Adam Rosenman Adam Rosenman

ROSENMAN IT SOLUTIONS LLC JOINS TBI PARTNER PROGRAM

Rosenman IT Solutions LLC has announced a new partnership with TBI, one of the nation’s largest distributors of technology services. With this partnership, Rosenman IT Solutions LLC gains access to TBI’s portfolio of more than 90 highly vetted, top technology service providers, and can now offer customers a comprehensive suite of technology solutions including cloud, voice, data, network, managed services, and security.

Since 1991, TBI has earned a reputation as the premier distributor of technology services and one of the most respected companies in the industry. TBI maintains a broad portfolio of carriers and technology services, accompanied by the industry’s largest operational support team. TBI’s back-office ensures a seamless transition to new technology services, handling everything from quote to installation and project management, enabling Rosenman IT Solutions LLC to conduct more strategic sales engagements with their customers.

“This partnership is a natural fit for us,” said Adam Rosenman CEO at Rosenman IT Solutions LLC. “I see it as the best way for me to bring my own business to the next level. With TBI, I can offer my customers the technology services that they have always needed but would have previously gone elsewhere to buy.” TBI works to train us and bring the right executives to the table to execute contracts that make the most sense for my customers.
— Adam Rosenman, CEO at Rosenman IT Solutions

TBI works with its national network of more than 3,000 partners, selling strategic business solutions to end-users within small, mid-market, and enterprise businesses. TBI’s strong relationships with top industry carriers allow for the most competitive pricing and trouble-free provisioning of solutions across verticals: retail/eCommerce, industrial, entertainment, insurance and finance, healthcare, government, and educational sectors. TBI’s portfolio extends to its selling partners affording the ability to sell strategic, end-to-end solutions, ensuring customer success.

ABOUT TBI

TBI is the nation’s leading third-party technology distributor. Since 1991, it has assisted Systems Integrators, VARs, MSPs, IT consultants, and more in advising and sourcing the right technology solutions. TBI serves as a partner’s advocate, ensuring the proper provisioning of cloud, Internet, data, mobility, voice, and managed services from best-in-class service providers to achieve clients’ desired business outcomes. Through training and marketing programs focused on the benefits of technology to the business, TBI empowers its partners to be the foremost authority to advise and source all their clients’ technology needs. With the largest back-office in the industry, TBI partners are fully supported by certified solutions engineers, pre-and post-sales operations, and project managers.

ABOUT ROSENMAN IT SOLUTIONS LLC

Rosenman IT Solutions LLC provides technical support for all your IT needs and is based in the USA. We are a managed services provider and IT consulting firm based in Troy, Michigan. Combined with our expertise, creativity, and versatility for your business’s success, our solutions are here to help your business through any IT service or challenge you may have nationwide with 24/7 support!

Read More
Adam Rosenman Adam Rosenman

OKTA DATA BREACH

Data breaches can happen anywhere, at any time to anyone. It is so scary to be in the situation that Okta is in. These breaches can cause a lot of damage. For an individual, they can release things like social security numbers or banking information. For a business, they ruin their reputations and financials, which then affects the business because customers remember them for these breaches and may not trust them. Lastly, a data breach can affect a government or organization. They will then release or have information on very confidential information on military or foreign parties. Okta is a business that has many customers who trust them, they want to make sure to always try to make sure everyone’s information.

Okta, Inc is a tech company that provides secure user authentication for login access and gives developers tools to create identity controls for access to apps and websites. Early on March 22, Single-Sign-On provider Okta confirmed they are investigating a potential breach by Lapsus$, a hacking group. Knowledge of the possible breach came out after the group appeared to post screenshots on the internet, detailing their access to Okta’s environment and stating the Okta clients were the end target. Because Okta works with over 15,000 global companies, this data breach had the potential to be catastrophic. Fortunately, Okta reports that the hackers only had access to their system for 5 days.

WHO, WHAT, WHEN, WHERE, AND HOW DID THE OKTA BREACH HAPPEN?

WHAT IS A DATA BREACH, AND HOW DO THEY HAPPEN?

A data breach exposes sensitive or confidential information to unauthorized parties. In most cases of a large data breach, there is typically a weakness in the company or organization’s technology or user behavior. They can happen accidentally, such as when Microsoft made updates with misconfigured code to their security database in 2019, which accidentally leaked millions of customer IP and email addresses.

When a data breach is intentionally carried out, it is typically done for the purpose of gaining access to sensitive company or customer information, which can then be ransomed or exploited for financial gain. The Okta breach was an intentional cyber-attack launched by South American hacker group Lapsus$.

