What is a QIR?

Does your company use a Qualified Integrator and Reseller, or QIR? You’re likely here because you’ve been asked that question on your PCI Self-Assessment Questionnaire and you have no idea what in the world a QIR is! ControlScan is here to help. By the end of the video below, you’ll know what a QIR is, why you need one, and how to make sure your business is using one.

Check out ControlScan's blog, PCI Compliance Guide, to learn more.

P2PE for Merchants: How to Leverage Point-to-Point Encryption for Stronger Payment Security and Simplified PCI Compliance [WEBINAR] Thursday, July 23, 2020 | 2:00 PM ET

For retailers, balancing the costs and benefits of investing in the latest payment security technologies is a real struggle. However, point-to-point encryption (P2PE) is an example of payment technology that shouldn’t be delayed, as it has significant business benefit.

A baseline understanding of point-to-point encryption (P2PE) helps decision makers confidently select and implement the solution that meets their business requirements. It also protects the business from data breach and greatly simplifies its PCI assessment.

This live webinar is based upon the recently released ControlScan “Terminal Encryption for Security and PCI Compliance: What Every Retailer Must Know about P2PE" white paper and is presented by the paper’s author, Sam Pfanstiel. Attend and you will learn:

• The important connection between terminal encryption, security and PCI compliance;
• How to get up and running with a P2PE solution provider; and
• Steps for assessing your listed or non-listed encryption solution.

Click HERE to reserve your spot today.

Security with a Purpose Podcast

ControlScan's Security with a Purpose is an information security podcast that takes an in-depth look at the various aspects of securing an organization.

Get tips, tricks and best practices from ControlScan experts to move purposefully toward stronger security and simplified compliance. Interviews by Jeff Wilder, Director of Risk & Compliance Management, ControlScan.

Check it out and subscribe today!

Apple Podcasts   |   Google Podcasts   |   Spotify   |   Stitcher

Joe’s Shelter-in-Place Book Club

March 13th - ???

3.13.20:  My 2020 New Year’s Resolution was simply to “Read more. Eat less.”  By the end of February, I could report that my reality was exactly the opposite. :-(

Enter “social distancing” and its harsher cousin, “self-isolation”.  While arguably making it harder to “eat less”, it has given me the kick-start I needed to “read more”.

In this space, I will update the list of books as I finish them...

1. Thanks a Lot, Mr. Kibblewhite: My Story - by Roger Daltrey
2. The Gulag Archipelago, 1918-1956 : Volume 1- by Aleksandr Isaevich Solzhenitsyn
3. Political Tribes: Group Instinct and the Fate of Nations - by Amy Chua
4. To Save a City: The Berlin Airlift, 1948-1949 - by Roger G. Miller
5. The Who: 50 Years - The Official History - by Ben Marshall with Pete Townshend and Roger Daltrey
6. One Day in the Life of Ivan Denisovich: A Novel - by Aleksandr Isaevich Solzhenitsyn
7. The Ox: The Authorized Biography of The Who's John Entwistle - by Paul Rees
8. Great Society: A New History - by Amity Shlaes
9. Talking to Strangers: What We Should Know About the People We Don't - by Malcolm Gladwell
10. The Political Theory of the American Founding: Natural Rights, Public Policy, and the Moral Conditions of Freedom - by Thomas G. West
11. How Innovation Works: Serendipity, Energy, and the Saving of Time - by Matt Ridley
12. Aristotle's Revenge:  The Metaphysical Foundations of Physical and Biological Science - by Edward Feser
13. Taboo: 10 Facts You Can't Talk About - by Wilfred Reilly

6.25.20 Update:  Well, we are well over three months into this whole COVID-19 thing.  While I still long for the day that I can attend a professional or college sporting event, or sit indoors at a restaurant or bar and be served, things are loosening up a bit.  My family and I recently got back from the beach.  My son's baseball team is starting to play tournaments again. Not normal, to be sure - but getting better.

So, for the purposes of this "book club", when does it end?  Well, as I mentioned originally, "Read more" was to be half of my New Year's Resolution.  So, I'm trying to keep the reading going ad infinitum.  But, I've decided that this published diary will end on the date that my two sons go back to full-time, in-person classes at their respective schools.

