Your session has expired.

Your authenticated session has expired due to inactivity. You can close this message and continue as a guest or log in again before proceeding.

NEXT GENERATION COMMUNICATIONS


    Specified user is not valid
    Publish
     
      • Understanding, Preventing, and Detecting Business Email Compromise Scams

        Published Dec 09 2016, 9:06 PM by Lesley Carhart

        It’s 6 AM. Your organization’s finance director gets an urgent email purportedly from the CEO, requesting he wire transfer $600,000 to an overseas account to make an overdue payment. The CEO hardly ever emails him directly, and she’s counting on him to fix a bad situation. He blearily responds and completes the transfer. Three hours later, he discovers the transfer was a scam, and the money might not be recoverable…

        If this were your organization, you would be only one of thousands of organizations to fall victim to this type of scam. By April 2016, the FBI had already tracked $2.3 billion USD of reported losses to Business Email Compromise (B.E.C.) scams. How do these scams work? What do they look like? And more importantly, how can you detect and prevent them as an organization?

        Scammers need to choose a target in a position of authority sufficient to move money or sensitive tax records, yet still capable of being intimidated by a higher level executive like a CEO or CFO. Unfortunately for companies, these victims are often easily found because they chose to list their employer, position, and responsibilities on social media sites like LinkedIn. Corporate websites that contain leadership bios can also be a goldmine for bad guys. An ideal target is a finance or HR manager - people who might be able to authorize a large transaction or access personnel files outside of business hours without any oversight.

        Once the scammers have chosen a target, they choose a high level executive in the company who they will “spoof”, or pretend to be. They will need to send an email pretending to be this person to a victim, and attempt to strong-arm him or her into providing money or data through intimidation and a sense of urgency. Once again, it’s fairly trivial for scammers to locate data about an organization’s CEO, CFO, or Director. The more data that is freely available on the internet, the easier it is for scammers to make a fake email look authentic. If they find a signature block for the person, or their real contact information, the email can be made to look quite real.

        The scammers then craft a phishing email. The messages tend to be short and to the point – they address the target by name, state that it is of utmost urgency that he or she respond immediately, and may include a brief story describing why the request must be done quietly. All of these factors pressure the target into completing the transaction without informing management or following proper procedures. In certain instances, the “executive” may specify a go-between who will contact the target on their behalf. Often, the go-between is an attorney whose name and contact information has been appropriated for the purpose of the scam.

        The scammers ensure the phishing email appears to come from the selected executive. There are three common methods in which they do this: The first is changing the “from” address in the message to the executive’s real email, while leaving a hidden “reply-to” field as the scammer’s mailbox. In many email clients, message details must be manually viewed to catch this trick. The second is registering a domain name a letter or two off from the organization’s, which looks correct unless it is read very carefully. The third and least common is actually gaining access to the executive’s mailbox via hacking or malware.

        An example message might read like this:

        From: Tony Jackson – CFO (tony.jackson@example.com)
        To: Emily Lee- Accounting (emily.lee@example.com)
        Reply-To: (tonyjacksoncfo@webmail.example)
        Subject: Request

        Emily,
        I’ve got something important I need you to work on promptly. Over the next few days we will be completing an acquisition I have been working on for the last couple of months. We are required to make a deposit payment ASAP please. It’s important you understand this acquisition needs to remain private. I will brief you more about this later. What details will be needed to process the payment?

        Regards,
        Tony Jackson
        CFO
        (212) 555 0235
        Sent from iphone

        Notice that unlike traditional phishing emails, there are few red flags in this message. It looks pretty authentic. Unless Emily (or her IT team) tells her email client to show the “reply-to” address, she will likely never see that the message was not truly sent from her CFO. Additionally, if Emily rarely gets messages directly from an executive, she could be really intimidated.

