MARCH-APRIL 2020 - Cybersecurity & OISC20
VOLUME 18 • NUMBER 2
Serving as the bridge since 1997…
Industry • Academic • Government
CIO Council • CEO Council • Cybersecurity • Data Analytics Infrastructure/Cloud • Municipality IT • Women 4 Technology
Technology… the foundation and future of every business. technologyfirst.org
Technology First Announces New Executive Director After an extensive search led by Technology First's Board of Directors, we are proud to share that Melissa Cutcher accepted the position of Executive Director and began February 1, 2020. Melissa is stepping into the leadership role currently held by Marcia Albers who will be retiring March 31st. Melissa's professional achievements include leading many facets of a non-profit organization, having been with the Better Business Bureau for over fourteen years and most recently as their Chief Business Officer. Her responsibilities included relationship and financial management as well as oversight for their Women in Business Networking program. She holds a Bachelor of Arts degree in organization management and an MBA in organization leadership from Bluffton University. Melissa has been in the Miami Valley since 1985 and is a contributing member to many groups and organizations. She enjoys connecting people, golf, reading books, spending time with her daughter Ashley, husband Jeff, and puppies Cooper and Bailey. It has been said "Melissa is a person of strong character and integrity and expects that of others. She is very objective and realistic while being a self-starter and innovative". As Executive Director, Melissa will lead the promotion of Technology First, ensure revenue growth, manage the operational budget and drive the expansion of provided services in support of the region's IT industry.
A few words from Melissa: “I am excited and honored to join your organization as the new executive director. I want to thank everyone for your warm welcome. Also, I want to thank Marcia Albers, staff and the board for their support and assistance in helping me transition into this position. Following in Marcia’s shoes will not be easy, but with your input, participation and support, we can be assured that Technology First has an exciting future. I recognize I have a lot to learn and I intend to invest time and attention to get to know and understand the Technology First culture. We have a great team here at Technology First. Feel free to reach out to any of us at any time; we are happy to hear from you.” Please join us in welcoming Melissa to Technology First!
Announcing our new Executive Director!
Article: Joseph Desch: Dayton's IT Rock Star
Article: The Importance of Understanding Your Security Maturity
Article: Digital Forensics: Identifying the Who, What, When, and How of Cyberattacks
Ohio Information Security Conference
Article: The Importance of Risk-Based Vulnerability Management in Modern Cyber Security
13 Article: Combat Rising IT Security With IT Asset Management 14
Article: Humans are the New Malware: Protecting Your Business Against Advanced Cyberthreats
IT Leader Spotlight: Leo Cronin & Tim Ewart
Article: Operating a SOC...
Article: Do You Need to Backup Office 365?
Technology First Board of Directors
2020 Event Dates
Technology First | MAR-APR 2020
We’re proud to support
UPCOMING EVENTS MARCH
17th annual OISC (Security Conference) Registration still OPEN! 3 Keynotes 24 Breakout Sessions (6 Tracks) Wednesday, March 11 | 7:45am-5:00pm Sinclair College Ponitz Center
See pages 10 & 11 for Session Information
Technology First Scholarship Applications due March 23rd! The Technology First Scholarship is awarded annually to one or more deserving Southwest Ohio area college students. Students selected for this scholarship are matriculating in Information Technology related curriculums, have achieved distinguished academic success, and have demonstrated high character and values. visit technologyfirst.org/tech-careers/scholarships.html for more info!
7th annual TECHIES Awards Celebration!
Nominations due March 6h! Categories: CIO Council (IT Leaders) Outstanding Technology Team Digital Customer/Employee Experience IT Project of the Year Facilitated by: J.D. Whitlock, CIO, Dayton Childrens Best IT Services Company Friday, March 27 | 11:30am-1:00pm IT Executive of the Year Business Solutions Center Emerging Technology Leader Most Promising Startup APRIL Award of Excellence - Student Project Thursday, May 7 | 4:00-6:00pm Data Analytics SIG University of Dayton Arena - Flight Deck IoT meets Data Analytics Facilitated by: Matt Wenning, Speedway Women 4 Technology - CINCY Friday, April 3 | 8:30-10:00am Topic TBA Business Solutions Center Wednesday, May 13 | 8:00-10:00am Great American Insurance Group Infrastructure/Cloud SIG Topic TBA - details to come! Data Analytics SIG Friday, April 3 | 11:30am-1:00pm Topic TBA Business Solutions Center Friday, May 15 | 8:30-10:00am Business Solutions Center Tech Thursday Happy Hour Networking with TEKsystems Infrastructure/Cloud SIG Thursday, April 9 | 5:00-7:00pm Topic TBA Downtown Dayton Location - TBA! Friday, May 15 | 11:30am-1:00pm Business Solutions Center CIO Council - Tech Forum OPEN to ALL! Data Science Panel CIO Council (IT Leaders) Thursday, April 16 | 11:30am-1:00pm Topic TBA Business Solutions Center Thursday, May 21 | 11:30am-1:00pm Business Solutions Center
WELCOME NEW MEMBERS!
Technology First | MAR-APR 2020
HOMETOWN INNOVATION Joseph Desch: Dayton's IT Rock Star
David J. Wright Director of Academic Technology & Curriculum Innovation University of Dayton
“But where are the ships?” – I asked my grandfather as we stood alongside the giant docks in my hometown of Cardiff, Wales. At one point in history this was the busiest port in the world – but it now stood largely empty. As a child I barely comprehended the story he told of the Battle of the Atlantic, where German U-Boats were sinking the convoys of ships (including those from Cardiff) as they struggled to get food and supplies across from the Americas. Rationing of food was a deadly serious outcome in this phase of World War II as 14 million tons of shipping was sent to the bottom of the Atlantic and 72,000 allied and merchant sailors died. He could not tell the complete story of how the Battle of the Atlantic was won, because much remained a secret. Years later, now living in Dayton, I am excited to know that part of this story has been recently uncovered as we learn of the remarkable accomplishments of Joseph Raymond Desch (1907-1987). Any of us in the IT world should marvel at Desch’s prominent role in the history of computing. For example, he was one of the first patent holders on the design of a working electronic calculator. His work at Dayton’s National Cash Register Company (NCR) led to a series of innovations that matched or exceeded those of IBM in the early days of IT.
However, Joseph Desch’s even more significant contributions were kept secret until quite recently. Because of his expertise in the use of modern electronics (in particular, gas-filled glass tubes called thyratrons), Desch became the Research Director of the US Naval Computing Machine Laboratory located in Building 26 on the NCR campus. In parallel with a similar operation at Bletchley Park, England, machines called “Bombes” were built at the lab to decode Enigma messages sent to-and-from the German U-Boats. The Enigma machines looked like typewriters, with the function of taking a string of text characters and encoding them in a way that only another Enigma machine could decode. The Germans used this method to encrypt messages to prevent the Allies from knowing their intent. The German military remained confident that the Enigma machines produced scrambled messages that could not be broken. Indeed the number of combinations of letter reassignments possible for each character in a message from Enigma was greater than the number of atoms in the universe. So yes, with the US Navy Bombe, Dayton was at the forefront of “big data” from the very beginning of the IT revolution.
