Lowering The Cost of IT Operations

In the world of information technology, budgetary pressures are tough. The demand for infrastructure and bandwidth continues to rise, meanwhile many corporate executives are facing reduced budgets. Businesses are faced with the need to do more with less. Our nation’s continued economic instability does little to help this situation.

White Badger Security can reengineer your network infrastructure to lower the cost of business operations as much as 20 percent. Re-architecting the network also results in improved functionality, scalability, and perhaps most important of all – security.

Our personnel think differently and offer new techniques, because we find areas for improvement that are often overlooked by other security consulting companies. Some examples of the network reengineering techniques we use include:

  • Optimizing Active Directory forest/domain structure and group policies to lower Help Desk costs and reduce administration overhead.
  • Classifying information assets and compartmentalizing data and users to increase uptime, aid troubleshooting and facilitate maintenance.
  • Reconfiguring the logical arrangement of firewalls, routers and switches to optimize functionality, decrease network latency and lower administration costs, while improving security.
  • Realigning databases and associated maintenance procedures to increase security and raise productivity in data management tasks.
  • Enabling seldom-used equipment settings and deploying unused technology features to improve reliability and streamline maintenance and administration costs.

Savings from the decreased cost of operations can be used to pay for additional security equipment – or translate to a reduced budgetary footprint. And we accomplish all this without incurring additional downtime penalty to our customer networks.

To find out how our approach might work for your company or IT department, contact Jerry Leonard (Director of Business Development) at:
Phone (610) 477-0179 x303
Mobile (917) 232-7652
Jerry.Leonard@whitebadger.com

Posted in Commentary | Leave a comment

Upcoming Seminar on Real World Hack Attacks

Does your organization truly understand how difficult it is to prevent substantial financial losses as a result of professional hacker attacks? Often when an organization is taking preventative measures against cyber crimes, they only consider larger-scale, easily recognizable attacks. While these attacks do happen, it is far more common (and appealing to a professional hacker) to exploit several smaller deficiencies that can add up to disaster for the organization.

On February 13, 2012, Executive Director of Security Services Paul Williams will  deliver an informative presentation on this topic for the Technology Association of Georgia (TAG) Government Technology Society. Through a detailed examination of real world case histories, audience members will learn how small failures of process, people procedure, software, tools, training and techniques over time ultimately resulted in massive multi-million dollar losses to esteemed corporations. “I have presented topics similar to this one across the United States, and what audiences are most impressed with is that we focus on real cases, not hypothetical scenarios,” says Williams. “These cases include large organizations that did their best to protect themselves and were attacked anyway.”

The goal of the presentation is for audience members to understand that their plans should encompass small details as well as best practices and industry standards with regards to cyber security. Williams’ presentation illustrates how tiny mistakes can also add up to a significant large opening for a hacker to leverage into significant losses. Additionally, during Williams’ presentation the audience will experience the frustration of law enforcement at the difficulty of tracking down the perpetrators and bringing them to timely justice. They will understand firsthand the difficulty of detecting, stopping or preventing targeted professional hacker attacks.

“This extensive thought process is presented with high-quality, animated slideshow material designed to ensure that individuals at the executive level, as well as those that are technically skilled can both leave feeling satisfied,” says Williams. “Both will leave with a sense of excitement that they can beat the best hackers in the world, just not in the way they originally thought. They need to focus in a different direction.”

If you are interested in attending this presentation, please visit our events page for more information, or click here to be taken directly to TAG’s registration page.

“Our world is significantly affected by these terrorists’ activities every day. Paul will examine the depth of the problem using live cases that will enable you to be better qualified to deal with the havoc that they present”, says Jerry Leonard, Vice Chairmen of the Federal group of the TAG Government Technology Society, and Director of Business Development at White Badger Security.

Posted in Corporate Announcements | Leave a comment

How Much Gets Reported

It’s a pretty well-known fact that far more crime occurs than gets reported to authorities, and far more gets reported to the authorities than gets reported on by any form of media. Cybersecurity attacks are no different.