HOW DID THE OKTA BREACH HAPPEN?

In January 2022, Okta discovered screenshots of sensitive, internal company information posted on the popular site Telegram. Their investigators quickly determined that the hacker group Lapsus$ had gained access to a single computer used by a third-party support engineer that Okta employed. This single point of access demonstrates how cyber-attacks can carefully extort the smallest weakness if a company is not vigilant about its cyber security measures. Lapsus$, who is notoriously unshy about their exploits, posted screenshots of internal Slack app communications as well as workflow tickets to their Telegram account, which then alerted Okta to the breach.

OKTA DATA BREACH DETAILS PAINT A
FAMILIAR PICTURE OF CYBER ATTACKS

In 2021, there were 623 million ransomware attacks globally 2021, an increase of 105% from the previous year. Lapsus$ has also reportedly breached Samsung, Nvidia, Microsoft, and even Brazil’s health ministry. While your organization may not use Okta directly, the impact of a breach can be wide-ranging as the platform is leveraged by many vendors worldwide. AgileBlue will continue to closely monitor the situation and our 24×7 SOC team continues to engage in active threat hunting to provide as much security as possible for all clients.

WHAT INFORMATION DID THE HACKERS GAIN ACCESS TO?

Okta, along with many other companies, has been affected by hackers like Lapsus$. This attack reportedly affected as many as 366 Okta customers worldwide, which accounts for almost 2.5% of Okta’s global customer base.

After gaining access to the Okta system, Lapsus$ leaked 37 GB of data, including archive shows and images through Okta. The hackers also released screenshots and photos of user identities. Lapsus$ released sensitive screenshots depicting Okta’s internal systems. Lapsus$ has said they were not going after Okta’s data but were focusing on the company’s customers.

WHERE DID THE BREACH HAPPEN AND WHY?

There are many reasons why someone would want to take data from a large company. Many reasons are because they just think they can, revenge, sabotage, financial gain, blackmail, and vandalism. The motivation behind why Lapsus$ wanted to get into Okta is still very unclear but it is believed to be because of money and fame. It is believed that they wanted customer information from Okta instead of their company information. Based on the data that was shared from the breach and what Lapsus$ has said about their activity, it appears that the main target was Okta’s massive customer base, rather than Okta itself.

WHEN DID THE OKTA DATA BREACH HAPPEN?

Data breaches can happen anywhere. In January 2022, Okta detected what they thought was an “unsuccessful attempt” to get information on a third-party provider. Okta security received an alert at this time that an MFA account was added to an employee’s account from a location that was previously never used before. On March 22, 2022, Okta confirmed this attempt. Lapsus$ released the screenshots including the highlight of the internal system of Okta which is dated January 21, 2022. Lapsus$ had access to this account from the 16th to the 21st of January 2022.

WHAT TO DO IF YOU WERE IMPACTED BY THE OKTA DATA BREACH

  • Watch and protect all of your Okta logs; look for anything suspicious.

  • Disable the Okta Support access to make sure the hackers are not granted access to your account.

  • Change your passwords.

  • Monitor employees and educate them on data safety to reduce risk.

  • Enable notifications so you get alerts for new or suspicious login attempts.

  • Use multiple forms of authentications

FREQUENTLY ASKED QUESTIONS ABOUT THE OKTA BREACH

Q: How do you prevent data breaches?

A: There are many ways to try and prevent data breaches.

  • Always update your software whenever one is available.

  • Upgrade devices whenever software is not supported on the device you’re on.

  • Educate employees on what to look for and teach them security practices.

  • Enforcing strong credentials like passwords.

  • Have a multi-factor authentication.

Q: How does a data breach affect me?

A: Data breaches impact both organizations and you by releasing sensitive content. If you are a victim of these attacks, you have to frequently change passwords, freeze credit cards, and regularly monitor your personal information. You could be in danger of identity theft if the hackers want to use sensitive information against you, especially if they have got ahold of your social security number, email address, password, and ID number.

Q: How can IT security specialists help protect me and my company?

A: While your organization may not use Okta directly, the impact of a breach can be wide-ranging, since the platform is leveraged by thousands of vendors worldwide. AgileBlue will continue to closely monitor the situation, and our 24×7 SOC team continues to engage in active threat hunting to provide as much security as possible for all clients.

FREQUENTLY ASKED QUESTIONS ABOUT THE OKTA BREACH

Q: How do you prevent data breaches?

A: There are many ways to try and prevent data breaches.

  • Always update your software whenever one is available.

