.

When the time ransomware was beginning to impact hospitals around the world, University of Kansas Hospital started to look for security solutions that would help deliver their commitment for the best possible healthcare experience.  This led them to realize that visibility was a major challenge and attacks were starting from DNS.

The solution: security that starts at the DNS layer

To start improving the existing security design, University of Kansas Hospital started to initially implement different solutions to help produce very basic information about the infected machines, however they lacked full visibility into the source of the infection.  Meaning that they could see the malicious sites being accessed but only trace the infection only till the proxy server, IP address, or their DNS server.

 “First we just pointed our external DNS requests to Cisco Umbrella’s global network, which netted enough information to prompt an instant ‘Wow, we have to have this!’ response,” Duong says. “When our Umbrella trial began, we saw an immediate return, which I was able to document using Umbrella reporting and share with executive stakeholders. Those numbers, which ultimately led to executive buy-in, spoke volumes about the instant effect Umbrella had on our network.”

After they did an initial test of pointing their external DNS requests through the Cisco Umbrella global network, it provided enough information for them to immediately start a trial with Umbrella.  After beginning their trial, they were able to see immediate returns, which were then documented through Umbrella’s reporting and shared to their executive stakeholders.  This eventually led to an executive buy-in for Umbrella.

The result: Bolstered security and unprecedented insight

For University of Kansas Hospital, Deploying Umbrella was fast while also giving them an immediate time-to-value experience.  In just one hour of Umbrella going live, they saw a huge increase in visibility, protection, and blocked malicious traffic.  From their usual 100,000 hits against the network (20 to 30 percent of which were ransomware), they were able drop the number down to nearly zero with Umbrella.

Once they enabled AD integration as well to their Umbrella (which took only an hour), they were able to move from struggling to find attacks to being able to correlate users with events and trace every clock of their online journey.  This also gave them ways on how to investigate and understand each threat that was hitting their network to help better understand user behavior to help better mitigate them as efficiently as they can.

Cisco Umbrella has dramatically improved the incident response of University of Kansas hospital for the better, one incident before Umbrella would have taken 2 days now has been lessened by at least 75% or even can be done in 30 minutes.



To learn more about Cisco products, you can visit our Cisco Product Page here or you may call us at 893-9515 and we would be happy to answer your inquiries!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

As part of CT Link Systems efforts to give back to the community, we have teamed up with Kaisa Heritage foundation, a non-profit organization advocating Filipino-Chinese cultural and community development, to set up a Corporate Social Responsibility (CSR) program in which computer equipment was donated and sessions are being conducted to help the literacy of computer applications of the attendees.

There were many directions in which the program was headed during inception, however we decided that the best way to give back to the community was through sharing our knowledge that we have gained throughout the years.  The “Train the Trainer” program to expand the trainee’s computer competency, focused mainly on Microsoft Office 365 applications.  Our aim for the training sessions is to help improve the productivity of teachers who more often then not, use the Office 365 in their day to day life.  Another objective of ours was to introduce to them useful collaboration features in Office 365 that they may not be aware of due to the monotonous use of the traditional Microsoft Office suite.

Through the help of Kaisa Foundation, we were able to also partner with different educational organizations such as The Teachers Gallery, a non-profit organization that aims to offer learning opportunities related to inclusive education to both teachers and the broader education community, and AiHu Foundation, a non-profit organization promoting computer education for out-of-school youths.  These organizations provided the program with all of our participating teachers while our employee volunteers acted as the teachers and facilitators for the program.  Sharing the knowledge and skills through this training program has never been more rewarding for our employee volunteers knowing that what they shared will stream down to the teachers’ students.

As part of the CSR program, Kaisa has received 8 units of HP 280MT Desktops with Microsoft Windows 10 OS and HP N223v monitors.  Besides the computer equipment, other necessities were donated to the Angelo King Heritage Center to ensure that the CSR program would be able to be help in Kaisa such as Microsoft Office 365 (Business premium) subscriptions, Cisco Meraki MX64 firewall, Datto AP60 access point devices, 3COM PoE switch, and an internet subscription from Converge.  This was all made possible by the generous help from our vendor partners from HP Inc., Cisco and Microsoft who have helped us through the program.