Because we assist in the investigation and incident response of many of these cases, we’re constantly on the lookout for reporting of those incidents by independent sources. By our own research, 1 attack gets reported in the media for at least 73 that happen without any mention to the public. Of those, we see scant few actually make it to what most would consider “mainstream media”.

Stuxnet is the most recent example of a named malware attack that made the prime time news, and it joins the ranks of Code Red, Nimda, and (to a lesser degree) Zeus in the public lexicon of big attacks. However, the ones that never make it to the front page show both an increasing technical sophistication, and a more focused set of attack goals.

Posted in Commentary | 1 Comment

The Human Brain and Your Network Infrastructure

Common wisdom says that we humans use less than 10% of our brains’ capacity in a lifetime. I assert that the same is true for enterprise networking hardware and software.

As referenced by Paul in his recent post, we very frequently run in to organizations that have an overwhelming urge to add something to their systems to make them more secure. In reality, some of the deepest changes that will have the biggest impact on security are all around you in the environment you already have.

For example, all Cisco switches support VLANs, but a full half of the organizations we have dealt with have not seriously explored using that functionality to help separate network devices from each other. Where VLANs are implemented, at least 75% of those organizations don’t properly use a firewall or layer 3 access lists to prevent traffic from flowing between the network segments. Back down to layer 2, all Cisco switches support some form of MAC filtering or limitation of MAC addresses per port, but even those basic controls are almost never enabled in deployments we’ve seen. These are defenses for some of the most basic network attacks and can be enabled safely in some combination for 98% of all deployments.

The examples could go on endlessly, but the important thing to illustrate is that most all of your network is only delivering 10% of its potential from a security standpoint at any given time. Unlike the brain, accessing the remaining 90% is as simple as testing the functionality, configuring it, and deploying it to current installations.

To make the point directly, your organization has likely been purchasing all the hardware and software you need to be secure for years. The missing piece is the knowledge and experience required to put the pieces together in a way that makes them work effectively and securely together. That’s where we come in.

Posted in Security Articles | 2 Comments

Avoiding Hard Work for Nothing

This morning I found myself thinking of the many commercial and government organizations we’ve run into over the years that have an urge to buy something… something, as in almost anything they can plug in that purports to improve their cyber security posture. “Surely there is something I can purchase and plug in to fix (this or that cyber security issue). There has to be something I can buy!”, goes this line of thinking.  Something that will help these organizations delay –or even avoid– the challenging but lasting solutions that would result from correcting the underlying fundamental pervasive deficiencies in network architectural design, technical training, readiness, incident response, policy and more. “Surely there is something on the market today will let us avoid the hard decisions until the next budget cycle – if ever!”

If only things were this simple. Unfortunately, there is nothing on the market today that fits this description, no matter what some product vendors would like for us to believe.  While many security products do work from a tactical point solution perspective, each comes with its own support, maintenance and all-too-often cyber security holes of their own. Meanwhile such organizations have fewer IT budget dollars and time left to fix the true cause of many of their problems, their network’s flawed architectural design.

Fortunately, there is good news. One of reasons why decision makers put off tough architectural design decisions is because they often believe significant outlays of capital expenditure and network downtime would be involved. Neither assumption is normally true.

The logical configuration of an enterprise network can be re-aligned to support multiple security objectives at once from a fundamental architectural design standpoint, while simultaneously improving network functionality and reliability. To do this, the logical and physical interconnectivity of routers, switches, firewalls, DMZ configurations, VLAN configurations, proxy servers, remote access infrastructure, DNS, databases, servers, enterprise authentication, Active Directory domain(s) configuration, domain policies, Group Policies and more are all fair game for enterprise-wide re-configuration. Such reengineering can lower the cost of network operations more than sufficiently to pay for the entire exercise. The return-on-investment payoff timeframe can be year or less – and all without any additional network downtime.

Sound impossible?  Don’t believe it can be done?  Good, then I’m glad I’ve piqued your interest. Give me a call and I will personally help you to understand exactly how we do all this and more – and I will even use your network as an example, gratis on the house.  So what are you waiting for? Call me. When you do, choose the option for our enterprise security services team and then ask for me. I look forward to speaking with you very soon.

Posted in Security Articles | 4 Comments