buildup prior to D-Day. Desch also played an important role in helping decode messages from the Japanese naval forces operating in the Pacific Ocean. Unknown to Desch, his electronics were also used in the Manhattan Project to quantify the fissionable material used in the first nuclear weapons. Inventions of Desch and his team were instrumental in shortening World War II. He received the Medal for Merit from President Harry Truman in 1947 – which characteristically of the entire project – was given in complete secrecy. After his death in 1987, Desch was inducted into the National Security Agency-Central Security Service Cryptologic Hall of Honor in 2011. Almost a hundred years ago, Joseph Desch began taking classes at what would become the University of Dayton. He graduated from UD in 1929 with a degree in Electrical Engineering. UD recognized his accomplishments by posthumously awarding him the 2017 Distinguished Alumnus Award. The award was accepted by Deborah Anderson, daughter of Joseph and wife Dorothy. This year, UD is proud to open its new Center for Cybersecurity and Data Intelligence (CCDI; see udayton.edu/cybersecurity/) in which a central lab has been named to honor Joseph Desch. The mission of the CCDI is to foster a multi-disciplinary approach for research, collaboration, and experiential learning in the areas of cybersecurity and data analysis. The Joseph Desch Lab is a shared space for students, faculty, staff and community partners to experiment and innovate with hands-on experiential learning. One of the signature aspects of Joe’s youth was his interest in building electronics from scratch – which echoes UD’s desire to catalyze student learning through hands-on real-world problem solving. Today, Dayton and surrounding communities have established an enviable foothold in this rapidly expanding IT field. But even as we marvel at what the future holds, and what new innovations can come from the next generation of cyber and IT professionals, it helps to remember that our track record goes back to the origins of electronic computing and “hacking for the common good”. For these reasons, Joseph Desch should be remembered as Dayton’s first IT rock star.
Construction of 121 US Naval Bombes, each weighing 5,000 lbs., was undertaken in Dayton by a workforce of civilian and naval personnel including 600 WAVES (women in the US Naval Reserve). Using an innovative combination of mechanical rotors and thyratrons, the Bombes were precursors to modern computers. Desch’s electronics were essentially a type of memory – like a primitive forerunner of RAM. As the mechanical part of the Bombe ran through many of the potential wiring possibilities within an Enigma machine, the memory was needed to keep track of the correct hits. The decoding efforts worked! To the very end, German naval officers refused to believe their messages were being read by the Allies, even as their submarine fleet was destroyed. This allowed the troop 4
Technology First | MAR-APR 2020
Portrait painting of Joseph Desch and the US Navy Bombe that was designed and built in Dayton during World War II (by David Wright).
Architects of Continuityâ„˘ Building partnerships to advance Research and practice
Vertiv solves the most important challenges facing todayâ€™s data centers, communication networks and commercial and industrial facilities with a portfolio of power, cooling and IT infrastructure solutions and services that extends from the cloud to the edge of the network. Vertiv.com
Hands-on education Workforce development go.udayton.edu/cybersecurity @udaytoncyber Cyber for the Common Good 5
Technology First | MAR-APR 2020
The Importance of Understanding Your Security Maturity “I need to know what my security gaps are. But where should I begin?” If this troubling thought has ever crossed your mind, you’re not alone. Whether you’re a novice or veteran CISO, you know that the everevolving cybersecurity landscape means businesses like yours are constantly under siege in new and unexpected ways. And yesterday’s traditional security measures can’t keep up with the rapidly increasing frequency and sophistication of today’s attacks—leaving your data and intellectual property dangerously unprotected and placing your reputation as a gatekeeper in serious risk. The Cybersecurity Landscape Cybersecurity is shifting from an afterthought to a major business driver for most businesses. They, and their IT leadership, are being pushed more than ever to have a well-defined security program with controls in place that are commensurate with the size and complexity of the digital needs of the business. Security is more complex than ever with distributed resources, resources in the cloud, and users and devices on or off the corporate network. And businesses without a particularly mature security program (no CISO, etc.) are being driven by their industry partners to emphasize security—and rightfully so. The stats below tell a sobering story: • 71% of US enterprises reported suffering at least one data breach Thales, 2018 Global Threat Report • The average cost of a data breach in the US is $8.19m
IBM, 2019 Cost of a Data Breach Report
The average time to identify a breach is 206 days
IBM, 2019 Cost of a Data Breach Report
The average time to contain a breach is 73 days
IBM, 2019 Cost of a Data Breach Report
The bottom line is that understanding your security program’s posture is vital to the continued growth and success of your business. But because most assessments are too vague, time-consuming, or costprohibitive, knowing where to take specific action can be daunting. It’s Time to ARM Yourself At RoundTower Security, we believe that a comprehensive maturity assessment is job one. The key to combating overwhelming complexity is keeping things simple and focused on addressing the right challenges. Our proprietary ARM process quickly, effectively, and affordably assesses security program maturity and provides tested solutions and expert management. Step One: Assess risk using targeted interviews and technical exercises Step Two: Remediate risk by applying tested solutions to help mitigate / transfer risk Step Three: Manage risk by providing visibility and orchestration through a suite of managed security offerings See the Big Picture A truly actionable assessment of your security program will identify the important risks and then equip you with the tools you need to quickly solve the right problems. RoundTower provides our customers with the following information, allowing them to understand the full scope of their security footing: 1. Overall Security Posture Evaluation • Inherent business-specific risks • Framework security control compliance • Strategy, policy, and governance 2. Consultative and Analytical Approaches • On-site data-gathering workshops • Risk-profile measurement via a proprietary platform 3. Robust Results and Reporting • Detailed gap analyses • 12-month ongoing maturity optimization 6
Technology First | MAR-APR 2020
Dustin Grimmeissen Director - Network & Security RoundTower Technologies
Quantify Your Risk Once you can see the full scope of your security posture, quantifying the associated risks is vital to outlining your next steps. RoundTower employs a streamlined, two-stage process to determine your risk level based on existing inherent program elements. Stage one identifies your program’s “Inherent Risk” based on its ecosystem complexity. Stage two calculates a “Cyber Score” using Stage one data in relation to the strength of your program’s existing Cyber Controls. Regain Control Understanding and correcting your security posture doesn’t need to be time- and budget-consuming. That’s the RoundTower difference. • Lightning Fast Findings Report - only 2-3 week turnaround from the beginning of a workshop. • Unmatched Visibility - clearly see the most pressing needs for an improved maturity posture. • Information-on-Demand - robust and readily actionable reports generated directly from exclusive software. • Targeted Strategic Planning - confidently manage ongoing Security & Risk programs in partnership with RoundTower. Security Assessment in Action: A Case Study An expert design-services software provider was challenged with several blind spots when it came to their own security posture. They were experiencing an increasing need to provide better overall security as well as have the ability to report on the security controls and policies they already had in place. Despite having always been focused on software development, this client did not have a CISO, nor did they have in place a dedicated security program or function. The solution demanded a quick way to evaluate their security posture, identify the most critical gaps, and be able to report on that progress as they matured. The RoundTower Approach What RoundTower brought to the table was truly differentiating. Our approach is ideal for businesses that are not comfortable with the level of their security maturity—largely because they did not consider security as foundational to their business approach. So, to maximize success, we don’t start with complex compliance frameworks (NIST, etc.). Instead, we focus on high-level security maturity, providing a simplified view of where the company stands, where there are key gaps (that matter to their specific business), and a prioritization of closing those gaps. We lead streamlined and focused workshops that measure our clients’ security maturity and risk posture using sophisticated risk analysis tools. And we yield results within days or weeks—not months—and without a complex deliverable that’s hard to understand for non-security professionals. A Successful Outcome RoundTower worked closely with our client, partnering with CyberPrism, a trusted software provider, to deliver a wholly successful outcome. We held workshops that identified the subset of overall policies and controls that mattered (based on the size and digital complexity of the client’s business) and entered into the CyberPrism platform all of the controls/policies that they did or did not have in place. The deliverables from the assessment not only included the security controls that were missing, but a prioritized list based on criticality and alignment to their business model. We also provided a list of RoundTower solutions that could close their gaps. Our client was very impressed with how quickly we turned around the assessment and how relevant the results were to their business. According to their IT leadership, the solutions were not too complex, allowing their engineers on the software development side to understand the end-goal and prioritize implementation. For more information on RoundTower and their expertise, please visit roundtower.com.