 

 

Cisco Announces new small Business WiFi Solution, Meraki Go

Cisco Announces new small Business WiFi Solution, Meraki Go

Cisco has recently announced that they would be releasing a new solution for the small business and single-site location market, Meraki Go. The Meraki Go is a set of Wifi Access points tailor-made for small and home business, with features to get a business going while all being managed through a simple to use app.

This makes it a great tool to help small business owners manage their WiFi needs through a simple guided on-boarding process in which users can configure multiple WiFi networks in minutes.  This allows the businesses more control on their network as they will be able to separate their guest and corporate traffic for added security.  Meraki Go can also set limitations on certain applications and even block clients from accessing certain websites to keep your network safe.  This also ensures that bandwidth usage is prioritized to critical business applications rather than it being used up by video streaming and other bandwidth heavy applications.

Below is an introduction video for Meraki Go:

Currently Meraki Go is not available yet in the Asian market, it is currently available for purchase online on the western markets.  We will be posting an update as soon as we hear any new updates.  To learn more about Meraki go, you may visit their main site here or you may contact us at 893 9515 for more details!

New Vulnerability aLTEr Discovered by Researchers

New Vulnerability aLTEr Discovered by Researchers

Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have recently discovered three types of attacks/vulnerabilities for devices using Long-Term Evolution (LTE) network protocol that cyber criminals can use to steal your data.  The researched team has dubbed the attacks as “aLTEr”.  With LTE (a form of 4G) as a standard in the mobile communications industry, many of their users can be affected by these new attacks.  However, according to the researchers, the efforts in which to do these attacks are so high that they will most likely only target those of special interest like politicians or high-level management of corporations.

aLTEr attacks can either be passive or active in nature.  The passive attacks are considered so as they do not directly interfere with network connections, what they cyber criminals do are to release a type of tool in which they use to eavesdrop on the activities of the user.    This means that they can monitor your internet activities and collect information on the user’s habits on the internet and use it to their advantage.

An active attack on the other hand, makes use of the middle-man method.  Through the vulnerability found within the data layers, attackers are able to intercept your traffic with the network.  They are able to fool the network into thinking that they are the user and vice versa so that they may redirect you to a malicious website rather than the intended destination so that they may try to steal your data or infect your device without you nor the network knowing.

Although stated that this is not vulnerabilities which will affect the majority of LTE users, there are still those at risk.  The researchers have recommended the following steps you can take to avoid prevent these attacks:

  • Update the specification. A specification updates means that the implementation of all devices must be changed, which leads to a high financial and organizational effort. This is likely not feasible in practice.
  • Correct HTTPS configuration. Using correct parameters for HTTPS (especially HTTP Strict Transport Security (HSTS)) helps to prevent the redirection to a malicious website. It can act as an additional layer of protection.
  • Virtual Private Network (VPN). Using VPN tunnel with integrity protection and end point authentication helps to prevent the attack. The VPN tunnel acts similar to HTTPS as additional security layer.

For those interested in an extra layer of defense against attacks like aLTEr, Cisco Umbrella and Cisco AMP for endpoints are the solutions you are looking for.  Cisco Umbrella acts as your first layer of defense as it protects your endpoints from downloading malicious requests such as phishing attempts or infected websites trying to download in the background.  For threats that can’t be blocked by umbrella, such files downloaded by the user outside of the Umbrella network, there is Cisco AMP for endpoints.  Cisco AMP for endpoints can block malware using global data analytics, perform exploit prevention, uses machine learning, perform rootkit scanning, and has a built-in antivirus engine.

To learn more about aLTEr attacks you may read up on the official website here.  To learn more about Cisco Umbrella and Cisco AMP for Endpoints, you may call us at 893-9515 for more information!

Ransomware Lunch & Learn With Cisco!

Ransomware Lunch & Learn With Cisco!