  • Upgrade devices whenever a software is not supported on the device you’re on.

  • Educate employees on what to look for and teach them security practices.

  • Enforcing strong credentials like passwords.

  • Have a multi-factor authentication.

Q: How does a data breach affect me?

A: Data breaches impact both organizations and you by releasing sensitive content. If you are a victim of these attacks, you have to frequently change passwords, freeze credit cards and monitor your personal information online regularly. You could be in danger of identity theft if the hackers want to use sensitive information against you, especially if they have got ahold of your social security number, email address, passwords and ID number.

Q: How can IT security specialists help protect me and my company?

A: While your organization may not use Okta directly, the impact of a breach can be wide-ranging, since the platform is leveraged by thousands of vendors worldwide. AgileBlue will continue to closely monitor the situation, and our 24×7 SOC team continues to engage in active threat hunting to provide as much security as possible for all clients.

FREQUENTLY ASKED QUESTIONS ABOUT THE OKTA BREACH

Q: How do you prevent data breaches?

A: There are many ways to try and prevent data breaches.

  • Always update your software whenever one is available.

  • Upgrade devices whenever a software is not supported on the device you’re on.

  • Educate employees on what to look for and teach them security practices.

  • Enforcing strong credentials like passwords.

  • Have a multi-factor authentication.

Q: How does a data breach affect me?

A: Data breaches impact both organizations and you by releasing sensitive content. If you are a victim of these attacks, you have to frequently change passwords, freeze credit cards and monitor your personal information online regularly. You could be in danger of identity theft if the hackers want to use sensitive information against you, especially if they have got ahold of your social security number, email address, passwords and ID number.

Q: How can IT security specialists help protect me and my company?

A: While your organization may not use Okta directly, the impact of a breach can be wide-ranging, since the platform is leveraged by thousands of vendors worldwide. AgileBlue will continue to closely monitor the situation, and our 24×7 SOC team continues to engage in active threat hunting to provide as much security as possible for all clients.

ABOUT ROSENMAN IT SOLUTIONS LLC

Rosenman IT Solutions LLC provides technical support for all your IT needs and is based in the USA. We are a managed services provider and IT consulting firm based in Troy, Michigan. Combined with our expertise, creativity, and versatility for your business’s success, our solutions are here to help your business through any IT service or challenge you may have nationwide with 24/7 support!

Read More
Adam Rosenman Adam Rosenman

ADAM SPEAKS AT THE AGILEBLUE WEBINAR

On March 24. Tony Pietrocolo the President at AgileBlue hosted a webinar around identifying your cloud vulnerabilities and hardening your cloud posture. This webinar included two speakers, Rosemary Monroe who is a principal consultant for Online Business Systems, and Adam Rosenman the CEO of Rose IT Solutions.

The main focuses that were on the agenda for this webinar were:

1. How to continuously monitor and manage your cloud security across multi-cloud infrastructures

2. Detecting threats within your cloud

3. AgileBlue’s steps to CSPM and hardening your cloud

IDENTIFYING YOUR CLOUD VULNERABILITIES AND HARDENING YOUR CLOUD POSTURE

We are seeing more and more cloud breaches as of late. It is not because someone is hacking into them or the user is negligent and clicking on links, but because of misconfigurations. There are a million types of configurations and not everyone knows the best practices that need to be done in order to avoid cloud breaches.

“Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes.” – Gartner
— – Gartner

Businesses such as Amazon and Google are making big changes to grow in CSPM areas to avoid breaches due to misconfigurations, mismanagement, and mistakes. Google is even making deals with governments in order to bring their platforms in, bringing forth more pressure to avoid cloud security threats. As you can see in the graph below, the biggest cloud security threat is simply misconfiguration. It isn’t the more malicious threats you would assume such as hacking, but simple a misconfigured cloud platform. This is the biggest threat mainly because there is a lack of understanding when it comes to configuring cloud security.

“95% of all cloud security breaches are due to misconfigurations. Through 2024, organizations implementing a CSPM offering and extending this into development will reduce cloud-related security incidents due to misconfigurations by 80%.”
— – Garter

WHAT IS A MISCONFIGURATION?

At a general level, a misconfiguration could be anything from not having your storage configured correctly to not having your access controls configured in a way that’s controlling the access at the right levels. Runaway resources could be misconfigured because they are a part of your cloud’s ecosystem. Anything that you can apply a configuration to that controls access and utilization of your cloud, could potentially be misconfigured. A misconfiguration of the cloud is such a broad statement because the cloud itself is so broad. This could be a wide range of things that are configured incorrectly. When something is misconfigured in your environment you are jeopardizing the safety of your business and your data.