        Here are 10 suggestions from Motorola Solutions Managed Security Services for preventing and detecting B.E.C. phishing:

        1. Train and encourage your employees to report suspicious messages to somebody who can review them and respond in a timely manner.
        2. Establish a social media policy for employees, and monitor what organizational data is publicly posted on the internet.
        3. Ensure that employees in sensitive positions are aware of B.E.C. campaigns.
        4. Have your IT department label all emails which come from outside your organization as “EXTERNAL”. Most mail servers support this, and the label can be added to the subject line or message body.
        5. Have your IT department deploy email digital signatures if possible.
        6. Ensure there is always a set, non-email procedure completed every time a large money or sensitive data transfer is completed.
        7. Have your IT department enable two-factor authentication to protect web mail accounts.
        8. If possible, have your IT department quarantine all emails which spoof your domain name.
        9. Use humans and technical controls to monitor for unusual emails (does your U.S.-based executive ever close a message “Regards”? Does he or she send emails to Finance at 2AM?) B.E.C. emails are more sophisticated than an average phish, so small anomalies can be important to notice.
        10. Use a brand monitoring service to alert your IT team if look-alike or “typo squatting” domains close to your organization’s are registered.


        The FBI advises the following if you believe your organization has been the victim of a B.E.C. scam:

        • Contact your financial institution immediately
        • Request that they contact the financial institution where the fraudulent transfer was sent
        • File a complaint—regardless of dollar loss—with the IC3.

        Lesley Carhart is Incident Response Lead, Security Operations Center at Motorola Solutions

      • 6 Lessons Learned from the Holiday Data Breaches

        Published Dec 09 2016, 9:04 PM by Lesley Carhart

        Have you been watching your credit card statements this month? The high-profile data breaches of several major retailers over the holiday shopping season caused inconvenience, disruptions and concern to millions of consumers in the U.S. and abroad. There will be speculation and debate for months about exactly how Target Corporation and Neiman Marcus’ point of sale systems were compromised, and what could have been done to prevent it. Instead, as we look to the security of our own business systems, there are a few basic lessons we should learn from these incidents:

        1. It can happen to anyone. In Q4 2013, we saw a broad spectrum of very public security incidents, from the massive breach of the retail powerhouse Target, to the successful ransom of many small organizations, including a police department, using the cutthroat Cryptolocker malware to hold their files hostage. The bottom line is that cybercriminals are smart, and they want to make money using the most effective means possible. That may be the meticulously planned breach of a large and well-secured organization, or a few hundred dollars stolen from many thousands of small businesses.
        2. PCI DSS standards should not be followed merely to pass audits. Payment system security should always be taken seriously, without exceptions, and planned thoroughly in advance of system implementation. Payment Card Industry Data Security Standard controls constitute a minimum security baseline that exists for a reason, and too many organizations comply only with bare minimum requirements. A recent Fortinet study revealed that one in five small retailers is not even PCI compliant.
        3. Security budgeting and staffing should not be reactive. Hindsight is 20/20. After a security incident, if outside forensics or security consultants must be brought in to assist, it is not unlikely they will find evidence of further compromise or previous breaches. Security monitoring, policy, and auditing should occur routinely, with the support of upper management.
        4. Attackers will find the weakest link. You may have built top-notch security into your stores’ wired networks, but those measures may be irrelevant if you have failed to secure the link from each store to your payment processor, segregate your corporate network, or secure your wireless network. Security must be considered end-to-end. In the case of point-of-sale system breaches, we often see malware installed that can snag credit card numbers while they are briefly unencrypted in the devices’ memory. However, this requires an attacker gain adequate access to the terminals.
        5. Disaster Recovery Plans are critical. In the age of social media, the rumor of a security breach can rapidly spread and cause financial damage. Along with plans for natural disasters, fires, and equipment failures, every organization should be prepared for a major security incident with a data breach recovery plan. How will impacted customers and shareholders be notified in a timely manner? Can you have adequate resources available to deal with customer concerns? Who will perform forensic analysis of compromised systems in a manner which is admissible in court? If your critical business files are tampered with or deleted, do you have backups that can be promptly restored?
        6. Offer Payment Flexibility. This most recent string of data breaches has hurt consumer confidence in traditional credit card transactions. It’s courteous (and even advantageous) for retailers to offer customers the option to use third-party payment services which securely bypass their own payment processor.

        Read more about how Motorola Solutions offers several solutions for securing and monitoring in-store wireless networks.