Ransomware is becoming more prevalent now as more companies are starting to have their networks infected with these disruptive malware.  With this in mind, Cisco has been improving their security portfolio to keep your IT infrastructure same from these malicious malware attacks.  Learn more about it from our Cisco experts on July 17, 2018 at Discovery Primea at our Ransomware Lunch & Learn event!  Get a chance to win a Smart TV and other goodies as well as you learn more about how you can stay safe from ransomware attacks.  To learn more about the event or how to register for it, please contact us at 893-9515!

Meraki Wireless Health is Now in Beta!

Meraki Wireless Health is Now in Beta!

Last January Cisco announced that they would be adding an exciting new feature for Meraki, the Meraki Wireless Health.  In essence, Wireless Health is a powerful heuristics engine which can promptly find errors which are affecting the end users experience across multiple stages of their connectivity, which includes association, authentication, IP addressing and DNS availability, then does a quick cause of analysis and response.

This helps IT administrators to quickly find out whether there are users who are able or unable to successfully access the wireless network and easily identify the problematic access points, clients, and failing connection stages that are the source of bad end user experience.  Being able to see all access points (AP) in a given network is a critical factor in having a successful end user experience by identifying and repairing problems to avoid lengthy and inopportune downtime and latency.

With this in mind, Cisco as recently announced that Meraki Wireless Health has become available to all existing MR customers at no additional cost or charge as a generally available beta feature.  To access it, you just need to navigate to Wireless > Wireless health in the Meraki dashboard.

To learn more about Meraki, you can visit our Product page here or directly contact us at 893-9515 and we will be happy to help you!

Wireless Big Data: A Tech Update with Cisco and Pure Storage

Wireless Big Data: A Tech Update with Cisco and Pure Storage

Wireless big data has the ability to provide in-depth information and analytics which allows operators to facilitate data-driven approaches for network optimization and operation. CT Link Systems, Inc. in partnership with MSI-ECS Philippines will be hosting a tech update on Cisco (specifically on Cisco Meraki) and Pure Storage this coming June 14, 2018 at M Cafe.  We hope to help further educate our attendees on how today’s businesses can benefit on the new innovations from both brands when partnered up with our CT Link business solutions.

To learn more about these solutions, you can email rcruz@ctlink.com.ph or contact us directly at 893-9515 to find out how you can register for this event!

Increase your Network Visibility to better use your business bandwidth with Cisco Meraki!

Increase your Network Visibility to better use your business bandwidth with Cisco Meraki!

Does your business have enough bandwidth?

Many businesses today are looking for ways to upgrade their current bandwidth because of user feedback, they complain mostly about slow browsing speeds.  Little do they know that there is a certain user in the office that is “torrenting” on the network, which results to bandwidth hogging and can even put the business at risk.

However, administrators can now feel reassured with Cisco Meraki’s Layer 7 application fingerprinting which gives them a better view of their network. Network administrators/managers can rely on this level of visibility every day to see beyond the size and rate of data transfers on their networks and gain insight into the actual behavior of their users. It’s useful to see patterns in large spikes of traffic on the network, but it’s even better to know whether those spikes are coming from online backup or from BitTorrent.

What’s better than traffic Visibility?  Traffic shaping!

So now the administrators have identified which applications (and most importantly, which users) are using more bandwidth than necessary, what can you do about it?

You can now create application-specific shaping policies for total control over your wired and wireless network. With the built-in Traffic Shaper in Cisco Meraki, shaping policies can be created that apply per user bandwidth limits for specific applications such as video streaming sites, as well as apply QoS (Quality of Service) priority levels at both Layer 2 and 3 to make sure your critical traffic gets prioritized across the network.

The Cisco Meraki portfolio includes wireless access points, switches, security appliances, and mobile device management solutions. What sets Cisco Meraki apart is that all of these are centrally managed from the cloud. This makes them significantly easier to deploy and manage than traditional networks.

Contact us at 893-9515 to try Cisco Meraki for yourself and discover the power of cloud networking today!  