It’s important to remember that although Amazon and Google are secured systems, this does not ensure that your information is secured. This means that they are in a secured position but you have to set up configurations to make sure that your information is personally secured. You can’t forget that you are in charge of yourself when it comes to cloud security.

WHAT IS CSPM?

Cloud Security Posture Management (CSPM) is technology to identify misconfiguration issues and compliance risks in the cloud. An important purpose of CSPM programming is to continuously monitor cloud infrastructure for gaps in security policy enforcement. Visibility is everything when it comes to cyber security. When you get an attack or breach, it is likely because of a lack of that visibility.

WHY CSPM?

  • Continuous cloud and multi-cloud monitoring

  • Risk visualization and assessment

  • Automate remediation or remediate at the click of a button

  • Compliance monitoring

  • DevOps

  • Scan your storage buckets for misconfigurations that could make data accessible to the public

WHY DO WE MONITOR CLOUD INFRASTRUCTURE AND THREATS?

Adam says that we monitor cloud infrastructure and threats in order to secure our digital initiatives. Projects that businesses are moving to the cloud for efficiency and scalability purposes need to be aware of targeted attacks, security, and risk management. Leaders must adopt continuous adaptive risk and trust assessment approaches to allow real-time, risk-based decision-making.

Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection required an adaptive protection process integrating predictive, preventative, detective, and response capabilities.

CHALLENGES WITH MONITORING CLOUD INFRASTRUCTURE AND THREATS

  • Business transformation accelerates with or without security and risks people, processes, and infrastructure being ready

  • Information security lacks continuous visibility it needs to detect advanced attacks

  • Enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to “incident response” is the wrong mindset

  • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers thus requiring predictive threat analytics to get ahead of the curve

  • Most organizations overly invest in prevention-only strategies deployed within non-integrated silos, increasing costs and decreasing effectiveness

IMPORTANCE OF MONITORING CLOUD INFRASTRUCTURE

  • Unification of IT, Net, Storage, Cloud, Dev, and Security Op’s understanding of immediate risks at hand

  • Enhancement of Infosec strategy, policy, and funding roadmaps where it matters to sustain operations based on high-risk vectors

  • Identification of risk which prioritizes mitigations identified from active threat actor tactics, techniques, and procedures

  • Extraction of additional value from EDR, NDR, and SIEM investments by aligning behavioral detections to threat actor techniques

  • Support of Zero Trust and CARTA initiatives through continuous monitoring and assessment of attack surfaces

COMMON ISSUES IN CLOUD DEPLOYMENT

One of the biggest and most common issues during cloud deployment is the misunderstanding of the Shared Responsibility Model. When the customers don’t understand the responsibilities handled by the cloud service provider and the responsibilities they themselves need to handle. When this is not fully understood it leads to inaccurate inventory, inadequate encryption, and flawed assumptions about BC/DR. Here is a graph of the Shared Responsibility Model for both the customer and the cloud service provider.

KEY TAKEAWAYS FROM THE SHARED RESPONSIBILITY MODEL

  • Review the shared responsibility model of your CSP

  • Review contracts

  • CSP’s documentation

  • Review CSP’s proof of controls

  • Review supply chain (multiple CSPs providing different services)

  • Trust but verify services provided/consumed

  • Ensure an accurate inventory is defined and maintained

KEY TAKEAWAYS FROM IDENTITY MANAGEMENT (IAM)

  • Implement centralized, automated access management and policy-driven environment creation

  • Implement least privilege and role or attribute-based access, model

  • Assign access only to modalities

  • Implement MFA for all access

BENEFITS OF CLOUD CONFIGURATION

1. Discovery and Visibility – Provides discovery and visibility into cloud infrastructure assets and security configurations. Users can access a single source of truth across multi-cloud environments and accounts.

2. Misconfiguration Management and Remediation – Eliminates security risks and accelerates the delivery process by comparing cloud application configurations to industry and organizational benchmarks so violations can be identified and remediated in real-time.

3. Continuous Threat Detection – Proactively detect threats across the application development lifecycle by cutting through the noise of multi-cloud environment security alerts with targeted threat identification and management approach. The number of alerts is reduced because the CSPM focuses on adversaries most likely to exploit areas.

4. Dev SecOps – Reduces overhead expenses and eliminates friction and complexity across multi-cloud providers and accounts via centralization of controls.