Healthcare ________ business, You’re in the ___ not the IT business. Focus on what you do best.
Sinclair’s new Centerville campus offers many degree and certificate programs including: • Cyber Investigation • Secure System Administration • Information Systems Security
You do you. Let us manage the IT.
• Network Engineering Security
For over a decade, RoundTower has been changing how technology delivers value and service by helping businesses focus on efficiency and digital transformation. Redefine your IT strategy with our crossfunctional, tailored approach that will leave you with more time to focus on your main objectives.
• Linux Security and Networking Essentials • IT Fundamentals • Network Engineering • User Support
www.roundtower.com Copyright © 2019 All Rights Reserved by RoundTower Technologies, LLC
Technology First | MAR-APR 2020
OISC 2020 Ad V4.pdf
A D VA N C E D PA R T N E R
Cyber threats have met their match.
Secure Cyber Defense analyzes and monitors digital environments with cutting-edge tools to identify, stop, and prevent cyber threats. Contact us to learn how our vulnerability assessments, intrusion prevention, and continuous monitoring services can help protect your business. NOW PROVIDING INCIDENT AND FORENSICS SERVICES! 937-388-4405
Information Systems and Supply Chain Management Graduate Open House You’re invited to a graduate open house for information systems and supply chain management degrees. Join us for a free lunch and information session.
May 2, 2020 11:30 a.m.–1:30 p.m. Rike Hall Wright State University Why choose an information systems or supply chain graduate degree?
Explore. Innovate. Expand. With the fiber network built with your future in mind.
• Earn your degree in just one year. • Flexible scheduling with online courses and in-person residencies. • Advance your career or find another career opportunity. • Don’t have a business degree? Our degrees can benefit people in careers as varied as health care, education, nonprofits, marketing, and more.
Our fiber networks are custom-built to meet your needs today, while preparing you for tomorrow’s most transformative innovations. So no matter what comes next, you’ll be ready—with the strength and assurance that come with working with an S&P 500 company.
The pathway to possible. Fiber.CrownCastle.com
Technology First | MAR-APR 2020
You can register or learn more at wright.edu/isscmopenhouse
Digital Forensics: Identifying the Who, What, When, and How of Cyber Attacks Shawn Waldman, CEO Secure Cyber Defense
When a data breach or ransomware attack occurs, maintaining and preserving evidence are critical activities for law enforcement, insurance claims, court proceedings, and getting systems back online. Computer forensic teams work to identify the type of hack, the approaches used, understand the source, layout the timeline, and determine how best to recover compromised data. If your company’s data or systems have been breached or compromised, there are a number of time-sensitive and highly technical questions that must be addressed. Like other crimes, the first 48 hours are critical for gathering and preserving evidence and identifying suspects. Digital forensic experts help investigate and identify: • Motive – why did the criminal launch the attack? Many breaches are the result of cybercriminals attempting to steal data or banking information, but it could have been a former or current employee or supplier • Means – the tools and approaches used to compromise or breach the data, such as malware, email phishing, or malicious links. It is critical to identify the level of expertise of the cybercriminal and the tools used to gain access and close off systems. • Opportunity – How and when did the cybercriminal gain access, what systems were compromised, and when was the attack launched? Some attacks occur in a small window of time, while others occur over time where multiple systems and databases have been scanned and compromised. System vulnerabilities are examined such as system patches not applied, backdoor approaches through hardware, cloud provider vulnerabilities, and SaaS platform weaknesses. Each industry has its own set of rules and compliance regulations relating to compromised data, particularly if banking or personal information are exposed. In addition to the digital forensic investigation, reporting a breach to governing bodies, customers, suppliers, and employees is required. Digital forensic teams and incident response teams are well-versed in compliance regulations and often guide companies on their responsibilities, what information from the investigation can be shared, and how to work with their legal and communications teams. So, What Is Digital Forensics? The best defense against cyberattacks is preparing in advance and putting systems and incident response plans in place. When all else fails, and a breach or ransomware attack occurs, having digital forensic experts and an incident response team on retainer allows for quick action to be taken. In the first 48 hours, the focus is on preserving evidence. Preserving evidence follows a carefully prescribed legal and technical approach so what is gathered can be used should the case go to court. “Digital forensic investigation is a combination of technological tools, consulting guidance, evidence gathering, analysis, and the understanding of how to navigate all four", says Shawn Waldman, CEO of Dayton-based Secure Cyber Defense. Digital forensic and incident response teams work hand in hand during the critical first 48 hours. The goal of both groups is to follow a systematic approach to preserving evidence and investigating the size and scope of the breach and how best to proceed forward in getting systems back online. In the case of Secure Cyber Defense, we have a three-step process: • Analyze – Identify the type of attack, define its scope, determine the data exposed or stolen, and the potential impact of the breach on IT systems, hardware, third-party vendors, and personal devices such as laptops, tablets, and mobile phones. • Contain - Limiting a company’s exposure and further expansion of the current cyberattack. • Preserve – Capturing and systematically preserving all the evidence necessary to understand the who/when/why and how motivations of the cyberattack and mapping out the best path forward to restoring business operations.
Having an outside company dig through all of your systems and data is intimidating. When a breach occurs, it is a chaotic time with many unanswered questions and feelings of vulnerability. Often there is the temptation to try to patch things on your own and move on. However, if critical issues like when the initial breach occurred are unknown, companies could be adding the malware back into their systems, opening up the opportunity for another breach. A forensic investigation is, therefore, a critical step to be sure no backdoors into your IT systems are left behind, allowing access for future attacks. Experienced investigators understand that this review may be unpleasant, and they are trained to do their work as objectively and as professionally as possible, often giving much-needed advice and support to executive and IT teams. The evidence gathered by digital forensic teams is used by several critical players such as local and federal law enforcement, cyber insurance companies, and local and federal courts. Understanding the chain of evidence required by each is a crucial part of how forensic teams operate and preserve evidence. It is also important for executive teams to understand their role in the investigation process, including what is covered and required by their cyber insurance policy, what legal and compliance requirements must be addressed, and managing the crisis communications plan. Cyber Aware is Cyber Prepared As with most essential functions of a company, planning is the key. “Too often, when our forensic or incident response teams are brought in, companies are making this call for the first time”, says Waldman. Working with an incident response team and having them on retainer allows a company to evaluate its cybersecurity approach, develop an incident response plan, connect with law enforcement resources, review their cyber insurance coverage and exclusions and understand their industry’s compliance requirements. With data breaches costing $150 per record (IBM and Ponemon) and rising, educating executive teams and board members on cybersecurity issues is key. Executive education includes ways to best prepare their organization to fend off increasingly sophisticated cyberattacks and the financial impact of cyberattacks are important steps to securing a company’s