Security Advisory: Meltdown & Spectre Vulnerabilities

Security Advisory: Meltdown & Spectre Vulnerabilities

Over the past few days, you may have heard of the new vulnerabilities that has been uncovered, Meltdown and Spectre.  These vulnerabilities affect all modern processors, meaning your business machines and even personal gadgets that use processors are affected which puts you in risk of potential attacks.  Below is a brief explanation of what exactly Meltdown and Spectre are:

Meltdown

Meltdown is a hardware vulnerability in processors (Intel x86 microprocessors and some ARM based microprocessors) which allows attackers to use programs to access your computer’s memory.  With this access, they are able to gain sensitive data from your other applications within your system.

Spectre

Spectre is a hardware vulnerability in modern processors, which attackers can use to trick error-free programs, which follow best practices, into leaking their secrets.  Safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

However, since the vulnerability has been announced it means that so have the solutions.  Below are the steps in which you need to take fix these vulnerabilities:

1. Update your Processor Firmware

Processor manufacturers have already released firmware updates to fix these vulnerabilities, however they said that they would only be releasing updates for processors within the last 5 years.  Below are the current firmware updates you will need per vendor (note that we will be placing more updates as they come):

HPE

For ProLiant Gen10 products (except for the ProLiant DL385 Gen10), update to System ROM Version 1.28.

For the ProLiant DL385 Gen10 server, update to System ROM Version 1.04.

For ProLiant Gen9 series servers, update to System ROM Version 2.54 (except for the ProLiant DL20 Gen9 or ML30 Gen9)

For the ProLiant DL20 Gen9 or ProLiant ML30 Gen9 server, update to System ROM Version 2.52.

For ProLiant Gen8 series servers, update to a System ROM version dated 12/12/2017.

For the ProLiant m710x server cartridge, update to System ROM Version 1.60

For the ProLiant m710p server cartridges update to the System ROM version dated 12/12/2017.

Click here and place your HPE product to find the firmware patch you need.

Cisco

Below is a table of known Cisco products affected by the vulnerabilities, to download the update, you will need to click on the Cisco Bug ID and log in to your Cisco account to access it.  We will be updating this table when updates are available.

Product Cisco Bug ID Fixed Release Availability
Routing and Switching – Enterprise and Service Provider
Cisco ASR 9000 XR 64-bit Series Routers CSCvh32429
Cisco 800 Industrial Integrated Services Routers CSCvh31418
Cisco NCS 1000 Series Routers CSCvh32429
Cisco NCS 5000 Series Routers CSCvh32429
Cisco NCS 5500 Series Routers CSCvh32429
Cisco XRv 9000 Series Routers CSCvh32429
Unified Computing
Cisco UCS B-Series M2 Blade Servers CSCvh31576 Fix pending
Cisco UCS B-Series M3 Blade Servers CSCvg97965 (18-Feb-2018)
Cisco UCS B-Series M4 Blade Servers (except B260 and B460) CSCvg97979 (18-Feb-2018)
Cisco UCS B-Series M5 Blade Servers CSCvh31577 (18-Feb-2018)
Cisco UCS B260 M4 Blade Server CSCvg98015 (18-Feb-2018)
Cisco UCS B460 M4 Blade Server CSCvg98015 (18-Feb-2018)
Cisco UCS C-Series M2 Rack Servers CSCvh31576 Fix pending
Cisco UCS C-Series M3 Rack Servers CSCvg97965 (18-Feb-2018)
Cisco UCS C-Series M4 Rack Servers (except C460) CSCvg97979 (18-Feb-2018)
Cisco UCS C-Series M5 Rack Servers CSCvh31577 (18-Feb-2018)
Cisco UCS C460 M4 Rack Server CSCvg98015 (18-Feb-2018)

Dell

BIOS updates for PowerEdge Server Products

Generation Models BIOS version
14G R740, R740XD, R640 1.2.71
R540, R440, T440 1.2.71
T640 1.2.71
C6420 1.2.71
FC640, M640, M640P 1.2.71
C4140 1.0.2
R940 1.2.81
T30 1.0.12
Generation Models BIOS version
13G R830 1.7.0
T130, R230, T330, R330 2.4.1
R930 2.5.0
R730, R730XD, R630 2.7.0
C4130 2.7.0
M630, M630P, FC630 2.7.0
FC430 2.7.0
M830, M830P, FC830 2.7.0
T630 2.7.0
R530, R430, T430 2.7.0
C6320 2.7.0

