Cyber Security

Cybercrime is becoming more frequent and sophisticated. It can be difficult keeping up with the ever-expanding range and complexity of cyber threats that plague our networks. By designing a multifaceted network solution that takes into account the various methods cyber criminals use to exploit businesses, Team 29B can help you mitigate the risks, protect your business against potential thieves, and ensure you maintain compliance with industry regulations.

Many of the tools that we deploy can be used individually to protect against specific threat vectors or in combination to provide a comprehensive security barrier across many fronts.

Network Security

Email Security

Email is the number one way organizations get infected with malware, which is why securing email is paramount. To protect your employees and your network it is imperative that proper spam protection and email scanning is in place. Modern solutions typically utilize not only attachment scanning, but also URL-rewriting and remote detonation to ensure malicious links containing dangerous code aren’t clicked on by an employee.  Our engineers can help implement, configure, and maintain most email security solutions to safeguard your network from attack. Some of the products we offer include Cisco Email Security, Proofpoint, and Microsoft Defender ATP.

Just as important as securing inbound email, it is critical that your organization’s outbound email is properly hardened as well. Our engineers can help properly configure high-availability and load-balancing so that your organization’s on premise email never encounters an outage. In addition, our engineers can implement Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) so that your emails appear reputable to other organizations on the internet. SPF, DKIM, and DMARC have the advantage of preventing malicious third parties from spoofing your domain, which protects your business and your customers.

Finally, we can assist with deploying Data-loss Prevention (DLP) technologies such as Proofpoint, Websense, and Microsoft policies in Office 365. This prevents sensitive information such as account numbers, social security numbers, and financial information from being sent over email. We can even help configure most DLP solutions to prevent sensitive or confidential documents from being shared over email as well.

 

VPN & Secure Remote Access

If there is one thing the Pandemic has made clear it is that secure remote access solutions are a critical aspect of business continuity. Common challenges with remote work include:

  • Acceptable VOIP call quality
  • Bandwidth limitations
  • Remote device access (printers/scanners)
  • Security concerns

Our team of engineers can help harden and improve your organizations existing remote access solution.

To improve the security of your remote access solution, we can implement multi-factor authentication and dedicated networks to isolate VPN traffic.

To improve performance, Team 29B can analyze your organization’s networking environment in order to identify potential bottlenecks. Solutions to such bottlenecks may include larger internet circuits, QOS policies, or WAN accelerators.

Team 29B has partnered with a number of local ISP in order to find our customers the highest possible bandwidth at the lowest possible price.

If your organization currently relies on Microsoft Remote Desktop Protocol (RDP) or terminal servers/remote desktop session-hosts for remote access, then our certified engineers might be able to help. Improvements can often be made by utilizing RDS session brokers for load-balancing and RDP gateway servers for remote access instead of VPN’s. If dedicated clients (laptops/desktops) are in use, then it may be desirable to configure Microsoft’s Always-on VPN solution or Microsoft DirectAccess depending on the version of the client OS.

We can also help design and implement new infrastructure to meet your organization’s remote access needs. Team 29B is a Cisco partner, so we typically recommend utilizing Duo for multi-factor authentication and SSL VPN’s utilizing Cisco AnyConnect for remote access.

Team 29B has also partnered with Citrix and VMware, so our engineers can help deploy a scalable Virtual Desktop Infrastructure (VDI) environment built on Citrix Remote Apps/Desktops or VMware Horizon. Both of these products enable secure, VPN-less remote access using VMware’s Unified Access Gateway (UAG) and Citrix’s ADC/Gateway appliances. With the Citrix Gateway and VMware UAG, your organization can securely implement a Bring-Your-Own-Device (BYOD) policy that enables employees to leverage their own laptops, desktops, and tablets without directly exposing the organizations internal network to threats from an employee’s home network.

Of course, all of the solutions mentioned above support a myriad of Multi-factor Authentication options that include: Certificate-based authentication, Radius, RSA tokens, Duo, and other SAML-based authentication providers.

COVID-19 might be going away, but working from home is here to stay. Team 29B can help your organization optimize the remote experience so that your users don’t notice a difference between being in the office and working from their couch. Convenience shouldn’t come at the cost of security, so we can do all of this while also hardening your network against remote attackers.

Cisco ise

Cisco Identity Services Engine (ISE) is one of the tools we deploy to secure the network.

