How Do I Survive a Ransomware Attack?

Who Does Ransomware Target?

Ransomware attacks are no longer affecting enterprises only. They’re spreading to organizations of all sizes, maturities, and even across industries. Why? It’s profitable.

Many mid-market businesses have a false sense of security that ransomware attacks only happen to big corporations with millions to pay in ransom. But both enterprise and mid-market companies have valuable data attackers can hold for ransom.

How Do I Protect My Business?

(LINK) Protect your business using the 5 Ps of Preparedness approach:

  1. Program. Work with IT to align your cybersecurity program with your ransomware strategy to minimize the operational and financial impact of a ransomware incident.
  2. Policy. Work with leadership and the board to create a policy that explains how you will approach ransomware, including if your business will attempt to make a payment.
  3. Plan. Your plan should be concise, comprehensive, and simple. Who will provide external support, who will you empower to make decisions, and who will execute your plan?
  4. People. Identify strategic partners within your organization and external parties and clearly define their roles, inform them of their responsibility, and document their contact information.
  5. Practice. Consistently test your ransomware strategy to understand your ability to organize, execute, and improve response capabilities. This will ensure your preparedness.

What is the Ransomware Lifecycle?

Understand the ransomware lifecycle to prepare for and resolve it as quickly as possible. 

  1. Infection. Ransomware finds its way into corporate assets through phishing emails, a misconfigured cloud asset, and the exploitation of your open vulnerabilities.
  2. Communication. Ransomware communicates back to its control network, where attackers determine how they’ll attack your network.
  3. Discovery. Built-in mechanisms discover specific types of sensitive information for ransom, identify defensive measures, and help attackers maximize their impact.
  4. Data exfiltration and backup destruction. Ransomware components silently corrupt and disable backups and steal sensitive information.
  5. Encryption. Attackers silently and selectively encrypt your data, making your systems and data useless without decryption.
  6. Ransom demand. Ransomware attackers make ransom demands (typically in Bitcoin) to get your data back.
  7. Negotiation. Some ransomware attackers will negotiate.
  8. Decryption. You can pay the ransom to get the decryption keys, but there’s no guarantee attackers won’t leak or re-encrypt your data.

Top 3 Initial Infection Vectors

  • Phishing emails
  • Remote Desktop Protocol (RDP) exploitation
  • Software vulnerabilities exploitation

How Can Technology Help?

Apply a zero-trust security strategy to empower your security teams and leadership to move faster and more securely. At its core, zero trust believes we should not inherently trust any interaction, at any level. It focuses on setting up systems and applications that protect themselves from every other system, allowing them to defend against attacks by minimizing the impact of any single compromise or attack. 

NIST CSF

Five areas of the NIST CSF to include if your cybersecurity and ransomware strategy:

  1. Identify. Operationalized identification, detection, and classification of critical and sensitive data
  2. Protect. Data and individual asset protection that prevent known threats and attack patterns
  3. Detect. Operationalized cyber attack and malicious software detection
  4. Respond. Integrated technology platforms that detect ransomware rapidly to contain it
  5. Recover. Recovery strategy that can scale

Conclusion

Are you prepared to defend against ransomware attacks? At Lightstream, we have helped customers build effective strategies to empower them to fight against ransomware attacks, and we can do the same for you.

We’ll assess your current strategies, build upon them, and help you mitigate as much risk as possible by preparing for and setting up the proper technologies to fight ransomware attacks.



How Do I Migrate to AWS?

Why you should move to the AWS cloud?

Modernize your infrastructure and drive business transformation, respond quickly to ever changing demands from employees and customers, boost innovation…

More modern operational practices improve results :

  • 31% average infrastructure cost savings
  • 62% more efficient infrastructure management
  • 3x more features delivered per year
  • 69% reduction in unplanned downtime
  • 43% fewer security incidents per year

Migration & Transfer on AWS – Migrate to AWS and see business results faster

Clearly, migrating to AWS is good for business. But successful migrations take planning and expertise, as well as an understanding of the challenges you’re likely to face as part of the process. By understanding those challenges, the pitfalls that can result when they aren’t fully addressed, and the possible solutions to smooth your way forward, you’ve taken the first step on your cloud migration journey.