That seems logical since I chose the March 13th date because it was the date in-person classes were cancelled. As of this writing, plans have not been finalized in our school district; but, one option is a "middle ground" of a half-and-half hybrid between in-class and in-home learning.  THIS WILL NOT COUNT!  I will only consider this odyssey to be over when they are back at school full time!  (I think the parents out there can sympathize.)

7.5.20 Update

Now Reading: Coolidge - by Amity Shlaes

The more cybersecurity tools an enterprise deploys, the less effective their defense is.

That's according to IBM's fifth annual Cyber Resilient Organization Report. Research suggests that, although cybersecurity investment and planning are increasing steadily, the actual effectiveness of a company's defense is not.

Why? Too many tools and increased complexity.

Contact me today to learn how ControlScan can reverse this trend for you with our Managed Detection and Response (MDR) service.  With ControlScan MDR, you essentially hire us to function as your threat detection and response team!  We provide 24/7/365 protection with our advanced software, artificial intelligence, and our security analysts in our Security Operation Center. 

For a monthly or annual fee, ControlScan MDR provides:

• Managed next-generation anti-virus/anti-malware
• Managed threat intelligence
• Endpoint detection
• Incident response
• Log event collection and correlation (Managed SIEM)
• Proactive threat hunting
• File integrity monitoring
• SaaS threat monitoring (Cloud IaaS and PaaS)
• Log data retention

Reduce the complexity.  Reduce to cost.

Increase the protection.  ControlScan MDR.

How companies can leverage point-to-point encryption (P2PE) to secure payments and to simplify the PCI compliance process.

Sam Pfanstiel, Director of Security Consulting Services at ControlScan, joined the Security with a Purpose podcast on May 19th, 2020 to discuss this hot topic.

Give it a listen here.

Affordable Data Security? Yes, it’s true.

Does cybersecurity protection make it to the top 10 on your priority list? If you’re like most businesses, you recognize that data security is important, but you don’t know where to start. And besides, if you found a solution, how would you even implement it, and what would you do if you were alerted of a threat?

We work with thousands of small and mid-sized businesses just like yours, and we’re here to tell you that smart, affordable security is possible.

Introducing MDR Essential from ControlScan

Managed Detection and Response (MDR) Essential was designed for the SMB. It provides managed endpoint security to prevent, detect and respond to advanced threats—including ransomware. (Don’t know what an endpoint is? No problem. Examples of endpoints include laptops, desktops and servers.)

Think of MDR Essential as antivirus on steroids. It’s smart, and it blocks threats that traditional antivirus is unable to recognize. Even better, our team of security experts manages the solution for you, so you don’t lose sleep at night.

If you’d like to learn more, check out our website or give me a call at (404) 435-7376. I’m available to help answer any questions and walk you through best practices for securing your business.

Cybercrime isn’t going away. Let’s make sure you’re protected.

Is it time for your annual penetration test?

Your company's networks are being probed, prodded and possibly attacked countless times every day. Unless you're monitoring your logs, you're likely unaware all this activity is taking place. Awareness is a critical element of an effective defense.

Are you aware of your security shortcomings?

A Network and Application Layer Penetration Test simulates a real-world attack against your network infrastructure and information systems in order to see how far an attacker would actually be able to progress within your cardholder data environment. In short, penetration tests expose holes in your defense. It's also a requirement of PCI compliance.

Do you need a Pen Test?

If you think you may need a pen test — or aren't sure — contact me today! I'd be happy to answer any questions you have. In the meantime, ControlScan subject matter experts have put together helpful information:

• Learn about penetration tests in this blog post by industry expert Chris Bucolo;

• Read how SaaS company QuickSilk confirmed their security posture through a ControlScan penetration test; and

• Watch this to learn how to select the right penetration testing service company.

ControlScan Threat Detection and Compliance Platforms Win 2020 Fortress Cyber Security Awards

Dual awards recognize MSSP’s efforts to help secure businesses’ data and electronic assets.