        Lesley Carhart is the Incident Response Team Lead for the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

        Read past blogs by Lesley Carhart here:

      • Malware: It’s All Grown Up, and You Should Care

        Published Dec 09 2016, 9:03 PM by Lesley Carhart

        Recently, the security firm ESET Ireland commissioned a study about how computer users react to antivirus warning messages on their computers. They compared the results of the survey with those from a similar survey conducted two years ago. The results showed decreasing responsiveness from users to virus warnings. For instance, the number of users who admitted to ignoring warnings to run a file or program increased a full 10 percent. This is a trend noted by multiple researchers.

        Obviously, to the information security community, this is alarming and frustrating. However, we’re also partially responsible. The news is filled with sensational stories about hacking and malware. People are tired of hearing about threats that don’t appear to affect them, so they’re paying less attention. UC Berkeley termed this phenomenon “warning fatigue”. Part of the problem are common misconceptions about what modern malware is and isn’t.

        Malware today exists for several general purposes:

        • To steal private data from infected computers. This could mean our banking information, passwords, or confidential files.
        • To allow remote access to an infected computer to a hacker. This is attractive for many reasons, including using the computer to access other systems or programs.
        • To use the computer’s resources to perform some task, often criminal. This could mean using the computer to send spam, steal copyrighted material, view ads, or attack other systems.
        • To intimidate or confuse users into providing criminals with money or personal data. This includes fake FBI warnings, fake security programs, and other ‘ransomware’.
        • To spread to other computers.

        Many people still expect a virus to cause a noticeable disruption on their computer. For most of the purposes above, it’s smarter for the author of the malware to make it invisible. Like a disease, malware will spread and survive more effectively if there aren’t any symptoms. Malware writers go to a lot of work to conceal their creations. This means there’s a constant “cat and mouse” game between the bad guys and the antivirus companies. It also means that many people believe they have a virus when their computers malfunction, but few believe it when they see no visible impact.

        Another common misconception is that malware is primarily written by bored kids or disgruntled employees. Computer crime is a billion-dollar criminal enterprise, which rivals any other organized crime organization. Some of the brightest computer science minds are employed by these organizations to write sophisticated viruses, often because they have no better employment prospects. Nation states purportedly now use malware like any other espionage tool. Hacktivist groups use malware to accomplish complex social and political agendas.

        The last misconception I’d like to touch on is those people who are positive their computers are not infected because they’re using antivirus. As we’ve discussed, there is a lot of money to be made in infecting computers. This means that finding new ways to evade the security of operating systems, antivirus, and software is also worth a lot of money. Applying updates on a regular basis, installing antivirus, and following good computer security practices decreases the risk of an infection significantly. Unfortunately, it does not completely eliminate the risk. Even experienced IT professionals should still be paying attention to the messages their security software provides.

        Malware continues to flourish in part because there continue to be vulnerable systems and complacent users. This means millions of credit card numbers and passwords stolen each year, billions of spam messages, and continual distributed attacks against websites. Instead of panicking about this, we should be routinely vigilant. Every computer user and organization has a reason to install and update antivirus. Any person’s computer can be infected, and antivirus warning messages should always be taken seriously.

        Lesley Carhart is a Senior Information Security Specialist in the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

        Read past blogs by Lesley Carhart here, including:

        Secure Yourself, Your Family and Your Organization by Securing Your Photos
        What’s Your Pa$$word? Secure Your Organization by Securing Your Accounts
        Secure Your Organization by Securing Yourself: Beware the Removable Device
        Secure Your Organization by Securing Yourself on Social Networks
        Log Monitoring and Cyberthreat Detection

      • Secure Yourself, Your Family and Your Organization by Securing Your Photos

        Published Dec 09 2016, 9:03 PM by Lesley Carhart

        How to Disable Your Camera's Geotagging

        Follow these instructions to disable geotagging on your:

        For existing photos, Windows 7 and above provide a menu option to remove EXIF metadata from photos.

        This is part four of a multi-part blog series.

        Carhart.jpg

        If somebody asked you where the photo above was taken, how would you figure it out? Maybe you would make an educated guess. The building reads, "Motorola Solutions", so it probably belongs to our company. The weather looks temperate; it's not in the desert. There aren't any immediately surrounding structures, so it's likely not in the middle of a city. Given these facts, and using photos and maps on the internet, you could probably figure out eventually that the building is Motorola Solutions headquarters, in Schaumburg, Illinois.