Cisco ISE Helps you

  • Gain detailed insight into who, what, where and how endpoints and devices are connecting to your network
  • Enforce compliance requirements and limit risks by ensuring devices have current patches
  • Limit the spread of ransomware and enable rapid threat containment
  • Define and implement global policy control

Cisco ISE allows a business to define and enforce secure network access control policies. A good security posture helps you avoid security breaches and the associated costs, reduce the time and expense to remediate any network security events, and reduce the time it takes to implement network changes. This equates to a quantifiable return on investment and a reduction in operating costs.

Cisco Umbrella

Umbrella enforces security at the DNS and IP layers thus blocking requests to malware, ransomware, phishing, and botnets before a connection is even established, stopping threats over any port or protocol before they reach your network or endpoints.

Umbrella Helps you

  • Simplify security management by reducing malware exposure and time to remediate
  • Protects systems on and off-network
  • Provide coverage for all connected devices, including roaming laptops and mobile devices and supports most commercial operating systems
  • Dashboard reporting to quickly view trends across your deployment, and then pivot to understand security risks that require action
  • Speed to deploy across entire organization
  • Speed up and improve incident response

    Duo Security

    MFA (Multi-factor) and 2FA (two factor authentication)

    Duo ensures that you verify a user’s identity before granting access to your network; that is a cornerstone of network security. There are numerous multifactor authentication vendors on the market. We prefer Duo Security for several reasons:

    • Duo is a very “usable” product — it is easy for users to log in quickly and securely
    • No hardware tokens are required — individuals can use their mobile devices
    • No infrastructure or hardware to manage and maintain – it is cloud based

    Duo SSO (single sign on) offers the ease of authenticating once to gain access to multiple cloud applications within your organization.

    Cisco Secure Endpoint

    Formerly known as Cisco AMP, Cisco Secure Endpoint is designed to stop threats before they compromise your network. Simply put, Secure Endpoint combines Prevention, Detection, and Response all in one solution using an open platform to enable a simpler and more efficient workflow, and when a breach is detected, Secure Endpoint allows for faster remediation.

    Endpoint agents provide continuous analysis and retrospective detection which allows for device trajectory to see where and what hosts interacted with files (including malware) across your endpoint environment. It can scope the threat, provide outbreak control, and identify patient zero.

    All of these Cisco security products are supported by Talos, the world’s largest threat intelligence group.

    Advanced Malware Protection

    Malware is a catch-all phrase that refers to malicious software, hence “mal-ware”. Some malware is designed to operate secretly, like spyware, viruses and trojan horses. Other forms are designed to operate overtly, like ransomware and phishing attacks. Cybercriminals deploy these attacks in an effort to cause damage, disrupt, disable or gain unauthorized access to a computer, a server, or a network.

    Unfortunately, the criminals have become so sophisticated that we can no longer use a one-size-fits-all approach to securing our systems and data. Fortunately, there are many effective tools to protect against this malware. Some tools help control who or what is accessing the network, a device, or data on the network, by authenticating the person or device; some tools can control what data is allowed to leave and enter the network; some tools identify and intercept suspicious emails, packets, or attempts to connect; and some tools identify anomalies in data that can predict and prevent potentially malicious intent. At Team 29B, our network security experts know how to orchestrate the best implementation of these tools to assist you in protecting your network from edge to edge. We have had great success with a security suite of tools from Cisco, but we also use other industry leading applications when it makes sense.

    Formerly known as Cisco AMP, Cisco Secure Endpoint is designed to stop threats before they compromise your network. Simply put, Secure Endpoint combines Prevention, Detection, and Response all in one solution using an open platform to enable a simpler and more efficient workflow. And when a breach is detected, is allows for faster remediation.

    Types of Malware

    Ransomware

    Intended to deny or restrict access to personal or company files and demands payment in return for re-enabling access.

    Spoofing

    A technique used to disguise activity from an unknown source and make it appear like a trusted source. Spoofing is often initiated using emails and websites but can also include more advanced methods like disguising Domain Name Systems (DNS) servers, IP addresses, GPS coordinates and Address Resolution Protocols (ARP).

    Phishing

    A type of spoofing typically delivered via email. It is a socially engineered attack that masquerades as a trusted source with the intent of luring you into providing personal or financial information which can then be used to access your systems or take over your accounts or network.

    Spyware

    Software that secretly records a user’s activity in an effort to collect sensitive data like usernames, passwords and personal information.

    Viruses

    Software that is installed surreptitiously intending to cause harm or cripple a system.

    Trojan Horse

    A software program that misrepresents itself as a standard piece of software, but which actually installs a harmful program when it is installed or executed.