ABOUT ROSENMAN IT SOLUTIONS LLC

Rosenman IT Solutions LLC provides technical support for all your IT needs and is based in the USA. We are a managed services provider and IT consulting firm based in Troy, Michigan. Combined with our expertise, creativity, and versatility for your business’s success, our solutions are here to help your business through any IT service or challenge you may have nationwide with 24/7 support!

Read More
Adam Rosenman Adam Rosenman

Made in Beijing: The Plan for Global Market Domination

The FBI’s Office of Private Sector, Counterintelligence Division and Training Division present this 30-minute film entitled Made in Beijing: The Plan for Global Market Domination. In the world of global adversaries, the People’s Republic of China stands at the forefront with its sustained and brazen campaign of industrial espionage, posing the single greatest threat to our freedom, national security, and economic vitality. Made in Beijing: The Plan for Global Market Domination sounds the alarm, helping private sector partners recognize the urgent need to protect their crown jewels against industrial espionage.

ABOUT ROSENMAN IT SOLUTIONS LLC

Rosenman IT Solutions LLC provides technical support for all your IT needs and is based in the USA. We are a managed services provider and IT consulting firm based in Troy, Michigan. Combined with our expertise, creativity, and versatility for your business’s success, our solutions are here to help your business through any IT service or challenge you may have nationwide with 24/7 support!

Read More
Adam Rosenman Adam Rosenman

Why Schools Should Be Concerned About Their Cyber Security Posture

 A recent report by the K-12 Cybersecurity Resource Center found 2020 was a "record-breaking" year for cyber-attacks against US schools, with 408 publicized incidents marking an 18% increase in 2019. But what is behind this increase and what can you do to protect your school??

 

Why Cybersecurity Risks in K-12 Schools Are Increasing

 

Introducing technology and the increasingly digital nature of classrooms have for many years outpaced what budgets allow for, with hiring cybersecurity staff and acquiring the resources needed for adequate protection. As a result, K-12 has become a prime target for hackers, in part because of the high-value data available.

 

To understand the scale of the problem and the data at risk, look at a Los Angeles Times report that found that up to 500,000 San Diego-based staff and students in one district may have stolen their personal data by cybercriminals in 2018. The breach included social security numbers, birth dates, phone numbers, and private health information.

 

In 2020, the threats included data breaches and leaks (36%) and ransomware (12%), accounting for nearly half of specified K-12 cyber incidents, while another 45% fell into an "other" category. This included malware, digital class and meeting invasions (Zoom bombing), defacement of websites and social media, and many other "related and/or low-frequency incidents.

 

Why Cyber Security Is So Important for K-12 Schools?

 

Cyber Security isn't only a concern for schools, but also in every government or corporate setting. They are searching for points of weakness, and those are common in school districts because of the limitation of IT resources, especially around cyber security.

 

Your students, their families, faculty, and staff are at risk, and you have a duty to protect them and their data.

 

They are at risk of identity theft, fraud, and online harassment. Sensitive educational processes, such as special education grants, are at risk if the information is exposed online. Data breaches affect the reputation of districts and diminish community trust in institutions.

 

How and Why Is School Data Targeted? 

 

Hackers attack the weakest points of security, often not systems, but people. Phishing attacks are common, initiated when a person receives an email containing a malware link. Simply clicking on this link can infect the endpoint. But it also can give cyber-criminals access to the school district's network. Criminals can also use this in ransomware attacks; encrypting or threatening to sell or make public confidential information and only removing the threat when a ransom is paid.  

 

Sophisticated social engineering attacks can pass all but the most astute target. Criminals impersonate employees or suppliers to bypass security and gain access to network credentials.

 

The very nature of education establishments means relative openness of public schools’ networks, student and faculty laptops, bring your own device policies and community inclusion applications - each endpoint, each web-facing application, each user is a potential vulnerability. The proliferation of devices and the need to put in remote learning solutions have put further strain on already under-resourced Teams. And the result is often poor adherence to security policies, even when the school district has rare access to the skills needed to sufficiently protect their digital assets.

 

However, the cost of not doing so can far outweigh the investment in a fit-for-purpose cyber security deployment. Not only will there be a cost associated with firefighting the incident, but also identifying any other undetected intrusion and rolling out a remedy, but the district may also face state and federal penalties for failure to provide sufficient protection.

 

How to Improve Cybersecurity

 

By now, hopefully, you will appreciate how important it is for schools to have stronger cyber security. But it can require rare resources - money, and experienced, qualified personnel. Some fixes, like securing endpoints with anti-virus, are quick to deploy and provide instant protection at a relatively low cost. More involved solutions for endpoint security, utilizing prevention and detection technologies, may need to be deployed by a company with the relevant expertise, but this can still be affordable, especially when you consider the high-level protection it can afford.  