data. Educating executive teams has a trickle-down effect, prompting evaluations of cybersecurity measures, implementation of incident response planning, and even more important, educating employees on what suspicious activities to watch for and report. Executive-level cybersecurity training is beginning to emerge, including Secure Cyber Defense’s own GoCyber Executive Training Center. These programs aim to provide peer-level training on specific cybersecurity topics executives and board members should be focusing on as well as familiarizing themselves with common cyberthreats and building a list of resources to contact in the event of a breach. Having an understanding of how a breach occurs, how to deal with a cyberattack, and having a stable of resources available helps a company be more prepared to weather the storm. Secure Cyber Defense is a Dayton-based company dedicated to cybersecurity services, consulting and compliance services. With the area's only digital forensic and incident response teams, Secure Cyber Defense brings Fortinet-certified experts that align with federal cybersecurity best practices and current industry compliance standards. Our Cyber Intelligence Center tracks cyberattack patterns from multiple sources for our clients and customers, including the FBI, DoD, and DHS. https://secdef.com
Technology First | MAR-APR 2020
BCP Alice Kaltenmark, Global IT Service Continuity Manager, RELX Group Why data ethics could prevent the next data breach Neal O'Farrell, CEO, Ethicause A Group Debate: Prioritizing Your Limited Cybersecurity Time and Budget Bryan Hogan, President/CEO, Afidence Developing Your Identity Strategy Jerod Brennen Identity Strategy & Solutions Advisor, SailPoint
Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire Micah K. Brown, Vice President, Greater Cincinnati ISSA What is the CMMC and does it affect me? Thomas Autry, Senior Cybersecurity Engineer, Northrop Grumman 80/20 Cyber Risk Management: Prioritizing Issues That Matter Most Apolonio Garcia, President, HealthGuard CCPA Update Bill Kilgallon, Kroger
THANK YOU SPONSORS:
Technology First | MAR-APR 2020
A Practical Guide to Incident Response Dan Wilkins, Manager, Information Security, CareSource Extending Security Resources With A Managed SOC Brad Gettinger, IT Cybersecurity Manager, Midmark Honey Tolkiens Robert Wohlaib, Senior Cybersecurity Engineer, PCI It Was Never About the Things Jason Ortiz, Senior Product Engineer, Pondurance
A methodology for cyber threat ranking integrating NIST and FAIR Adeyinka Bakare & Dr. Hazem Said, University of Cincinnati Responding to Email Compromises in Office 365 Chaim Black, Systems Engineer, Intrust IT Communication best practices during & after a cybersecurity attack: What the research suggests Dr. James Robinson, Dr. Thomas Skill, & Kim Conde, University of Dayton System Resiliency: Continuing Business and Mission Operations on a Playground Full of Bullies Rebecca Onuskanich, Partner, International Cyber Institute
Wednesday, March 11, 2020 Dayton, OH
KEYNOTES National Security
John O'Connor Department of Homeland Security 5G, cybersecurity and you Chris Kuhl, CISO, Dayton Childrens Built-in Security Mindfulness for Software Developers Phu H. Phung, Assistant Professor, University of Dayton Fingerprinting on Encrypted Voice Traffic on Smart Speakers with Deep Learning Boyang Wang, Assistant Professor University of Cincinnati Lend me your IR's! Matt Scheurer, Senior Systems Security Engineer, First Financial Bank
Ohio Cyber Range Rebekah Michael, John Hoag, & John Franco, University of Cincinnati Talent Leadership Panel CISO Panel Moderated by Dave Salisbury Community College Cyber Pilot (C3P) Program Kyle Jones, Sinclair College & Danie Heighton, Clark State Educational Initiatives in Cybersecurity for a Technically-Skilled Workforce Keith Shomper, Professor of Computer Science, Cedarville University
Frank LaRose Secretary of State Ohio
Breach Resiliency Panel
Panelist: Leo Cronin, CSO, Cincinnati Bell Panelist: Matt King, VP, Global Information Security, Belcan LLC Panelist: Mark Sadler, Divisional VP, Great American Insurance Group Panelist: Mark Winemiller, VP, Information Systems & Marketing, Gosiger Moderator: Shawn Waldman, CEO, Secure Cyber Defense
Technology First | MAR-APR 2020
SECURITY The Importance of Risk-Based Vulnerability Management in Modern Cyber Security Kathy Vogler
Expedient Technology Solutions
In today’s world where nearly everything and everyone is connected to the internet, businesses can’t set up a layer or two of defense and expect to be safe. While antivirus software, firewalls, and protocols like multifactor authentication provide a good baseline of protection, there are always ways around them. Meeting your industry’s security standards isn’t enough either. Maintaining compliance is important, but industry-based guidelines are hardly comprehensive, and they fail to capture your business’s unique risks and challenges. Hackers, bots, and malicious programs are constantly trying to enter your systems from all angles. The more ways you have into your system, the more exposed you are. Staying protected and maintaining security is an on-going process that involves monitoring, detection, and response. In an ideal world, you could control and monitor all things at all times at the maximum level, but the truth is, you can’t. Successful cyber security requires prioritization and execution of strategy. In order to do that, you’ll need to establish your risks and vulnerabilities. Accessing Vulnerability Based on Risk and Priority Cyberthreats are prone to attack the areas where businesses are weakest. In order to understand your weaknesses, risks, and security gaps, an in-depth audit will need to take place. You need to look at all of the ways your systems can be accessed and what information is the most accessible. This includes devices in the Internet of Things, software programs, cloud connections, vendor tools, and more. It’s important to remember that you face risks from both the outside and within. Internal threats are some of the highest risks companies face, breaking through even the strongest of defenses. It’s important that
threats from both sides are properly labeled and analyzed. While exposure and vulnerability are critical in determining your priorities, they need to be weighed against value. What systems would cause your business the most damage if they were breached? Risk-based management takes all factors into account, identifying weaknesses and providing the information needed to create actionable goals and improvements. This allows you to efficiently utilize your resources to increase your security. But this isn’t the end. It’s actually the beginning. On-Going Monitoring and Adjustments Cyberthreats are constantly evolving. As they change, your vulnerabilities can change with them. Assessing risk and fixing gaps is not a one-time process. It’s an ongoing process of refinement and adjustment. You need to stay current with modern threats. You also need to measure the effectiveness of your current strategies and make changes accordingly. Proper risk-based management is about leveraging data, both from inside your company and the world around you. Though it might sound like extra work and therefore extra cost, the opposite is actually true. By monitoring risk and prioritizing vulnerabilities, businesses can not only better protect themselves, but they can reduce IT costs. Avoiding the cost of a breach is worth the investment alone. No cyber defense is 100% perfect, but with an experienced IT partner and the right risk-management tools, you can ensure your business is ready for the threats found in today’s interconnected world.
ABOUT US For 20 years, Beavercreek and Dayton area residents have trusted World Digital Imaging to be their digital printer! WDI offers a wide range of coil binding, large format, invitations, postcards, newsletters, brochures,
Our customer service is beyond compare DESIGN: Bring your vision to life with a customized approach. . PRINT: Turn times as quick as 24 hours for most jobs! PREPARE: Our capabilities include laminating, folding, coil binding, boxing, and more.
People are at the heart of every successful business initiative. At TEKsystems, a leading provider of IT staffing and IT services, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into the IT labor market enable us to help clients achieve their business goals-while optimizing their IT workforce strategies.
MAIL: We handle your mailing job from concept to delivery. Give us a call today at (937) 431-1982 or call to schedule an appointment for a free tour of our facilities.
Creativity starts here.