ATLANTA, June 17, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security services specializing in compliance, detection and response, has been recognized by Business Intelligence Group with two 2020 Fortress Cyber Security Awards. The ControlScan Cyphon and ControlScan SecureEdge platforms were awarded in the medium-sized-company division for threat intelligence and compliance, respectively.

According to Business Intelligence Group, the annual Fortress Cyber Security Awards are part of an industry awards program that seeks to “identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.”

“ControlScan is thrilled to be honored with not one, but two Fortress Cyber Security Awards,” said Mark Carl, CEO, ControlScan. “These awards reflect the hard work our team puts forth to deliver enterprise-grade security and compliance solutions to small and mid-sized businesses.”

Threat Detection Award winner ControlScan Cyphon is a hybrid threat management platform that powers the ControlScan Managed Detection and Response (MDR) service. Used exclusively by trained ControlScan SOC analysts and threat detection experts, the Cyphon platform includes advanced endpoint detection and powerful SIEM capabilities for unmatched security threat prevention, detection and response.

Because ControlScan fully manages and maintains Cyphon with a cloud based MDR deployment, no additional on-premise hardware or resources are necessary for the customer to get up and running quickly. Using the Cyphon platform, ControlScan not only performs threat detection and investigation, but also active response to stop threats in their tracks, along with removal of malware or threats inside the systems.

“Today’s SIEM market overwhelmingly relies upon companies that will either implement and manage the technology internally or implement internally but then outsource its management via SOC-as-a-Service,” Carl said. “The ControlScan Cyphon platform saves these companies the capital expenditures and headaches associated with an in-house SIEM deployment.”

Recognized for its ability to help other businesses and brands solve compliance, ControlScan SecureEdge is a next-generation Payment Card Industry (PCI) compliance program management platform that gives merchant service providers more visibility and control of their PCI risk along with a simplified, streamlined user experience for merchants. SecureEdge is delivered through the cloud and provides a single point of access to the compliance validation tools and corresponding security services that ensure authentic compliance.

“We are so proud to name ControlScan as a winner in the 2020 Fortress Cyber Security Awards program,” said Maria Jimenez, Chief Nominations Officer, Business Intelligence Group. “As our society continues to evolve and become more reliant on networks and data, companies like ControlScan are critical at providing the protection and trust consumers demand.”

To learn more about ControlScan and its solutions for cybersecurity and compliance, please visit ControlScan.com. For more information about the annual Fortress Cyber Security Awards, please visit https://www.bintelligence.com/fortress-cyber-security-awards.

About ControlScan                                                 

ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.

Press Contact:

Stacey Holleran

Director, Corporate Communications

ControlScan

678-694-0654

How Convenience Store Retailer Weigel's Achieved Continuous Threat Prevention with ControlScan Managed Detection and Response (MDR)

ControlScan MDR Adds Critical Expertise, Manpower to Weigel’s Threat Detection and Response

Since 2009, Weigel's has looked to ControlScan to protect its critical operating systems and sensitive customer data. Learn about how ControlScan MDR is helping Weigel's HERE.

Managed Endpoint Security from ControlScan

Stop advanced threats from infiltrating your systems.

As technology continues to advance, so does malware. Today’s advanced cybersecurity threats are bypassing traditional antivirus technology. Malware creators are becoming more innovative, creative and better funded. The proliferation of online accounts, integrated applications and devices allows multiple points for malware to enter a network and introduce even more challenges for IT administrators.

The Essential Solution for Endpoint Security

The ControlScan MDR Essential service provides the necessary next-generation endpoint protection for businesses to address today’s challenges in protecting valuable assets. Through the service, managed endpoint security helps prevent, detect and respond to advanced threats—including ransomware—by leveraging live threat data to identify as well as block and remove threats that traditional antivirus is unable to recognize.

Key benefits of the ControlScan MDR Essential Service

Using the power of real-time threat detection with constant threat feed updates, the ControlScan MDR Essential solution helps stop advanced threats from infiltrating your systems.

