The catalog of threats that IT system administrators have to take into account has changed significantly in recent years. Attack vectors, against which up to a point could be protected using traditional firewall and anti-virus protection of workstations, have undergone a significant transformation. Criminals quite quickly learned to bypass traditional security measures and developed techniques thanks to which the hijacking and surveillance of an IT system often takes place unnoticed. APT (Advanced Persistent Threat) threats have become very real. Known and high-profile attacks of this type are sometimes detected after months, and sometimes years, when criminals have already extracted all the data from the systems.

Defending against this type of threat using traditional tools is little that ineffective, it creates a false sense of security, which allows intruders to conduct their activities with complete freedom. The lack of appropriate alerts from security systems means that everyone seems to be safe and there is no need to look at it closely. Most serious security incidents happen not in security-deficient environments, but in security-defective environments. Often, as part of handling a security incident, new tools are launched that immediately detect a whole range of threats and generate a large number of alerts, while traditional antivirus systems and firewalls present in the network do not see anything.

Continue ...

On May 28 this year. The Wielkopolska Association of Employers Lewiatan invites you to a training entitled "How to avoid cybercriminals?" run by our IT security specialist.

 The training will cover the following issues:

1. Where is the growing popularity of computer crimes coming from?
2. Why are the rank and file of the organization the most frequent target of attacks?
3. What are social engineering techniques and why are they effective and popular?
4. Examples of social engineering attacks.
5. Effects of cybercriminals' actions on individuals and organizations.
6. Security incidents and legal regulations.
7. What preventive measures should be implemented in the organization?

At the end of the presentation, a link to a more detailed study on security policies and risk analysis will be provided.

Training date: May 28, hours. 16.00–18.30.
Place of training: Wielkopolski Związek Pracatorów Lewiatan, ul. Grunwaldzka 104, local 216, 2nd floor

Registration for members of the Association at the address asystent@wzp.org.pl

We invite!

On April 11, another of our meetings devoted to IT technologies took place. This time, the topic of the business breakfast was security for PaloAlto Networks networks and workstations. The title of the lecture is "PROTECTION AGAINST CYBER CRIME - PALO ALTO NETWORKS SAFETY SOLUTIONS".

In a relaxed atmosphere, we talked about next-generation firewalls (NGFW) and securing workstations using TRAPS software.

There are presentations at the following links:

• About Upgreat and announcements of upcoming meetings,
• Firewalls and protection of workstations.

Thank you for your presence and we invite you back. Next meeting on June 13 this year. will be devoted to building campus networks with Extreme Networks.

On Thursday, June 13 this year. in Concordia Design a business breakfast devoted to technology will take place in Poznań Automated Campus by Extreme Networks.

In a pleasant atmosphere of breakfast, we will discuss various aspects of building efficient and fault-tolerant LAN networks using the fabric structure:

• What is Automated Campus,
• Load balancing and fault tolerance issues in LAN networks,
• Network management with Extreme Management Center,
• Network access control using NAC (Extreme Control),
• Network traffic analysis from Extreme Analitics.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

On Thursday, April 11 this year. in Concordia Design a business breakfast devoted to network security by Palo Alto Networks will take place in Poznań.

During the meeting, we will discuss Palo Alto Networks technologies, in particular:

• next-generation firewalls (NGFW) operating on the application layer,
• protection of workstations using TRAPS software,
• operation of the WildFire cloud service,
• Thread Prevention protection,
• filtering network traffic,
• reporting on network traffic.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

Cybersecurity, hackers, threats and vulnerabilities have been talked about more and more recently. The entry into force of the provisions of the GDPR caused the first wave of increased interest in the issues of risk analysis, vulnerability identification and risk minimization. Almost a year has passed since then, and security still seems to be one of the most popular issues in the IT industry. At the end of last year, another wave of interest aroused the so-called "Cyber Act", i.e. the Act on the National Cybersecurity System. Although it does not arouse such emotions as the GDPR, because it covers only providers of critical services from the point of view of the state, it is one of the hottest topics in the sectors of the economy related to energy, transport or health protection. It is also worth recalling that since 2015, the public finance sector is still covered by the regulation on the National Interoperability Framework, in which a fairly large fragment has also been devoted to security issues.

All the above-mentioned regulations refer to the need to implement information security management systems, the task of which is to identify vulnerabilities and threats, analyze the risks associated with them and implement action plans aimed at minimizing this risk to an acceptable level.

Is the threat of attacks by cyber criminals or cyber terrorists really that serious? Unfortunately, everything indicates that it is. Already some time ago, NATO recognized cyberspace as one of the areas of combat operations that it must defend Continue ...

On Thursday, January 31 this year. in Mous Bar A business breakfast devoted to hyper-converged solutions will be held on the 15th floor of the Bałtyk office building in Poznań.

In a relaxed atmosphere with a view of the whole of Poznań, we will discuss various aspects of the implementation of flexible solutions for data centers on the example of HPE Simplivity:

• Overview of the concept of hyperconvergence,
• Solution - physical platform, functionalities,
• Technical issues of SimpliVity,
• SimpliVity in terms of business and examples of applications.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

You can read more about HPE SimpliVity here.

Maintaining business continuity, i.e. the ability to undisturbed implementation of the main processes that bring income to the company, is one of the tasks that are often delegated to representatives of the IT department. Due to the high involvement of information technology in business processes, the IT department seems to be the cell best prepared to handle any unforeseen situations in the form of hardware failure, user errors or deliberate actions by intruders. Is this assumption correct? Unfortunately, not entirely.

Indeed, technology is one of the main factors that have the greatest impact on the performance of any organization and, at the same time, a factor that fails relatively often. Therefore, when we think about business continuity, first of all, solutions aimed at ensuring operation in the event of failure are verified. They are most often limited to redundancy, i.e. redundancy that allows uninterrupted operation in the event of damage to one of the system components. Another category of security are backup systems, which are to make the environment immune to situations related to data loss as a result of a failure, user error or deliberate action to our detriment. Both backup systems and solutions ensuring high availability (HA) are something without which the IT department would not be able to fulfill its business function. If they were not there, the first failure would have serious consequences for those responsible for maintaining the ICT environment. Continue ...

Personal data breach incident - how to handle it?

It is the fifth month since the new regulations on the protection of personal data come into force. The period of the media storm related to the GDPR is probably behind us. Slowly, everyone has adapted to the new regulations, completed the documentation, implemented appropriate procedures and are trying to implement them with more or less commitment. However, one of the most frequent dilemmas related to the protection of personal data is the handling of security breach incidents.

Where did the idea for incident handling come from?

Both the old Act on the Protection of Personal Data and the new provisions of the GDPR mention the need to keep a register of incidents and implement the process of their proper handling. Where do such requirements come from? It is probably a derivative of ISO standards, where such a register has a control function that allows to monitor and evaluate the effectiveness of the information security management system. The number and frequency of security incidents proves whether our data protection system is effective. It also allows you to verify whether the security measures introduced by us are effective, i.e. whether they cause the number of incidents to decrease. Continue ...

On Thursday, June 28 this year. in Mous Bar a dedicated meeting will be held on the 15th floor of the Bałtyk office building in Poznań technical security issues related to the GDPR.

In a pleasant atmosphere of a business breakfast with a view of the whole of Poznań, we will discuss data leakage and theft protection offered by Palo Alto Networks (Next generation Firewalls and TRAPS):

• Securing personal data,
• Data protection against unauthorized access / theft,
• Reporting on events related to data theft.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

For more information on the compliance of Palo Alto Networks products with GDPR requirements, see here.