How do I migrate to the cloud?

What is the AWS MAP process?

Use the MAP (Migration Acceleration Program) to assess, mobilize, migrate and modernize (get info here):

AWS wants you to have a great experience, so they provide assessment tools that help determine if you’re ready to migrate to the cloud (cloud readiness)

Conclusion:

Ready to migrate to AWS? We’re here to help you migrate to the cloud
Lightstream is an AWS Advanced Consulting Partner → our AWS-certified engineers and architects have years of experience assisting and driving migrations of all sizes.

We’ll assess how ready you are to migrate to AWS and plan a course of action.

Tepco Glass Migrates to Azure, Increasing Reliability and Setting the Stage for Future IT Modernization

Faced with aging on-premises servers and an unsupported operating system, Tepco Glass moves all applications to Microsoft Azure with help from Lightstream.

Business Challenge

Tepco Glass is one of the top glass and glazing contractors in the United States. Founded in 1982, the Dallas-based company specializes in commercial glazing and architectural design, as well as the installation of curtain walls, window walls, storefronts, entrances, motor operable windows, glass railings, and other façade enclosures.

When the COVID-19 pandemic hit, the construction industry stalled. Many projects were postponed, delayed, or canceled. And the global slowdown cascaded to suppliers and contractors, including Tepco, negatively affecting revenues and cash flow.

Although business was slow and cash flow was tight, Tepco’s business did not stop. The company continued to operate, serving its customers and addressing operational challenges. One challenge they faced involved the company’s IT infrastructure.

Tepco’s core business applications ran on Windows Server 2008 R2 servers located in the company’s small data center in Dallas. The hardware was over five years old, and Tepco’s IT manager was concerned that the aging hardware could lead to equipment failures. In addition, Windows Server 2008 R2 had reached end of life, and the company was no longer receiving support from Microsoft.

Solution

Company executives knew they needed to address the issues. But given the economic realities during the pandemic—business slowdown, a global microchip shortage, and supply chain constraints—they did not want to incur a large capital outlay to purchase new hardware and upgrade to a supported operating system.

They decided to explore the cloud. Moving to the cloud would eliminate the need to refresh hardware. And Microsoft offered an added incentive: if they migrated their Windows Server 2008 R2 environments to Microsoft Azure, the company would receive an additional 36 months of extended security updates for free.

The solution seemed viable, but the company wanted to ensure that it would work. Tepco’s IT manager knew one of Lightstream’s account executives from a previous working relationship, and reached out for help.

The first step was to assess the plan. Lightstream linked Tepco’s VMware environment to Azure Migration to evaluate the feasibility of moving it to Azure. This showed that the migration was viable and that Tepco could save money over the long term. Tepco’s executives were pleased with the findings and approved the project.

Over a period of 12 weeks, Lightstream experts worked with Tepco to plan, configure, and test their Azure environment. Finally, when all testing had been completed and issues resolved, Lightstream moved all of Tepco’s core applications from on-premise servers into the new environment. For ongoing support and optimization of their Azure environment, Tepco will use Lightstream Cloud Managed Services (CMS).

Business Outcomes

Increased Reliability and Availability

Tepco Glass has four locations—two in Dallas, one in Carrollton, Texas, and one in Oklahoma City—as well as other remote users who need access to applications. The Dallas headquarters is located in a section of the Dallas area that doesn’t have the most reliable power or internet service. Consequently, when the headquarters site suffered a power or internet outage, no one could connect from any locations, and their business was disrupted.

By moving all applications to Azure, Tepco no longer has this problem. Even if the Dallas location experiences an outage, users from the other sites are not affected. They can continue working without interruption.