WORLDDIGITALIMAGING.COM 1138 RICHFIELD CENTER · BEAVERCREEK, OH 45430
Technology First | MAR-APR 2020
SECURITY Combat Rising IT Security Costs with IT Asset Management (continued from page 10)
Jeremy Boerger, Owner Boerger Consulting
Pity the poor Chief Information Security Oﬃcer (CISO). On one hand, her needs are real: emergent cybersecurity threats are increasingly sophisticated and numerous. On the other hand, the cost of defending against these threats follows the same trajectory. Her organization’s resources are finite, but not investing in the right technology or tactics could place her in the same inauspicious gallery as Hollywood Presbyterian1 or Riviera Beach2. Then again, what other value-add IT services should be cut? There is one group inside the department who is in a position to help: IT Asset Management (ITAM). Few CISOs and cybersecurity professionals realize the “hand in glove” relationship ITSec and ITAM should have. In 2016, Gartner published an article insisting up to thirty percent (30%) of a corporation’s software budget could be cut by implementing a software asset management (SAM) program3. The article identifies three best practice activities that must be performed to achieve this remarkable return: • Optimize Software Configurations — make sure to use the features and tools you pay for, and avoid paying for features and tools you do not use • Recycle Software Licenses — remove unneeded software installations so the corresponding software licenses can be applied somewhere else • Use SAM tools — invest in specialty license management systems that can accurately calculate complex software license rules and point out cost-saving opportunities In many organizations, software-related expenditures make up a significant portion of the overall IT budget. Any reduction in that line item could fund a number of other projects, so IT Security needs to present a good case to justify redirecting some of those funds to them. Interdepartmental budget strategy sessions can be cutthroat, but most will respect the “Little Red Hen” rule: you only get the bread if you help with the baking. If our intrepid CISO is going to ask for a part of the savings ITAM can deliver, she needs to demonstrate how her team, or tools, or data, are actively helping in those three SAM practices. Most ITSec professionals are familiar with the ISO/IEC 27000 standards, which require an “asset inventory” to be made of the corporate computing environment. The trouble is, the methodology of ISO 27000 focuses on information security management and does not provide necessary details and data attributes for eﬀective SAM. But dig deeper into the supporting standards and you will find ISO/IEC 197704, which specifically addresses ITAM and SAM process requirements. Last updated in 2017, it contains a maturity model constructed of three tiers: • Tier 1: Trustworthy Data — knowing what you have so that you can manage it • Tier 2: Life Cycle Integration — achieving greater eﬃciency and cost-eﬀectiveness throughout the asset life cycle (e.g., purchasing, inventorying, using, recovering, and disposal) • Tier 3: Optimization — achieving greater eﬃciency and costeﬀectiveness across functional management areas In typical fashion, the ISO/IEC standards do not describe how “trustworthy data” is obtained or derived, but do describe four processes where ITAM will find “trustworthy data”: • Change Management • Data Management • License Management, and • Security Management
This makes sense; if IT Security is maintaining an asset inventory (as mandated by ISO 27000), why not harvest reliable parts of their data to build out an asset inventory for a SAM tool just like one prescribed in the aforementioned Gartner article! Is that enough, for a typical CISO to claim a portion of the ITAM savings for their own expenditures? Maybe not, but let’s consider the second cost-savings source from the Gartner article: recycling software licenses. Typical security vulnerability tools are licensed by either the software agents deployed and installed on objects discovered within the computing environment, or by total found objects discovered in a passive sweep of IP address ranges. Unfortunately, IT Security might not catch and remove retired, duplicated, or incorrect records from its own asset inventory lists. That, in turn, risks an overcount of needed licenses and an overcharge to IT Security’s budget. However, if IT Security partners with ITAM and purges recovered and disposed asset inventory records from its vulnerability tools, the overall total cost of ownership for IT Security’s tooling can be significantly reduced. And those savings will unarguably return to IT Security. The final factor — optimizing software configurations — might seem like a stretch, but IT Security does have a say in the matter. Consider this example: while advising a client a few years ago, the IT Security department identified a number of high-risk security vulnerabilities in the corporate-standard PDF viewer. The CISO recommended removing the standard issued software outright before the next phishing attack successfully exploited the known bugs within the tool. The IT Service Support team resisted, arguing replatforming to the IT Security recommendation would be too costly and could be rejected by the end-user community. The ITAM team stepped in, identified a comparable tool with more features than currently oﬀered (satisfying the end-users), with a better vulnerability score (satisfying IT Security’s concerns), and at a total cost of ownership of 60% less than the current PDF standard (more than covering the cost of deploying the new tool). The moral of the story: simply by engaging ITAM, the CISO was able to improve the security position of his organization without incurring any extra cost to their department or the rest of the organization. Modern IT Security initiatives are necessary and expensive. Smart CISOs should always be on the lookout for cost-reduction and spend-justification opportunities. Both best business practice proponents and independent researchers identify the IT Asset Management team as a willing partner. By working together, ITAM and ITSec can improve the overall organization’s security position and simultaneously reduce the overall cost of ownership for IT. 1 “Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating”, 18Feb2016, Los Angeles Times 2 “How Riviera Beach left the door wide open for hackers”, 21Jun2019, Palm Beach Post 3 “Cut Software Spending Safely With SAM”, 16Mar2016, Gartner ID: G00301780 4 International Standard ISO/IEC 19770 — Information technology, asset management, Third edition 2017-12
Technology First | MAR-APR 2020
SECURITY Humans are the New Malware: Protecting Your Business Against Advanced Cyberthreats J.J. Thompson, Sr. Director Sophos Managed Threat Response / Secure Content Technologies
It may seem like a peculiar twist of irony, but as the technical capabilities is decreased as the benefits of staying unknown outweigh the benefits of afforded by automation proliferate, successful cyberattacks are attribution. increasingly more reliant on human execution. Fully automated attacks To hide their tracks, advanced adversaries will purposefully reverse engineer that rely exclusively on the programmatic distribution of malware are now the methods and tactics of incident responders, forensics teams and threat considered less sophisticated as advanced endpoint protection capabilities analysts to add a dimension to their attack whereby they lead investigators are able to detect and stop them without human intervention. to the conclusion they want them to reach on attribution by following the In response, we are seeing a significant increase in attacks that use methods and behaviors that would appear to be the work of another actor group. As Sun Tzu once wrote, “If his position is accessible, it is because that automation in the early stages to establish a silent foothold in the is advantageous to him.” organization, then shift to a human operator to execute the next steps. Slowly, methodically, and with great precision, attackers can Protecting your business against advanced threats enter the system, covertly modify security controls to evade detection, Cyberattackers aren’t just increasing in their level of sophistication, but steal credentials or data, and continue working their way through the they’re also “always-on.” That means an organisation’s dedicated security environment. If you think of a fully automated malware attack as a smashteam needs to be too. But many businesses don’t have the capacity to and-grab job, these automation-enhanced active attacks are Daniel Ocean- support around-the-clock monitoring and management. Few organisations level heists. have the right tools, people, and processes in-house to effectively manage security program 24/7 while proactively defending against new and 2020 marks an inflection point on the importance of proactively detecting their emerging threats. This is where managed service programs come into their attacker tactics, techniques and procedures (TTPs). It’s no longer enough own. They enable organizations to outsource this increasingly businessto react to attacks in progress with the hope of mitigating further damage. critical service to a trusted partner. In-depth knowledge of attacker TTPs enable security teams to operate Managed threat detection and response at the level of adversaries’ behavior and tendencies, providing valuable context about the attackers, their intentions, and their methods to identify Managed detection and response services deliver 24/7 threat monitoring, detection and response services to customers. The use of such services the most effective response. augments an internal team by, for example, covering those second and Here are a few of the top adversarial trends and behaviors businesses can third daily shifts that are notoriously difficult to recruit for, contributing skill expect in 2020: sets that the internal team may lack, and adding threat intelligence and unparalleled product expertise. Ideally, they also provide customers with Malicious use of Legitimate Software access to an expert team that can take targeted actions on their behalf to neutralise even the most sophisticated threats. Attacker patience and strategic evasion techniques are continuing to improve. Upon compromise, attackers survey the environment utilizing Key areas of expertise to look for include: passive and active techniques to create a topology of the attack surface. threat hunting: A good managed threat detection and response This technique provides more stealthy identification of critical