        Now, what if you were asked to figure out where the next picture was taken?

        Carhart02.jpg

        Maybe you could deduce something about the flower, but it's impossible to say exactly where the photo was taken just by looking at it. What if you also wanted to know whose cameras took the photos, and at what time?

        The answers lie in something called "exchangeable image file format" (EXIF). EXIF metadata is hidden in many common picture formats. It includes information about the camera model used and its settings, such as aperture, time, and resolution. EXIF data may also note if a photo was edited. Although that might not mean much to us, it's useful information for professional photographers – EXIF was developed in the 1990s to help them. It is now an industry standard, used in almost all digital cameras (including mobile phones).

        Today, EXIF contains information far beyond camera settings. Most smartphones provide GPS, and can add latitude and longitude information to the photos they take (known as "geotagging"). Geotagging is intended to aid the photographer and the applications and websites he or she sends pictures to. Phones also note information about themselves, such as model, manufacturer, operating system, and serial number.

        Let's have a look at some of the EXIF information hidden inside our picture of flowers:

        • File Name: flowers.JPG
        • File Creation Date/Time: 2013:09:23 13:02:27-05:00
        • Make: Apple
        • Camera Model Name: iPhone 5
        • Orientation: Rotate 90 CW
        • GPS Position: 42 deg 3' 55.09" N, 88 deg 2' 59.21" W
        • Flash: Auto, Did not fire

        We now know the picture was taken by an iPhone at 42 3' 55.09" N, 88 2' 59.21" W, on 9/23/13. Google Maps shows us where the photo was taken - also Motorola Solutions, Schaumburg.

        Obviously, this is a big security concern. We wouldn't publicly post where our kids go to school, where a military unit is deployed, or where we live or are working on a confidential project. So why do we continue to let our cameras do it for us? Not only do we know the when and where these photos were taken, but we know which phone the photographer was using. From a hacking perspective, Jane Hacker now knows to send the owner malware for iPhone, not Android.

        Let's have a closer look at some of the EXIF metadata in our picture of the building:

        • File Name: moto.jpg
        • Create Date: 2013:09:23 12:54:27
        • Make: Motorola
        • Camera Model Name: XT907
        • Orientation: Horizontal (normal)
        • GPS Position: 42 deg 3' 46.75" N, 88 deg 2' 56.47" W
        • Light Source: Daylight

        So, this photo was taken at 42 3' 46.75" N, 88 2' 56.47" W using a Motorola XT907. A quick Google search shows us XT907 means a Droid RAZR M. Again, the GPS position is easily translated into a street address. That was easier than our detective work earlier!

        Carhart03.png

        Fortunately, as awareness of the risks of location data in photos increases, providers are doing more to prevent users from accidentally exposing it. Instagram and Facebook remove EXIF data from uploaded photos. However, many other popular photo sharing and storage services don't, because photographers still use the information.

        Next time you post a photo, consider what else you're posting. Could including the location, time, or camera impact your security, or that of your organization or family? There's rarely reason to leave geotagging enabled. It provides far too much private information to anyone who sees the photo.

        Instructions for disabling geotagging on Android devices can be found here. For Apple devices, they can be found here, and for Blackberry, here. For existing photos, Windows 7 and above provide a menu option to remove EXIF metadata from photos.

        Lesley Carhart is a Senior Information Security Specialist in the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

        Read past blogs by Lesley Carhart here:

        What's Your Pa$$word? Secure Your Organization by Securing Your Accounts

        Secure Your Organization by Securing Yourself: Beware the Removable Device

        Secure Your Organization by Securing Yourself on Social Networks

        Log Monitoring and Cyberthreat Detection

      • What's Your Pa$$word? Secure Your Organization by Securing Your Accounts

        Published Dec 09 2016, 9:02 PM by Lesley Carhart

        About this Series
        There was a time in the not-so-distant past when personal and work lives were two separate things. A person worked at the office, went home, and usually had little to do with his or her employer until the next day. Since the advent of the home computer, the mobile phone, then telecommuting and social media, these lines have blurred. For better or for worse, our personal lives creep into our work, and we're often working during our "off" hours. What many people don't consider is the unprecedented security risk this poses to our employers. Our personal choices can impact the security of our organizations, and making the right choices can help deter attempts at theft and damage. With this series of blogs, we dig into current threats to cybersecurity for everyone — and for organizations.