Shift to a Consumption-based Operating Model

Tepco no longer maintains on-premise server hardware. By moving to Azure, they eliminated the need for large capital outlays in the future to address product upgrades and hardware refreshes. And they now have a more predictable operating expense model for IT.

Better Positioned for Future IT Modernization

Tepco is no longer limited by their data center environment. With all server infrastructure now in Azure, they have more flexibility, making it simpler for them to pursue future modernization efforts like virtual desktop infrastructure (VDI) and others. For example, with all workload in Azure, they don’t need to buy high-end gaming computers for people to do product designs anymore—the heavy processing can now be done in the cloud.

Ongoing Infrastructure Management and Cloud Optimization

By moving to Azure, Tepco no longer has to worry about infrastructure management. Lightstream Cloud Managed Services supports the company’s infrastructure, ensuring servers are patched and maintained, and oversees the company’s Azure environment to make sure it is optimized both for cost and performance.

Lightstream Names Joe Vadakkan as Global Executive Vice President for Sales and Engineering

Cloud security veteran and key strategist joins emerging service provider to drive growth

Salt Lake City, UT, January 19, 2022– Lightstream, a leader in cloud security, digital transformation and managed services, today announced the hiring of Joe Vadakkan as the company’s new executive vice president for global sales and engineering. As an IT, cloud and security thought leader, Joe will lead Lightstream’s global cloud security engineering and sales organization to drive execution of customers’ cloud security strategies and elevate their innovation at scale.

“Joe is a prominent industry veteran with extensive leadership experience in cloud security sales and innovation, having driven many of the industry’s successful, secure digital transformations,” said Lightstream Co-CEO, Jim Cassell. “I’m excited to welcome him to Lightstream’s executive team, and I look forward to working with him on our mission to enable our global customers to progressively innovate and grow effectively with Lightstream’s cloud security solutions.”

“We are very excited to have Joe join the Lightstream team,” stated Rod Stout, Co-CEO of Lightstream. “His unique ability to help customers realize value and achieve desired business outcomes is unparalleled. With his in-depth knowledge in partner distribution strategies and his success in building and growing world class organizations, Joe will help Lightstream bring continuous value to its customers and achieve our growth objectives.”

Joe has over 20 years of technical and business leadership experience in the areas of global infrastructure and security, most recently having served in a strategic services leadership role at Optiv, a pure play cybersecurity firm. Prior to that, he was responsible for building and running Optiv’s cloud security organization. He has also held leadership roles and provided strategic guidance for startups, venture capital and private equity firms and Fortune 2000 companies.

“I am very excited to join the Lightstream team and look forward to taking the company’s technology and services innovation to the next level to fuel future growth,” said Joe. “Lightstream has a great business model and a talented team that are fast movers on solving customer needs. I believe it is uniquely positioned to accelerate secure client innovation through its Lightstream Connect platform for Microsoft Azure, AWS and Google and integration with a security partner ecosystem that enables it to compete in today’s global market.”

About Lightstream

Lightstream provides full-service cloud, connectivity, and security solutions to enterprises worldwide with a focus on managed services for all three, as well as cloud infrastructure implementation, security, and support.

Lightstream has been named multiple times as a Palo Alto Networks Public Cloud Partner of the Year, and is an AWS Security Competency Partner, an AWS Advanced Consulting Partner, and a Microsoft Cloud Platform Gold Partner with Security Competency. Visit us at http://www.lightstream.tech or LinkedIn.

Media Contact

Cynthia Lawton / cynthia.lawton@lightstream.tech / 843-300-8445

 

Take the Complexity out of Securing your Public Cloud Environments

There’s no doubt that migrating assets to the cloud brings a multitude of benefits. The promise of improved availability, and increased agility, scalability and IT flexibility are just a few. But what about the risks? When security is architected and designed into the cloud platform – the risk can be significantly less than that of traditional infrastructure. Unfortunately, when cybersecurity is not a design-time consideration the results can be catastrophic.