 

Cybercrime is ever-evolving, and cyber security for a school district cannot be static.

 

Starting with the basics, such as a firewall, endpoint protection (and don’t forget the devices being brought in from outside to be used on your network), and anti-virus protection. And then moving on to intrusion protection and attack mitigation.

 

Your cyber security system needs to be managed round the clock and ready to identify and stop a breach in real-time

 

A simple phishing e-mail can be the entry point for a ransomware attack, which leads to huge disruptions, embarrassment, and even a fine.

 

Don't leave your cyber security to chance, as criminals won't.

 

How Rose IT solutions can help

 

Rose IT Solutions can help you secure your school from cyber-criminals. Our Security Operations Centre (SOC) in a Box provides:

24/7 monitoring of your IT infrastructure and data.

 

We centralize the visibility of all your systems, including:

Your Network

Your infrastructure, whether that’s in-house or public cloud

Your access control and authorization

And your applications like O365 or Gsuite

 

The security stack includes:

Firewall

Syslog Feeds

Endpoint protection and anti-virus

Intrusion detection

Email security

Data loss prevention

RoseIT Solutions’ SOC in a Box will deploy onto your infrastructure and be maintained by our team of experts. The round-the-clock service will protect you, giving your proactive monitoring, full visibility, and RoseIT Solutions will neutralize any threat, ensuring you remain secure and compliant.

Talk to our team to find out how you can protect your school even better than you are today.

 

Read More
Adam Rosenman Adam Rosenman

Log4J - The Single Biggest, Most Critical Vulnerability Of The Last Decade

You need to presume you've been compromised and act quickly.

 

What is Log4j?

 

Log4j, a Java library for logging error messages in applications, is used in enterprise software applications, including those custom applications developed by companies in-house, and is part of many cloud computing services.

 

What is the Problem?

 

A flaw has been identified in Log4j which has led to the most high-profile security vulnerability on the internet. It comes with a severity score of 10 out of 10. 

 

The Log4j library is frequently used in enterprise Java software and is included in Apache frameworks including Apache Struts2, Apache Solr, Apache Druid, Apache Flink and Apache Swift. 

 

Since Log4j is so widely used, the vulnerability will affect a wide range of software and services from many major vendors, including (but not limited to) AWS, Broadcom, Cisco, IBM and VMware. Experts say the extreme ease with which the vulnerability allows an attacker to access a web server - no password required - is what makes it so dangerous.

 

It is almost certain that it will affect something in your technology stack. And while major vendors are rushing to release patches, cybercriminals are using it to exploit the vulnerabilities. Millions of servers have installed it, and experts have said the impact could last for years but the problem is very real right now. One security company has said over 40 percent of corporate networks have been targeted.

 

 

What Should I Do?

 

Cybersecurity and Infrastructure Security Agency's main advice is to identify internet-facing devices running Log4j and upgrade them to version 2.16.0, or to apply the mitigations provided by vendors immediately" It also recommends setting up alerts for probes or attacks on devices running Log4j.

 

It is important to note that the original guidance to upgrade to 2.15.0 has been superseded as that version was vulnerable to DDOS attack. So even if you think you have addressed the risk you will need to go back and check that there are not more updates.

 

Part of the challenge is identifying software harbouring the Log4j vulnerability. The Netherlands's National Cyber Security Centrum (NCSC) has posted a comprehensive and sourced A-Z list on GitHub of all affected products which can be found here https://github.com/NCSC-NL/log4shell. It has broken the categories down into vulnerable, not vulnerable, under investigation, or where a fix is available. This list illustrates how widespread the vulnerability is, developer services, covering cloud services, security devices, mapping services and more.

 

However, patching systems could be a complicated task. While most organizations and cloud providers, such as Amazon Web Services, should easily update their web servers, the same Apache software is often embedded in third-party programs that can only be updated by their owners.

 

Where Can I Find Help?

 

If you are concerned about the Log4j flaw, need help to identify your potential risk and mitigate them, contact Rose It Solutions. Our team will be happy to assist.

 

See a couple of Webcast from our Partners discussing the Vulnerability

Read More
Adam Rosenman Adam Rosenman

Meet Our Founder

Adam's Photo.jpg

Best-selling author and veteran recently asked our founder Adam Roseman of the IT industry Jennifer Bleam to join her on the podcast IT Success Secrets.

 

Jennifer started by asking Adam about his origin story and how he found Rose IT Solutions.