targets, such Expert-led will anticipate attacker behaviour and identify new indicators of as administrative workstations, data custodian endpoints, files, and backup service attack and compromise. Threat hunters will proactively hunt for and validate servers. potential threats and incidents, and investigate casual and adjacent events Using legitimate administrative tools and other “living off the land” utilities to discover new threats that previously couldn’t be detected. such as PowerShell and PsExec, the attacker moves laterally to higher Advanced adversarial detection: The service should use proven priority assets without being detected in time to do anything about it. investigation techniques to differentiate legitimate behaviour from the tactics, techniques and procedures used by attackers. This should be Administrators who closely monitor logs often pre-filter these motions in coupled with enhanced telemetry that provides a detailed, full picture of Security Information and Event Management (SIEM) tools because, as the adversary activities and allows for the scope and severity of threats to be behaviors mimic legitimate administrator activities, they generate a lot determined for rapid response. of false positive alerts. So the security challenge lies in determining the Machine-accelerated human response: In the best cases, a highly difference between malicious and non-malicious use of these commonly trained team of world-class experts will not only generate and apply threat utilized administrative tools. intelligence to confirm threats detected by advanced security solutions, Attacking Backups but also take action to remotely disrupt, contain and neutralize threats with speed and precision. During an incident involving ransomware, the first question asked is whether it is possible to restore to a known good state. Unfortunately, the Asset discovery and prescriptive security health guidance: Last but not least, look for a service that provide valuable insights into managed and tactics and procedures utilized to compromise and encrypt servers and unmanaged assets, vulnerabilities for better-informed impact assessments endpoints are the same methods that can render connected automated and threat hunts, and offers prescriptive and actionable guidance for backups unusable. addressing configuration and architecture weaknesses that enable Attackers have realized that when they are able to destroy backups, it organizations to proactively improve their security posture with hardened results in a higher percentage of victims paying the ransom. Organizations defences. relying on backup and recovery instead of preventive and rapid threat One thing is certain: our adversaries will continue to evolve. Keeping your neutralization leave themselves exposed to risk in that they will be unable business safe from advanced attacks means bringing together the brightest to recover from ransomware attacks. human minds with the best technology on the market to actively defend your business 24/7. Reflective Attribution For additional information please contact Karen Greer, Secure Content The cybersecurity industry, media and government have a tendency of Technologies, Ltd. email@example.com or call 513-779rushing to assign attribution and attackers are preying on that tendency 1165. to avoid being linked to attacks. Once a threat actor has graduated to an advanced level, the need to be known for conducting a successful attack 14
Technology First | MAR-APR 2020
IT LEADER SPOTLIGHT Leo Cronin
Chief Security Officer Cincinnati Bell
What was your first job? My first job in IT was with Bethlehem Steel in Pennsylvania (1983). I was actually an Accounting and Business major in college and the steel company wanted business expertise. They provided the technical (IT) training. In retrospect, it was a great idea and forward-thinking. I entered the company’s management training program, called the “Loop” program. The goal of the program was to “loop” candidates through the entire IT organization over a two-year period. I started out in application development helping to automate cost accounting applications. I loved the development process and working with some of the “newer” development technologies invented by IBM at the time, such as ADF and IMS. I ended my rotation in operations and was given the opportunity to help implement “security” on the mainframe computers using a systems application called ACF2 (Access Control Facility 2). After working with systems programming and ACF2, I became hooked on the emerging field of computer security.
Did you always want to work in IT? I really wanted to be a CPA or work in finance and accounting after school, but I could see that the information systems/technology field had a lot of upside. IT is now essential to any organization and has significantly evolved from my days working on mainframes and closed networks. However, I do strongly believe my business background has helped me over my career in technology.
Tell us about your career path Security has always been a passion of mine since my first job with Bethlehem Steel, where I worked in banking, online publishing and then telecommunication/IT services. I have always been a collaborator and innovator in the field and was given the chance to do some career-enhancing things at First Interstate Bank and Lexis-Nexis/Reed Elsevier. At the bank, and in collaboration with the application development team, we designed and implemented a single sign-on framework to automate access to all branch mainframe applications using ACF2 and IBM’s Customer Information Control System (CICS). A byproduct of this project was the creation of a first-generation identity and access management application for on-boarding and off-boarding personnel who needed access to mainframe applications. It was driven for the most part from data straight out of the human resources management system. All written in SAS (Statistical Analysis System), it was really quite a beautiful thing. At Lexis-Nexis/Reed Elsevier I saw technology blossom with distributed systems, networking and that big thing called the Internet. Being an early adopter of the Internet, we developed our own session manager client software to access the Lexis systems from this new, ubiquitous network complete with password support and network transport encryption (that was pre-Web browser and SSL). I also got my start with writing intrusion detection systems that looked for anomalous online activity to reduce fraud and misuse of our services. As my career evolved, I was given the opportunity to lead a matrixed team of security professionals across the globe at Reed Elsevier to develop policies, strategy and standards for security. That was probably the work that I enjoyed the most. The security professional’s role has evolved significantly over the past 3 decades from technical wizard to trusted advisor and risk manager. All of my career experiences with designing and implementing security solutions and working with and through people definitely prepared me for my current job as Chief Security Officer (CSO) of Cincinnati Bell. I have been here 6 years and can already look back on some great accomplishments by the security team and our stakeholders. I really like the culture at Cincinnati Bell, they have great people, a forward-looking management team, and the company has allowed me to make a real difference. In closing, I would like to sum up my advice on a career path: do something you enjoy and become really good at it, believe in yourself, seize opportunities and take risks, and most importantly, work through and with people. Success is a team sport.
Former Technical Director for Air, Space, and Cyberspace Operations Air Force Materiel Command, WPAFB What was your first job?
My first job was delivering TVs in Fort Wayne, Indiana. It was the summer of 1978 and cable television was a new concept. The clarity of the picture over cable impressed me at the time.
Did you always want to work in IT? Computers always interested me, but my interest in airplanes was greater. I saw the power of IT during my career as I helped design aircraft for the USAF and later assess the combat survivability of aircraft penetrating enemy airspace. I used computer simulations for both tasks and couldn’t image doing these tasks without IT. My full indoctrination into IT came when I got involved with providing cyber resilient aircraft for the Air Force. Over the years, aircraft become more sophisticated and reliant on IT software and hardware. Ensuring the safe operations for our military aircraft showed me the complexity of the task and the need to consider cyber protection early in the system design. The same is true for any IT system, not just aircraft.
Tell us about your career path I started working for the Air Force in the fall of 1982, learning how to design aircraft. It was fun sketching something out on a drawing board and later using a computer to represent the design. We used a homegrown piece of software the organization wrote in Fortran to calculate the aerodynamics, propulsion, weight and performance of the aircraft. In 1993, I changed to running a wargame simulation, something like a Desert Storm scenario and analyzing how aircraft survivability helped minimize aircraft losses and maximize target kills. In 2013, I got involved is cyber resiliency for all USAF aircraft. This was new territory for the Air Force and got lots of attention from senior USAF leaders. From this position, I was chosen to be the Technical Director for Air, Space and Cyberspace Operations for Air Force Materiel Command. This allowed me the unique opportunity to protect USAF aircraft, as before, and protect the networks used to do the research, development, testing and procurement of aircraft in a traditional IT sense.
What roles or skills are you finding (or anticipate to be) the most difficult to fill? The skills most difficult to fill are in the cyber security field. While I think of the field as new, it really isn’t. It has been around for 20 years. What makes it difficult is the ying and yang aspect of the field. As cyber security professionals become better at their job, the adversary finds new means to penetrate the defenses. It is hard to find someone with experience. It is hard to allow someone to develop their experience. And, we hold cyber security professionals to an impossible standard of zero breaches. No wonder it is difficult to fill these positions. Nobody wants to be a victim of a breech and defending against every threat in the world is daunting. Patience, perseverance and professionals will provide the protection everyone is looking for.