The agility that allows IT organizations to rapidly build and scale environments is a phenomenal asset to business, but it can be one of its greatest vulnerabilities if not managed. Attackers go where the value is – so as business puts more and more sensitive data into the public cloud, it makes sense that attackers make public cloud their primary target. Configuration errors – in both known and unknown cloud assets – are a primary source of cyber security and compliance failures. Configuration errors give attackers a potential way in, and can lead to intellectual property theft, or breach of confidential information, or even a full environment compromise. Rather than having to develop exploits and probe organizations for weaknesses, configuration errors often provide exposed administrative capabilities, open access to sensitive data, or allow systems to attack each other without monitoring or protection.

The problem is that configuration errors in the public cloud are made at cloud scale and speed. This means that potentially hundreds of data stores, privileged accounts or services can be exposed in seconds. The challenge for security professionals is to address the growing complexity and security challenges without adding complexity further into the equation. The good news for security professionals is that there is a wealth of tools out that can help.

Prisma® Cloud from market leader Palo Alto Networks is a best-of-breed cloud security solution that many of the world’s top enterprises rely on to secure their highly complex, multi-cloud environments. The popularity of Prisma Cloud is driven by the low-complexity dashboard providing a complete set of features such as multi-cloud analysis, automated remediation, and contextual understanding of systems, applications and users. It provides complete visibility and control over public-cloud based risks within Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI) and Alibaba Cloud infrastructures.

The fact that 74% of Fortune 100 companies rely on the proven capabilities of Prisma Cloud means it will be able to support your environment as well. But even with such cutting-edge technology available to secure their cloud environments, IT and cybersecurity professionals are still faced with the arduous task of managing the workload the platform produces. Managing identified vulnerabilities, analyzing detected anomalies, ensuring compliance with appropriate frameworks and configuring runtime defense in heterogeneous environments on a day-to-day basis requires expertise and staffing – something companies big and small struggle with. A significant number of exhausted security leaders are turning to companies like Lightstream to operationalize, manage and optimize their Prisma Cloud platforms in their public cloud environments for this very reason.

Build Resiliency and Lower Cloud Risk

As a Palo Alto Networks Global Cloud Partner, Lightstream has the world-class expertise you need in a managed security provider. Together, Palo Alto Networks and Lightstream can help you accelerate your move to the cloud by delivering consistent, automated protections across multi-cloud deployments that prevent data loss and defend against business disruption.
Lightstream’s Cloud Defense built on Prisma Cloud provides customers like you with continuous monitoring, detection and incident response for their public cloud environments. Our team of security experts begins by working to baseline your cloud environment, creating recommendations, and remediating urgent issues then monitoring your environment against the new guard-rails. When security issues arise, we’re there to help with critical incident response services from security professionals and cloud architects and engineers. While other providers call that good-enough, we don’t stop there. Lightstream is different in that we staff industry-certified cloud security architects to continuously advise and improve the security of your public cloud throughout the lifecycle.
And with our Quickstart program, this isn’t a long, drawn-out process. Lightstream can help take you from initial assessment of your existing cloud environment to the design of a customized managed services plan to a fully optimized and managed cloud environment within 30 days. From there, you’ll have all the benefits of 24/7/365 monitoring and management via a single point of contact at Lightstream.
It’s time to mitigate your business’s cloud security risks and de-complicate the management of its infrastructure. Contact Lightstream today to find out how Palo Alto Networks’ Global Cloud Partner of the Year for two consecutive years can help take the burden and complexity out of protecting and optimizing the security of your organization’s public cloud environments.