 

“I come from a family of entrepreneurs. My mom recently started a business after being a fourth-grade teacher for 40 years; she finally decided to retire and is now doing education consulting. She’s just started her journey, and she’s actually quite busy helping districts develop curriculum development.

 

My grandfather started a dry-cleaning business in the late 60s working there until the mid-80s, and then my dad came into the picture with my mom; my dad learned the business and eventually brought it in the late 80s. And we’ve now celebrated our 57th year in business. So, we are very well known within the community, we are very active, and we have a multi-generational client base with very avid fans.

 

I grew up working in the cleaners, working out front checking clothes in, and working with computers.

 

Computers have always been a big part of my life.

 

I was a kid at six or seven years old taking apart our Apple. Always figuring out how things worked, and I was very inquisitive.

 

When I was a teenager, I did a little computer repair, it wasn’t an official business, but I would upgrade software and install memory for family and friends.

 

I went to a private high school away from home where I connected with someone who is still a mentor, the IT director at that school. And I became one of the local techs on campus helping with software installs, really anything that needed to be done. So, I learned a lot - server administration, managing groups of computers - all that kind of stuff. That prompted me to go to college and get my computer science degree, and I graduated from the University of Michigan with a bachelor’s in computer science.

 

And then I started my first job outside of working for my dad at a local IT shop, similar to what I do- similar clientele, similar services. I got hired in on their service desk. For about four years before being promoted into management, I did that running the service desk as their operations manager.

 

That company got bought out by a larger nationwide IT shop, and I worked there for about two years as a manager.

 

But I started butting heads with the bureaucracy of a large organization, I hated going to work and was not happy, but in the meantime, I’d met my wife, got married, and had my first two kids.

 

I decided to go out on my own. It was scary. I some money put aside, but if this didn’t work, it could potentially hit me and affect my family greatly. My parents invested a bunch of money, along with the money I had, to get me started. A couple of people I worked with at the big company came over with me, we started Rose IT Solutions, and the rest is history. We’ve been growing year after year and sit at about 25 employees, and we did about 10 million in sales. I’m very involved in the community and try to stay connected and give back to the business community.”

 

Jenifer then asked what struggles Adam faces leading the business.

 

“One of the struggles we have in our business, and other IT shops will have this as well, is keeping people and then the knowledge I called the knowledge tree. It would help if you had bodies to take somebody who doesn’t have a great experience. Still, you hope they learn fast - wants to learn, wants to increase their knowledge to make themselves better, but there are times when you take a risk, and they’re not that person, and eventually, you have to make the tough decision of moving on from people. That’s a constant struggle we deal with daily, especially in that area. Making sure we have competent, hard-working people that will treat a customer well when on the phone, that are efficient with their time getting onto the next call, so we don’t have long hold times - because we do have contractual obligations, SLAs, with service desk clients. As a business owner and my management team, I struggle with that's really a thing that I struggle with.

 

 

Balancing the employee's monetary value, how much you want to pay them the benefits and all that kind of stuff, to the output of what they do. I’m not the only IT shop in Metro Detroit, there are tons of shops smaller and larger than me, and we’re all trying to pull from the same pool. So, you’ll see people hop from place to place for whatever reason -more pay better benefits, a friend works there and says you should come here - and that something that I’ve struggled with not only as a business owner but as the manager at the two IT shops after school."

 

Towards the end of the interview, Jennifer asked what Adam and Rose IT Solutions were doing to help customers with the ever-growing cybercrime threat.

 

"In October, we launched our Security Division, we partnered with IBM with what they call the IRIS team as a Security Managed Services Provider, and we resell their services. That could be the security operation center working with the analysts managing the security infrastructure of a company’ interpreting that data and acting upon it based on the threat level, depending on how the client wants to handle it. It could be security consultancy such as developing an incident response plan. And if there is a breach, it’s us coming in with IBM to do a forensic audit to find out how the actor got in, what’s the biggest impact, and that kind of stuff - so there’s a wide range of different services we can offer.

 

Depending on the contract, we can bill, or IBM can bill directly to the customer depending on the customer's wants.

 

We have another organization that we work with that does proactive penetration testing networks from both inside and outside sources to see if we can break-in.

 

That’s what we’re doing, and we have conversations both with existing clients and new prospects every day. This is our hottest offering right now."

 

You can listen to the full interview below.

 

 

 

Read More
Adam Rosenman Adam Rosenman

Remote Working

It all begins with an idea.

In Spring this year, all businesses shared a common purpose: to protect staff, customers, and the business. As the reality of the threat of Covid-19 hit, it brought with a clarity of vision and an urgent need to act that lead to the adoption of new ways of working. New tools were deployed for collaboration, communication, and automation; the way companies interacted with staff, customers, and suppliers changed almost overnight.