BIOS update for Dell Datacenter Scalable Solutions (DSS)

Models BIOS Version
DSS9600, DSS9620, DSS9630 1.2.71
DSS1500, DSS1510, DSS2500 2.7.0
DSS7500 2.7.0

2. Checking if your registry is compatible with your OS updates (Windows)

There are some third party anti-virus software that are currently incompatible with the latest patch updates from Windows.  If you are unable to update your OS due to this reason, it is recommended that you modify your registry to fix this.  However we highly recommend that you also backup your registry before you manually edit it as using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system.  Below is the registry key to be set:

Key=”HKEY_LOCAL_MACHINE”

Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc”

Type=”REG_DWORD”

Data=”0x00000000”

For Trend Micro users, there has been a patch release for their products in which enables the ALLOW REGKEY (the above code) automatically.  This however is not the fix to the vulnerabilities and you have to update your OS as this patch will not update your OS but allow you to update.

Additionally, note that per Microsoft, even clients that do not have active anti-malware or security software installed may still be required to apply the specific registry key before the security patches can be obtained from Windows Update.

Product Updated version Notes Platform
OfficeScan XG (all versions including SP1) – CP 1825-4430 Readme Windows
11.0 SP1 – CP 6496 Readme Windows
Deep Security Deep Security Agent 10.0.0-2649 for Windows (U6) Readme Windows
Deep Security Agent 9.6.2-8288 for Windows Readme Windows
Worry-Free Business Security 9.5 CP 1447 Readme Windows

 


3. Updating your OS (Operating System)

Below are the updates that are currently out for Windows OS for both Servers and Desktop (this will be updated as more updates are released):

Product

Article

Download

Windows Server, version 1709 (Server Core Installation) 4056892 Security Update
Windows Server 2016 (Server Core installation) 4056890 Security Update
Windows Server 2016 4056890 Security Update
Windows Server 2012 R2 (Server Core installation) 4056898 Security Only
Windows Server 2012 R2 4056898 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 Monthly Rollup
4056897 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 Monthly Rollup
4056897 Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 Monthly Rollup
4056897 Security Only
Windows 8.1 for x64-based systems 4056898 Security Only
Windows 8.1 for 32-bit systems 4056898 Security Only
Windows 7 for x64-based Systems Service Pack 1 4056894 Monthly Rollup
4056897 Security Only
Windows 7 for 32-bit Systems Service Pack 1 4056894 Monthly Rollup
4056897 Security Only
Windows 10 Version 1709 for 64-based Systems 4056892 Security Update
Windows 10 Version 1709 for 32-bit Systems 4056892 Security Update
Windows 10 Version 1703 for x64-based Systems 4056891 Security Update
Windows 10 Version 1703 for 32-bit Systems 4056891 Security Update
Windows 10 Version 1607 for x64-based Systems 4056890 Security Update
Windows 10 Version 1607 for 32-bit Systems 4056890 Security Update
Windows 10 Version 1511 for x64-based Systems 4056888 Security Update
Windows 10 Version 1511 for 32-bit Systems 4056888 Security Update
Windows 10 for x64-based Systems 4056893 Security Update
Windows 10 for 32-bit Systems 4056893 Security Update
Microsoft SQL Server 2017 for x64-based Systems (CU) 4058562 Security Update
Microsoft SQL Server 2017 for x64-based Systems 4057122 Security Update
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) 4058561 Security Update
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 4057118 Security Update

4. Updating your browsers

The last step would be to make sure that your internet browser is patched to the latest version.  Below are a few of the most used browsers and the versions they need to be updated to:

Mozilla – Firefox 57.0.4

Internet Explorer/Microsoft Edge – Included in the latest security update of Windows KB4056890 (OS Build 14393.2007)


Again more updates will be posted as soon as the fixes are released by the respective vendors.  If you need more details or help in implementing the said solutions from vendors, please do contact us at 893-9515 and we will do our utmost to help!