Hospitality Software Company Successfully Launches in China with Help from Lightstream

Lightstream’s Professional Services team supports Quore in boosting revenue potential by entering a new market

Business Challenge

For the past decade, Quore’s award-winning digital hospitality solutions have been helping hotels improve the quality of their guest services. The company’s focus on relentless innovation has enabled it to provide approximately 78,000 hotel owners, management and staff at 4,300 properties throughout 31 countries with the tools they need to streamline daily operations.
With so many hotel professionals around the world relying on the company to make their jobs easier, Quore’s leadership knew right from the start that such high stakes would require only the best technology partner. That’s why as the company grew from a fledgling software startup to an industry-leading solutions provider, Quore’s IT team depended on Lightstream’s expert guidance in overcoming technological challenges and improving the efficiency, reliability and security of their operations. During that time, Lightstream assisted Quore in establishing its initial on-site data center, then later moving its infrastructure offsite to CenturyLink, and most recently in its migration to the AWS cloud.
When Quore’s largest hotel group client requested its services at three new properties in China, the software company recognized the tremendous opportunity for growth and sprang into action. China is an important market for global companies and as such, leadership once again turned to Lightstream for help in reproducing and reconfiguring Quore’s platform to operate in this complex and disparate cloud environment.

Solution

Lighstream’s Professional Services team applied their technical expertise to begin the process of deploying Quore’s cloud-based applications inside of China with the same APIs, protocols and de-facto operating standards in use at their other worldwide locations. This established the groundwork necessary to successfully navigate China’s rigid regulatory requirements for market entry and operation.
First, they needed to replicate the platform’s large database using native AWS migration tools and custom scripts. Once that process was complete, underlying dependencies required the use of custom automation to migrate the compute platform.

In just three weeks, the Lightstream team had Quore’s East-Asian platform up and running for beta testing. After the solution passed all functionality testing, Lightstream’s Cloud Managed Services professionals got to work on carefully considering this unique environment and optimizing it to meet high availability, resiliency and security requirements.

Business Outcomes

Quore’s hospitality solution successfully went live in this brand-new market at the end of 2021. As a result, the job of providing positive guest experiences has been made easier for about 100 more housekeepers, engineers, front desk agents and managers at three properties. And for Quore, an entirely new market and stream of revenue has been established. Quore can now market their software to other hotels throughout China with confidence and proof of its successful operation in the country.
The company continues to rely on Lightstream as its single point of contact for AWS cloud operations and best practices. And Lightstream’s Cloud Managed Services team is providing the day-to-day administration and management necessary to ensure that the environment is optimized from a security, financial, technological and operational standpoint.

Contact Information

To find out how Lightstream’s technological expertise can help transform your business and implement the digital innovation you need to successfully grow and expand here in the United States and throughout the world, visit www.lightstream.tech.

Vulnerability Management: If you think it’s about missing patches, you’re missing the point

Unlike technology as a whole which continues to advance at an astoundingly rapid rate, vulnerability management is one area of cybersecurity that is harmfully stuck in the past.

In the 90s the primary sources for vulnerability information were mailings lists like Bugtag and FD. With the volume in these public lists security professionals struggled to scan, identify and patch their systems – but the long gaps between exploit releases gave security teams the luxury of time. The early 2000s brought remote vulnerability scanning engines that were managed, woefully, in spreadsheets. In that time we had learned two things: first that there was more to vulnerability management than missing patches, and second that identifying missing patches and unpatched systems was the easy part. But over a decade later in the 2010s spreadsheets were still the predominant vulnerability management tool. And now here we are in 2021, and what is the state of the art for vulnerability management? If you guessed vulnerability scanning and spreadsheets – you’re unfortunately correct. Nearly 30 years and countless technical advancements later, and we’re still basically on clay tablets and chisels.

Today’s Vulnerability Landscape

The time between a software or system vulnerability being identified and a readily available, weaponized, exploit in the wild has shrunk to a sliver of time. Security teams no longer have the luxury of time to try to scan, find systems, manually triage, prioritize and then push patches. Never mind that patching is only a part of overall vulnerability management.