 

One of the biggest changes was the staff working from home.

 

While the working from home trend had grown 44% in 5 previous years, the Bureau of Labor Statistics reported that prior to COVID 19 only 7% of employees had access to the privilege. According to research carried out by Gallup that is now a massive 62%, with 74% of companies expect some employees to continue to work remotely.

 

Many of the solutions that have gotten us through this challenging time were deployed very rapidly, so now the dust is settling it is time to review what was put in place to make sure that it is fit for purpose for the new world of work.

 

Access to LAN

 

To enable working from home you need a solution that will allow your staff to continue to access their applications and data in a way that as closely mirrors their office experience as possible.

 

The most common way to do this is via a secure Virtual Private Network (VPN).  A VPN can be set up to give access to individual applications, the corporate LAN, or using Microsoft Remote Desktop Protocol (RDP) to the users' own desktop computer back in the office. VPNs are a tried and tested technology and as long as employees adhere to security policies, such as not access the VPN over unsecured networks - like in a coffee shop - then the risks are low.

 

Another method is to use Desktop as a Service. This is a cloud-based solution where users access a virtual desktop session that is running in a data center. It doesn’t matter what device they use to access the session as all the data and applications remain in the data center. This is an increasingly common way that companies are enabling secure remote working.

 

Security

 

Zero trust approach - Opening up the corporate network for remote users immediately brings security risks. Taking a holistic Zero Trust approach reduces much of the risk with no one, inside or outside of the network, automatically trusted and verification required to gain access to any resources.

 

For any device accessing the network, it is essential to ensure that the basic as in place:

 

•          All devices should be encrypted.

•          Multi-factor authentication should be deployed

•          All devices should be running an up to date anti-virus solution

Devices should never connect to the raw internet, there should always be a layer of security in place.

 

And as the weakest point in any security system is the people, staff should have training covering:

 

Awareness of security risks

Extra vigilance about data – covering both storing and sending

Training to spot security risks and how to report them so they can be mitigated quickly

 

Corporate Devices

 

The preferred option for many companies has been to provide their employees with laptops to use while working from home. In some cases, employees have even taken home their desktop PCs. For the users that normally have access to laptops, the existing security protocols should be sufficient, if they have been designed for remote working. If the users are normally deskbound then there are additional security risks including the physical risk of a device being lost or stolen.

 

If a computer is connected to the internet there is always a chance that a cybercriminal will try to gain access. When your employees are using their unsecured home networks this risk is multiplied.

 

Keep visibility of the device - Install remote security controls so you keep the same level of visibility that you have when the devices are within your offices.

Password policies - All password policies should be enforced, even for browser-based applications.

Minimize the risk of phishing attacks - Use Two-factor authentication where possible.

Don't let anything thing through the back door- Ensure the OS and applications remain patched and updated.

Anti Virus/malware - it should be taken as read that this is in place, but it should be checked that it is running and up to date.

 

Bring Your Own Device

 

If you opted for Bring Your Own Device (BYOB) you wouldn’t have been alone, hundreds of thousands of employees are now working from home using their own devices. BYOD isn’t a new idea; companies have been adopting it for over a decade as a way to provide user choice and reduce hardware cost.

 

Employees’ personal devices are often newer and of a higher spec than those provided by a company. By enabling BYOD users to get to use a device that they have chosen, and the company makes considerable savings by not having to continue to invest in hardware. But this win-win situation doesn’t come without compromises and the biggest one is security.

 

•          Data Leakage - The devices are in the homes of employees; they may not be the only person in the household that has access to it. As soon as you mix business and personal use you put the business at risk. You have no control over this.

•          Loss of Control - As soon as any endpoint leaves the confines of the corporate LAN there are risks but with BYOD these are higher. Employees are unlikely to agree to have remote device management and monitoring tools running on their personal devices.

•          Unsecured connectivity - Your employees' home networks may not be as secure as you’d like but with the added risk of them using questionable WIFI connections while on the move can you be sure of maintaining any real control of your network?

•          Malware - the majority of users with infected devices have no idea that they have malware. They download applications without examining the terms of service and fail to update these applications and the OS, blowing a hole in your security.

•          Policy enforcement - You may try to mitigate these risks by creating a formal policy for BYOD, but it will be impossible to enforce this over an extended period.

 

If you'd like to find out more about how you can get your employees working securely from home, then reach out to our team and we'll be glad to help

Read More