• ControlScan has your back:  Our innovative endpoint software is managed and deployed by your team and then backed by the ControlScan Security Operations Center (SOC). 24x7x365 support provides assistance with managing and maintaining the security and protection of your assets. Each of your servers, desktops and laptops remain secure, because the ControlScan security operations specialists are available to assist your team with issues or questions at any time.
• Reduced operating costs:  A breakdown in security can bring employee productivity to a halt, and this downtime can significantly impact your bottom line. Malware can attack multiple endpoints at once, taking weeks to exterminate, but with the ControlScan MDR Essential service, you can keep the gears of your business in motion and your valuable assets protected.
• Next-gen innovative security solution:  In order to secure your organization, you need an additional layer of protection to help thwart targeted attacks and advanced persistent threats. The ControlScan MDR Essential service provides this additional layer of protection using innovative, best-in-class technology that delivers prevention and remediation through advanced artificial intelligence, behavioral monitoring, and the most advanced threat detection capabilities.
• An agile security solution:  ControlScan MDR Essential offers protection for any size organization or IT environment. Moreover, our solution can grow and scale with your business.
• Robust and comprehensive reporting:  You won’t feel in the dark or worry if your endpoint solution is deployed correctly. We provide real-time, self-service dashboards showing the deployments of your solution, along with proactive alerting if assets within your organization stop reporting for extended periods of time.
• Baked-in compliance:  In order to achieve and maintain compliance with certain security and privacy standards, companies must actively manage antivirus and malware prevention systems and prove that the solutions are operational and up to date. The ControlScan MDR Essential service helps your business specifically comply with PCI DSS and HIPAA antivirus and host-based intrusion prevention requirements.

Why You Need the ControlScan MDR Essential Service

ControlScan takes a revolutionary approach to endpoint protection. It begins with a fully managed solution that is maintained by the award-winning ControlScan Security Operations team to actively detect and prevent security threats across your systems. Then, it extends beyond threat detection and prevention to include active response to threats, thereby quickly taking action to stop and clean up threats identified in your systems. 

By correlating threat indicators, the ControlScan MDR Essential service blocks system and application exploits, potentially unwanted apps, ransomware, and malicious code from negatively impacting your endpoints.

Core features include:

• Antivirus and Anti-malware protection
• Advanced Machine Learning exploit prevention
• Ransomware detection and prevention
• Advanced threat indicators of attack identification
• In depth threat details and root cause analysis
• Remediation and malware removal support

Ready to see how the ControlScan MDR Essential service can make your business more secure? Contact me today or schedule a call with me here.

How ControlScan and Chesapeake Payment Systems Collaborated to Achieve a Mid-90s Portfolio Compliance Rate

Chesapeake Payment Systems Achieves Merchant Portfolio Compliance Goals with ControlScan.

Helpful tools, responsive service and simplified security make ControlScan a preferred partner. Read all about how it was done HERE.

The Future of Ransomware 2.0 Attacks

A great article from Forbes this morning:  https://bit.ly/3eSvjaN

From the article:  

Continually Monitor Your SaaS

Use a third-party provider to monitor your SaaS environment 24/7. The provider can identify new ransomware attacks in real time, remediate them, alert you immediately and provide an advanced incident response plan.

Managed Detection and Response can do just that.

...but what if you cannot afford a fully-staffed cybersecurity team?

According to a recent piece on HelpNetSecurity.com, fully staffed teams are more confident in their ability to respond to cyberthreats.  I encourage you to read the full article HERE.

But what if you cannot afford a fully-staffed team? That's a big investment:  To have 24/7 detection and response to threats, an organization would need three full-time cybersecurity professionals on the payroll at minimum.  Full salary plus benefits and all the other HR expenses.

That's where ControlScan Managed Detection and Response (MDR) can help.  

ControlScan performs Managed Detection and Response (MDR) for organizations that don’t have the internal bandwidth to keep a vigilant watch over the security events in their IT environment. We employ the right people and the right processes to efficiently supplement your organization’s cybersecurity management efforts.

Our team identifies intrusions as they are happening, so you can extract them from your environment before any damage is done by:

• Defining, implementing and updating security rules
• Running targeted threat hunting sequences to trace anomalies
• Examining alerts to separate true concerns from false positives
• Addressing and appropriately escalating threats in real-time

What sets us apart?