In spite of all the latest technology now available to us, the lessons we’ve learned over the three decades, and the renewed sense of urgency brought on by the COVID19 pandemic, the whole vulnerability management process is a train wreck. IT and cybersecurity professionals are still primarily focusing on missed patches and relying on spreadsheets for reporting and prioritizing vulnerabilities – and no one is being held accountable. Combine that with the work-from-home environment, and you have an avalanche of new vulnerabilities daily, more tools than you can effectively manage, insufficient resources and skills to dig yourself out – and all of it is driving increased business risk.

So, let’s get back to fundamentals, and attempt to understand the problem we’re trying to collectively solve for. First, a vulnerability can be any weakness in your infrastructure that could compromise business operations. And they can come from anywhere. Yes, missing patches are a major factor, but so are misconfigurations, penetration test results and bug bounty programs (if you have them). Vulnerability scanners are highly ineffective in dealing with anything outside missing patches, so they’re not your solution. Finding vulnerabilities is relatively easy, but what do you do with them once they’re uncovered, and when they’re so out of date that patching isn’t an option (also known as technical debt)?

Many IT leaders think the answer lies in purchasing state-of-the-art technology. No matter what the buzzwords, technology doesn’t solve a human problem. Most companies have a volume problem, as well as a culture problem – but we’ll address that in another blog. When you have potentially 10,000 or more identified vulnerabilities, prioritization becomes a pretty tough obstacle to overcome. Your fancy tech is only as good as the analyst who operates it, no matter how much magical “AI” secret sauce is in their marketing fluff. Don’t get me wrong, a strong and capable technology platform is crucial – but that comes after you’ve addressed the human-sized problem in the equation.

What you need is a Programmatic Reduction of Risk

Unfortunately, a significant portion of technology owned by organizations is outdated or worse, no longer being supported by your vendors. This is partly due to tight budgets, partially feature dependence and partially an if-its-not-broken-don’t-fix-it mentality. What may seem like a minor issue today can result in a massive breach tomorrow. While the business is asking for agility from its technology, CIOs everywhere are facing huge technical debt. And the longer it goes on, the more expensive it becomes to fix or replace. How do you extinguish all of these burning fires?

The CIO essentially has to declare technical bankruptcy. Take inventory, acknowledge there are problems, identify them and create a plan to fix them. Communication and accountability among business leaders and IT professionals is the key to implementing an effective solution. In many cases, this includes admitting that the organization lacks the in-house expertise to solve the problems.

The most forward-looking CIOs turn to a trusted provider for help. Lightstream is one such partner with the expertise to move your organization out of this quagmire, and our Rapid Risk Profile is often the best place to start your risk management assessment. This approach helps us to understand your biggest systemic risk so we can work together to create an informed path forward that aligns to your business goals and financial situation. The first step is easy, no-friction, and involves virtually no invasive technology. What we assess and identify are hallmark people, process, and program categories to understand your organizational and program maturity. Whatever stage your organization is at in its journey and program development, we can provide understanding and high-level guidance.

The immediate next step is to take a consultative and technical deep-dive, to understand not only what your organization does in terms of vulnerability management, but how it does it. We create your baseline, and provide a gap-assessment against industry-driven baselines. Lastly, we develop a bespoke roadmap that involves both short-term tactical remediation strategy to prevent catastrophic business disruption, and long-term program development to aid your business into effectively managing technical debt and vulnerabilities across the business. Lightstream’s suite of packaged services provides peace of mind, technical as well as program capabilities, and continuous evolution in your vulnerability management program. The key to effectively managing vulnerabilities is to go beyond patching and implement a lifecycle approach for identification, triage, mitigation and reporting.
Stop buying into the misconception that vulnerability management is about scanning and patching. It’s time to acknowledge the magnitude of the problem and the risks it’s creating for your business. Contact Lightstream today to find out how we can help you establish an effective vulnerability management program – protecting and future-proofing your organization while creating a culture of accountability.