Technology First | MAR-APR 2020
Operating a SOC: Improvements to Make, Pitfalls to Avoid, and What to Watch Todd Thiemann Arctic Wolf Networks
A modern security operations center (SOC) is challenging to operate in terms of organization, technology, and budgets. Arctic Wolf navigates these challenges every day as we monitor over 1000 customers to detect and respond to threats as well as assess vulnerabilities. Our SOC has operated since 2014 and we have learned many lessons along the way. This article describes three key factors to improve SOC operations, three pitfalls to avoid, and some guideposts to consider during your journey to optimize SOC effectiveness. Some key factors to improve SOC operations: 1) Locate and Retain SOC Talent Finding good SOC analysts is difficult in the best of times, and is particularly challenging in the present growth economy where talent is scarce. You need smart people to understand threat surface, interpret security telemetry, and find and analyze threats. Today’s latest AI and machine learning will help your staff be more effective, however, it will never replace smart people who understand your context. You need to have the right programs in place to locate, train, and retain the good people. 2) Incrementally Improve Your SOC The “big bang” theory of improving SOC operations is fraught with risk and has a high probability of failure. Our experience has been that you need to figure out what you do well and build from there. Gradual improvement typically wins out over grandiose projects. 3) Coordinating SOC and Network Operations Center (NOC) Operations Integrating your SOC and NOC and how they engage with each other can help improve success. A NOC manages, controls and monitors networks for things like availability, backups, ensuring sufficient bandwidth, and troubleshooting network problems. A SOC monitors and analyzes for security risks and threats. The two functions can overlap when events like a denial of service (DOS) attack might manifest itself as a network outage, but is, in fact, a security threat. While the two functions can be organizationally discrete, they need to coordinate to achieve an optimal outcome. Now that we have covered improvements, what about pitfalls along our SOC journey? The major ones that we identified along the way are: 1) Unrealistic Goals Establish what you want to achieve with a SOC and how much it might cost. Think through all of the pieces to establish your SOC including people, processes and technology. While the goals might be the same, larger organizations have bigger budgets and more resources than smaller organizations. You will face “build vs buy” decisions and need to think through the best approach to achieving your goals. Be realistic about what you might want to achieve and clear-eyed on how to achieve it. 2) Staffing Delusions Consider the security challenges the business faces and the staffing level to address those challenges. Referring to the two or three security people that you have as “my SOC” is not the optimal answer. A handful of people will struggle to provide 24x7x365 coverage. And relying on alerts sent to phones during off-hours is a risky recipe for success when that middle-ofthe-night alert beeps while someone is asleep. Analyst firm Gartner has suggested that eight to 12 analysts are needed to provide 24x7 coverage. Consider what happens when something bad happens when your staff is celebrating on New Year’s Eve and there isn’t someone minding the store. Be realistic about how many people you need along with how you will find, train, and retain those people. 3) The “AI Cure-all” Fallacy Artificial intelligence (AI) and machine learning are the buzzwords de jour in IT security. While the technology holds promise, AI will not solve all of your problems and you cannot automate your way out of the security monitoring challenge. Maintaining a well-functioning SOC also requires finding, training and retaining good people. You need good people 16
Technology First | MAR-APR 2020
who can leverage sophisticated tools and AI to find the bad stuff, and those people are hard to come by. And smart SOC talent is a key to providing feedback from which automation can learn. Retaining those people means providing them with a variety of work that they find to be interesting. Variety is the spice of life and it is one of the reasons Arctic Wolf has been able to retain exceptionally talented SOC staff. Other Guideposts to Consider A couple of items that you need to figure out on your SOC journey are whether to build-your-own SOC or use a third-party monitoring service along with what you need to watch. Build vs Buy: You can establish your own SOC or you can use a SOC-as-aservice provider to monitor your environment for threats. Analyst firm Gartner has predicted that the managed detection and response (MDR) market adoption will increase from 5% of organizations in 2019 to 25% by 2024 (Gartner “Market Guide for Managed Detection and Response Services”, 15 July 2019). Much of that decision will be driven by costs as well as the availability of cybersecurity expertise. A SOC combines people, process and technology. A SOC initiative requires a healthy chunk of budget and management attention. If you operate in a remote area, you might not be able to locate adequate security staffing. Think carefully about what makes the most sense for your organization given your business context. Understand Your Environment: You can’t monitor and protect what you don’t know you have. Understanding your environment means taking an asset inventory and assessing your vulnerabilities. It also means understanding your on-premises infrastructure along with your cloud footprint. Monitoring your on-premises environment involves endpoint computers running Windows, Linux and MacOS as well as monitoring the network and network infrastructure such as firewalls, DNS, Active Directory (AD), Wifi access points, and so forth. And as sensitive data moves to the cloud, you also need to understand your cloud footprint. Having visibility across your environment, both cloud and on-premises, will allow you to see scenarios like a threat actor attempting to brute force an Office365 account and then use it as a jump-off point to compromise on-premises infrastructure. No matter whether you build your own SOC or use a SOC-as-a-service, you need to understand your own environment to adequately monitor that environment. There is no one road to SOC success, but the above learnings and guideposts will increase your likelihood of SOC success.
Do You Need to Backup Office 365?
John Thome, President, Chi Corporation
Microsoft Office 365 has transformed business use of the cloud. Gartner recently reported that 1 in 5 corporate employees use an Office 365 cloud service, and that Office 365 is now the most widely used cloud service by user count. Companies and organizations have adopted Office 365 for a variety of reasons. It's simply easier and more efficient to manage than a back-room Exchange Server; the licensing is an easy-to-consume subscription model that can be modified on-the-fly; and the products can be deployed to multiple platforms or simply used in the cloud. Customers can access their Office applications and sync and share documents anywhere, even if they're offline, and there's no need for a VPN connection to an on-premises file server. And the Microsoft service even takes care of your email and data backups. Or does it? It's true that Microsoft has native retention and basic recovery capabilities, and businesses without mission-critical email and documents may find that these suit their needs. Using these native tools or deploying a more robust solution is a business decision that needs to be made upon migration to Office 365. Seven things to consider when evaluating the protection of your Office 365 data: 1. Approximately 70% of data loss in a SaaS application is due to accidental or malicious deletion of data by end-users. If your discovery of the loss takes longer than the configured retention policy, the data is gone. Microsoft SLAs do not protect customers against this. 2. If your Office 365 administrator account is compromised, your backups could be lost too. 3. Will your Microsoft data retention capabilities be able to restore files and accounts in the configuration you need? Even if the data is backed-up as
needed, the restore process could be more difficult than you want. 4. Are you legally required to comply with specific retention and potential litigation policies? Will the native tools provide this capability for you? 5. Users can accidentally corrupt their data with malware, especially ransomware. Recovery from this scenario can be difficult and timeconsuming using built-in capabilities. Versioning in OneDrive and SharePoint can help, but this counts against storage allocation and may result in additional storage costs. 6. Even Microsoft urges caution and recommends full backups: “We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” - Microsoft 7. Industry best practice is to use the 3-2-1 rule: At least three copies of data, in two different formats, with one copy stored offline or in the cloud. Following this rule remains one of the best ways to protect your data. Recent research reveals that at least 40% of companies surveyed aren't using any third-party backup tools to protect their mission-critical data in Office 365. That's at least 40% of companies that are at a higher risk of data loss. Choosing a capable, fully-featured, and secure cloud-to-cloud backup solution for Office 365 is key to avoiding the pitfalls of data loss in Office 365. Data is at the heart of your business, whether it is on-premises or in the cloud. As you move your business-critical data to the Office 365 cloud, choosing a secure cloud-to-cloud backup solution allows you to properly protect your data and secure it and confidently use the cloud without the worry of data loss, data leak, or cybersecurity concerns.
Protecting Your Data from Threats Wherever They May Be. Chi Corporation is a leading storage, backup, networking, security and virtualization solution provider and is honored to partner with Barracuda, an innovator in network security and data protection.