ControlScan MDR includes monitoring for syslog devices such as Network Devices, POS Systems, etc. But those devices are not counted as an endpoint with licensing. Those systems are integrated into logging during the onboarding process.

Many MDR providers dictate that their response to be a notification to the customer that an event has occurred, with no active further investigation or hands-on remediation of the threat and affected systems. ControlScan provides hands-on true “response”. Our analysts perform extensive investigation and correlation of any event on the customer network and performing the necessary actions in real time to ensure the customer environment remains protected.

Our Cyphon platform will hash known bad viruses and can monitor any new threat.

What is included with ControlScan MDR?

As part of our MDR service, we collect, aggregate and normalize your organization's log data from servers, endpoints, applications and security devices for compliance and infrastructure management. Our expert security analysts monitor and analyze your log events, freeing up your IT resources to focus on growing your business.

The ControlScan Security Operations Center (SOC) captures and compiles data from both physical and digital sources to develop a level of decision support not possible in a standard monitoring environment. This process combines our people, processes, and technology to analyze and act on robust data sets - allowing us to see the whole picture of an enterprise. We keep your business optimized and running no matter what challenges arise.

Our SOC runs 24x7 and is staffed by highly trained SecOps personnel. Located in Hunt Valley, Maryland, the SOC is a secure facility featuring video surveillance, biometric access control, redundant fiber-optic Internet connectivity, and battery and diesel redundant power.

24x7 Managed Detection and Response of threats and attacks against your systems and networks.
ControlScan provides a fully managed solution incorporating:

• Log Collection and Correlation
• Monitoring and identification of anomalies and security threats in your organization.
• Cloud Application Monitoring for Office 365, Gmail, on-premise Microsoft Exchange
• ControlScan provided Next Generation Endpoint Protection
• File Integrity Monitoring with 3 or 12 months of retention (MDR and MDR+)
• Interactive web-based dashboards
• Cloud Productivity Tool Connectors (Office 365 or Google GSuite)
• Command and Control Traffic; Identify source/ block and quarantine quickly
• Defend against spray password attacks
• Disable Account Access Attempts
• Defend Network Probing
• Identify Rogue Machines

ControlScan MDR replaces traditional Log Collection (SIEM) and Endpoint (Anti-Virus/Anti-Malware) solutions.

Questions?  Contact me today.

Joe Gaeta
ControlScan
Direct: 678-694-0687
Mobile: 404-435-7376
jgaeta@controlscan.com

New ControlScan “P2PE for Retail” White Paper Guides IT Leaders to Stronger Payment Security

Comprehensive white paper features tips and considerations for implementing point-to-point encryption in the retail environment.

ATLANTA, May 28, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has published its latest white paper, “Terminal Encryption for Security and PCI Compliance: What Every Retailer Must Know About P2PE.” The paper, authored by ControlScan Director of Security Consulting Sam Pfanstiel, is the latest in an ongoing series of educational resources offered by the company.

Retailers struggle with balancing the costs and benefits of investing in the latest payment security technologies, as well as understanding how these options may impact their Payment Card Industry (PCI) compliance. A baseline understanding of point-to-point encryption (P2PE) helps decision makers confidently select and implement solutions that meet their business requirements. It also protects the business from data breach and greatly simplifies its PCI assessment.

“Point-to-point encryption may seem very technical, but it’s important that retailers understand how it works to strengthen their payment security,” said Sam Pfanstiel, Director of Security Consulting Services, ControlScan. “In writing this white paper, I worked to present the basics in a logical, building-block flow of information that is both educational and actionable.”

The ControlScan P2PE for Retail white paper begins by exploring the purpose for PCI compliance and the P2PE program that is designed specifically to reduce PCI scope for merchants. It then goes on to discuss alternate approaches to secure encryption and their potential impact on a merchant’s security and compliance.

Click here to access a complimentary copy of the new white paper on ControlScan.com.

About ControlScan

ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.

Press Contact:

Stacey Holleran

Director, Corporate Communications

678-694-0654