        Read Part 1 here: Secure Your Organization by Securing Yourself on Social Networks
        Read Part 2 here: Secure Your Organization by Securing Yourself: Beware the Removable Device

        This is part three of a multi-part blog series.

        The topic of password security has been spoken about continually for the past two decades. However, passwords continue to be a problem for almost every organization, and "password" and "qwerty" are still among the most common passwords in the world. Let's go through seven basic facts about authentication and see if your accounts are as secure as they should be.

        1. Everybody should know the basics of how passwords are cracked. For your security, most passwords are stored and transmitted in an encrypted form. There are two ways a hacker can decrypt, or "crack" your passwords. The first is "brute force". This requires generating every possible combination of letters, numbers, and symbols, encrypting each one the same way, and checking if the result matches your encrypted password. For longer passwords, this can be very time consuming. The faster option is a "dictionary" attack, which means checking the encrypted password against the encrypted results of a large dictionary of known words or names. So, passwords which are words are generally significantly easier to decrypt than random strings or phrases.
        2. We've all been trained to think about password creation wrong. Years of password instructions have made us think of passwords in a faulty way. We've been brainwashed into creating one or two-word passwords containing a numbers and punctuation, like ‘P@55w0rd!'. Oddly, in most cases there is no longer anything that limits us to a single word. Most modern software allows for very long passwords, and it's more secure to use a passphrase, or a short sentence. A sentence is easy to remember, contains spaces and some punctuation, and can easily contain a number if required. I can't demonstrate this more succinctly than xkcd.com:
          carhart02.png
        3. Hackers know all of your password tricks. Password-cracking software has evolved to the point where it can automatically check for words in which letters have been replaced by numbers. Numbers and punctuation at the end can be ignored as well (forget adding the month or year). Checking all these possibilities may take longer, but today the distinction is seconds or minutes, not hours or days. See if you can find any of your ‘tricks' in the built-in options in the password cracking software Cain:
          carhart01.png
        4. Hackers love it when you reuse your passwords. Nothing will make Jane Hacker happier than cracking the password to your home PC, then finding it opens your Twitter account and your work email, too. I'm not naïve enough to expect everyone to memorize long, complicated passwords. If you're having trouble, use a reputable password manager, like Keepass or Lastpass, which can generate strong passwords and store them securely for your use.
        5. Hackers also love it when you don't change your passwords. There are endless ways that your passwords could be stolen; both in and outside of your control. Presume that at some point, your passwords will be intercepted or stolen from a third party. It does take time for thieves to decrypt large numbers of passwords when they are stolen in bulk, or sell them on the black market. The bottom line is: Changing your passwords on a regular basis is a real simple thing that you can do to help protect yourself.
        6. The password really is dead. Michael Barrett of PayPal stated fittingly this year, "Passwords, when used ubiquitously everywhere at Internet scale, are starting to fail us". More powerful computers, easy-to-use hacking tools, and shared resources have made it a trivial effort for anybody to crack passwords. Organizations and developers need to find new ways to authenticate users. Which leads us to…
        7. Everybody should be using two-factor authentication. Most large social networking, financial, and email websites now support two-factor authentication. This means using a combination of something you know (such as your password or pin number), and something you have (a token, mobile phone, your fingerprint, or a smart card) to authenticate you. Checking a text message on your mobile phone to log into Gmail provides a drastic increase in your security in exchange for a small inconvenience.

        Over the next decade, it is very likely we will see more methods of authenticating users without passwords. Organizations are moving in the right direction. The Bank of Utah is monitoring the way users type, while Motorola Mobility has gone so far as to imagine a world where we take pills or use tattoos to log into computers. Unfortunately, it is also likely we will still see passwords in use at work and at home for many years to come. Good password practices and awareness can help decrease the risk associated with them.