Barracuda’s products span three core areas—network security, data backup and protection, and application delivery—and are designed to help businesses meet the growing IT challenges of network and data security with true end-toend protection. All products can be managed from a singular, central platform, eliminating frustrations with access and management.
Learn More about Chi and Barracuda at the Ohio Information Security Conference
Visit Us at Booth #1
For more information about data security, networking, and storage solutions for your organization, please contact:
Jeff Turner Account Executive | Chi Corporation | 614-595-2720 firstname.lastname@example.org | ChiCorporation.com
Technology First | MAR-APR 2020
TECHNOLOGY FIRST BOARD OF DIRECTORS Diana Bolden Former CIO Teradata
Treg Gilstorf Chief Information Officer Yaskawa Motoman Robotics
Andy Lehman CIO & Senior VP Kettering Health Network
Jim Bradley Vice President, IT Tecomet
Gary Ginter System Vice President, CIO Premier Health
Scott McCollum - CHAIR Chief Information Officer Sinclair College
Matt Coatney CTO, Managed Services HBR Consulting
Lisa Heckler VP, Information Security & Privacy CareSource
Tonjia Coverdale, PhD Vice President for Information Technology and Chief Information Officer Central State University
Monique McGlinch VP, Customer Engagement and Corporate Agile Center of Excellence Midmark Corporation
Bryan J. Hogan President / CEO Afidence
Melissa Cutcher Executive Director Technology First Timothy Ewart Former Cyberspace Operations Technical Director HQ Air Force Materiel Command WPAFB
John Huelsman Director of Business Support Solutions Hobart Service Don Hopkins Director, Master of IS & Logistics/SCM Wright State University Ryan Kean VP, Technical Strategy and Architecture Company
Paul Moorman Former IT Strategist ND Paper Robin Poffenberger Systems Manager Washington-Centerville Public Library Christopher Roe Vice President, Information Technology Services Speedway LLC Thomas Skill, PhD Associate Provost & CIO University of Dayton
Technology First would like to thank and recognize its Board of Directors. They provide input into the strategic direction of the organization and actively lead working committees that drive our programs and services. Publisher: Technology First Executive Director: Melissa Cutcher Director, Marketing & Events: Kaitlin Regan
Design & Production: Technology First
Writers: Our mission is to support the growth of Greater Daytonâ€™s information technology industry. Technology First provides a forum for educators, business, and technical professionals to communicate their expertise and lessons learned while working in the field. Please submit the article in Word, preferably with 500 to 700 words, with any graphics in pdf form to email@example.com. Please include your name, business organization, business address, phone number, fax number, e-mail address, and a brief description of any professional accomplishments. Please also include a digital photograph if available. Subscriptions: Non-member business/home delivery of this publication is available at $25/year (6 issues). Mail name, address and check made payable to Technology First.
2020 Technology First; All rights reserved
Technology First | MAR-APR 2020
714 E. Monument Avenue; Suite 106 Dayton, OH 45402 p: 937.229.0054
CREATING A COMMUNITY TO SHARE KNOWLEDGE, GROW BUSINESS AND BUILD FOR THE FUTURE.
Established in 1997
TECHNOLOGY FIRST LEADERSHIP AWARDS
Recognizes contributions of Technology professionals (each May) Outstanding Technology Team Best IT Services Company IT Executive of the Year Emerging Tech Leader Most Promising Startup Award of Excellence - Student Project
4 Quarterly Meetings
TECH THURSDAYS Casual After Hours Networking 5x / year
CIO/CEO COUNCIL (IT LEADERS) Company's Highest Level IT Executive or Business Leader Monthly Meetings 25-40 Attendees Each Session Strategic Planning and Leading Edge Topics Peer-led sessions and networking
20+ Attendees Each Session 7x/year Artificial Intelligence / Machine Learning Analytical Algorithms Data Strategy & Analysis Tools IoT Applications
15+ Attendees Each Session 7x/year Trending Infrastructure and Cloud Topics Maintenance & Security
WEBSITE TECH SOURCE
Helps IT Buyers find Suppliers Locate Resources in our Region RFP & Referral Requests
TECHNOLOGY FIRST MAGAZINE Expert Articles contributed by Members 1,000+ Mailed to IT Professionals 70,000+ readers
E-NEWSLETTER 4,000+ Subscribers Event News Job Opportunities Member Highlights Annual Partner Recognition SCAN TO SIGN-UP FOR EMAILS
Both in Dayton and Cincinnati (7x/yr) Four Areas of Focus Leadership Networking Professional Development Mentoring
26,000+ Unique Annual Visitors
WOMEN 4 TECHNOLOGY
50+ Attendees Each Session CIO Council open to all of membership 3x/year (January, April, October) Recognized Thought Leaders
2 AC ON NN UF EARLE N C E S
MUNICIPALITY IT IT Leaders, City Managers, and MSP's of Municipalities Smart Cities and Leading Edge Topics
OHIO INFORMATION SECURITY CONFERENCE
TASTE OF IT 13th Annual 11/13/19 Tracks: Strategy, Security, Analytics, Infrastructure/Cloud, Dev/Programmers 400+ Participants 30+ Speakers 40+ Exhibitors
17th Annual 3/11/20 Tracks; Executive, Technical, Operations, Resiliency, Governance, and Workforce 350+ Participants 25+ Speakers including Expert Panels 30+ Exhibitors
THE FUTURE DIGITAL MIXER
Annual Casual Career and Networking Night (February) 35+ Employers 200+ Students Local Colleges and Universities
SCHOLARSHIPS $5,000 in Scholarship Money to 5 students 2019 Winners from Sinclair College, Wright State University, and Cedarville University
STUDENT VOLUNTEERS K-12 ENGAGEMENT
Unlimited Position Postings for Members Full-time, Part-time, and Internship Opportunities
Technology First | MAR-APR 2020
714 E. Monument Ave., Suite 106 Dayton, OH 45402 937.229.0054 â€¢ TechnologyFirst.org
2020 EVENT DATES:
SIGN UP FOR EMAIL LIST HERE
January 16, 2020 - Tech Forum (Open Event) February 20, 2020 March 27, 2020 April 16, 2020 - Tech Forum (Open Event) May 21, 2020 June 12, 2020 July 9, 2020 August 14, 2020 September 10, 2020 October 8, 2020 - Tech Forum (Open Event) December 3, 2020
January 10, 2020 February 28, 2020 April 3, 2020 May 15, 2020 August 21, 2020 October 2, 2020 December 4, 2020
(Executive Leadership Only - 11:30-1pm)
(Open to ALL - 8:30-10am)
INFRASTRUCTURE/CLOUD (Open to ALL - 11:30-1pm) January 10, 2020 February 28, 2020 April 3, 2020 May 15, 2020 August 21, 2020 October 2, 2020 December 4, 2020
CONFERENCES (Open to ALL)
OISC - March 11, 2020 Taste of IT - November 18, 2020
SPECIAL EVENTS (Open to ALL)
Digital Mixer - February 12, 2020 Leadership Awards - May 7, 2020
TECH THURSDAYS (Open to ALL - 5-7pm) February 13, 2020 April 9, 2020 June 11, 2020 August 27, 2020 November 5, 2020
WOMEN 4 TECHNOLOGY (Open to ALL - 8-10am)
DAYTON: January 22, 2020 June 3, 2020 September 16, 2020
CINCY: February 5, 2020 May 13, 2020 August 12, 2020 December 9, 2020
(for City Managers and Muni IT Leaders) June 4, 2020 September 24, 2020 December 10, 2020
Register at www.technologyfirst.org @technologyfirst.org
Technology First | MAR-APR 2020
Read our Tech First Magazine at issuu.com/technologyfirstdayton