        Lesley Carhart is a Senior Information Security Specialist in the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

        Read past blogs by Lesley Carhart here:

        Secure Your Organization by Securing Yourself: Beware the Removable Device

        Secure Your Organization by Securing Yourself on Social Networks

        Log Monitoring and Cyberthreat Detection

      • Secure Your Organization by Securing Yourself: Beware the Removable Device

        Published Dec 09 2016, 9:02 PM by Lesley Carhart

        About this Series
        There was a time in the not-so-distant past when personal and work lives were two separate things. A person worked at the office, went home, and usually had little to do with his or her employer until the next day. Since the advent of the home computer, the mobile phone, then telecommuting and social media, these lines have blurred. For better or for worse, our personal lives creep into our work, and we’re often working during our “off” hours. What many people don’t consider is the unprecedented security risk this poses to our employers. Our personal choices can impact the security of our organizations, and making the right choices can help deter attempts at theft and damage. With this series of blogs, we dig into current threats to cybersecurity for everyone — and for organizations.

        Read Part 1 here: Secure Your Organization by Securing Yourself on Social Networks

        This is part two of a multi-part blog series.

        Take a look around you. How many things within your reach can be connected to a computer? Do you have a mobile phone, MP3 player, tablet, or USB drive? In our increasingly wired world, many devices can connect. Shoes can provide running data; e-readers are increasingly popular replacements for paper books. From a security perspective, removable devices provide a big challenge. Although these devices provide great convenience, they’re also perfect carriers for viruses – carriers which we often take with us between work and home. It’s not just USB drives that pose a risk. Cameras, mobile phones, MP3 players, and many other USB, FireWire, and Bluetooth devices function as storage devices as well.

        The term “computer virus” is appropriate. Malware spreads like biological infections do. It needs a carrier to spread, and the most effective malware is usually that which spreads the most quickly and efficiently. Malware authors use any and all means of connection at their disposal to distribute their code, and removable drives work great. Additionally, just like an infected person, a device carrying a computer virus needn’t have an active or visible infection to spread it. Malware spreads more effectively when it remains undetected.

        Let’s look back to November of 2008 and one of the most famous examples of infection by USB drive. The United States Department of Defense discovered covert malware infecting a large segment of U.S. military computers, with the potential to relay data to an outside attacker. Even though some of those computers were classified and physically separated from the rest of the network, the virus continued to spread. During analysis, administrators discovered that removable drives were an infection vector. A total ban on removable devices was instituted across the DoD that remained in place for years. Keep in mind that in 2008, removable drives were not an unknown means to infect computers. However, people were unwilling to compromise on the convenience they provided until disaster struck.

        If there’s any doubt that this vector of infection is still effective, we have the 2010 example of the Stuxnet industrial malware, which spread to its target isolated centrifuge networks via users’ USB drives. In 2012, the similarly sophisticated Flame malware was discovered, also relying on the distinctly unsophisticated infection vector of removable drives; even using those drives to steal data more efficiently. In both of these cases, antivirus was ineffective in detecting the infection for some time. This could be equally applicable to a segregated radio-over-IP network.

        We’ve established that people are willing to plug their own removable devices into computers on different networks. What about a USB drive that belongs to a stranger? The numbers are surprisingly disheartening. In a 2011 Department of Homeland Security study, 60% of USB drives planted randomly in a parking lot were plugged into agency computers by curious employees and contractors. Planting infected drives has become a tried and true method of breaching networks. Why should Jane Hacker expend the effort to sneak into a building and access a computer when she can leave a USB drive containing her malware in the cafeteria, or mail it to an employee as a promotional item? For a bit more money, she could plant an uncharged MP3 player instead, which might be even more tempting to plug in.

        There are two methods of decreasing the threat that removable devices pose. The first option: technical and administrative controls. It has become standard practice for organizations to restrict the use of USB devices (with good reason: even the most recent U.S. government data breach was accomplished using a USB drive), and to disable the automatic start of programs on them. The more neglected option is user awareness. While connectable devices are convenient, we should remember that our devices could act as carriers for malware, treat removable devices from an unknown source with suspicion, and think before we plug things in.

        Lesley Carhart is a Senior Information Security Specialist in the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

        Learn more about Security Services here, or read this white paper about Understanding Cybersecurity.

        Read past blogs by Lesley Carhart:

        Secure Your Organization by Securing Yourself on Social Networks

        Log Monitoring and Cyberthreat Detection

      2 pages