Monday, January 27, 2020

An MSSP that makes your life easier....

Security comes off your to-do list and resides with us.

At ControlScan, we take a proactive approach to protecting your business from cyber threats while helping ensure your compliance with security and privacy standards like PCI DSS and HIPAA. Our unified security and compliance solutions deliver confidence to millions of businesses as well as the IT professionals who serve them. Below is a listing of the managed security and compliance services we provide.

Contact me today and learn how our services can support your security needs.

Managed Security Services
  • Managed Detection and Response
  • Managed SIEM w/File Integrity Monitoring
  • Managed UTM Firewall (PaySafe)
  • Endpoint Security
  • Vulnerability Management (VMS)
  • Security Awareness Training (SAT)
  • Phishing Simulation

Security Consulting Services
  • IT Risk Assessment
  • Network & Application Layer Penetration Testing
  • Security Social Engineering
  • PCI & HIPAA Compliance Assessments
    • PCI Compliance
      • PCI 1-2-3 Self-Assessment
      • PCI Gap Analysis
      • PCI External Vulnerability Scanning
      • PCI QSA Assessment
      • PCI Advisory
    • HIPAA Compliance
      • HIPAA Gap Analysis
      • HIPAA Assessment
      • HIPAA Advisory

PCI Validation Services
  • PCI PA-QSA Application Validation
  • PIN Security Assessment
  • Point-to-Point Encryption (P2PE) Services

Ransomware Hacker Extortion Payment Reaches $84,000

Good day!

I'd like to draw your attention to this article I read this morning.

Among the piece's many interesting (and frightening) points, I find these most notable:
  • Average ransom payment: In Q4 2019, the average ransom payment increased by 104% to $84,116.  This was up from $41,198 in Q3. The median ransomware payment in Q4 was $41,179.
  • Ransomware downtime: In Q4 2019 the average downtime increased to 16.2 days from 12.1 days in Q3.
  • Common ransomware attack vectors: The mass availability of Remote Desktop Protocol (RDP) credentials to corporate networks for as little as $30 per IP address has made carrying out a targeted attack extremely cost-effective for the attackers. For larger enterprises, email phishing continues to be the preferred method of initial compromise.
Systems and Networks both small and large are constantly under attack. Are your teams protecting your systems, and would they know if an attacker gained access to your network? ControlScan's Managed Detection and Response (MDR) goes beyond traditional SIEM and Anti-Virus/Anti-Malware by providing a 24x7x365 active detection, prevention, and remediation services to ensure your systems and corporate assets stay protected.

I'd love to discuss your organizations' cybersecurity posture and show you how ControlScan can help.  Don't hesitate to contact me @, (678) 694-0687, or schedule a call with me here.

I look forward to hearing from you.

Friday, January 17, 2020

Friday Funny/Not Funny

(Click on comic for larger view.)
You don't want any Daves in your organization.  Check out ControlScan's Security Awareness Training solution today.  (Besides, Requirement 12.6 of the PCI Data Security Standard includes regular security education of your company's employees...)

Tuesday, January 14, 2020

[Press Release] ControlScan Becomes a Payment Application Qualified Security Assessor

As a PA-QSA Company, ControlScan will expertly guide software and application developers through PA Data Security Standard validation.
January 14, 2020 09:00 ET | Source: ControlScan

ATLANTA, Jan. 14, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, is now listed with the PCI Security Standards Council as a Payment Application Qualified Security Assessor (PA-QSA) Company.

Software and application developers looking to get their solutions validated and listed as compliant with the Payment Application Data Security Standard (PA-DSS) can now rely on ControlScan for assistance. As a PA-QSA Company, ControlScan will perform application validation services for point-of-sale (POS) platforms, payment switches and gateway software, back office, middleware, automated fuel dispensers, forecourt controllers, kiosk applications, online shopping carts, ATM software and more.

“Certification as a PA-QSA adds incredible flexibility in terms of the services ControlScan can offer software and application developers,” said Sam Pfanstiel, Director of Security Consulting Services, ControlScan. “Along with our application security and penetration testing services, we can now provide the necessary assessment services to help our clients achieve PCI-validated payment application status.”

ControlScan also offers scope impact white papers and consulting services in support of applications that are ineligible or out-of-scope for the PA-DSS. This includes advisory services surrounding PCI scope reduction through changes to application architecture, segmentation, encryption and/or tokenization.

“We will conduct PA-DSS application testing and prepare the reports necessary to list an application, as well as perform other types of PA-DSS consulting services,” Pfanstiel said. “For example, a software vendor may need help implementing a secure software lifecycle, analyzing their readiness for an upcoming PA-DSS assessment, or documenting the security of their solution to help their customers meet their own compliance objectives.”

For more information about ControlScan and its range of security consulting services, please visit

About ControlScan:  ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit

Press Contact:  Stacey Holleran, Director, Corporate Communications, 678-694-0654

Friday, January 10, 2020

Does your organization adhere to the 1-10-60 rule of cybersecurity? (CAN it?)

According to a recent Vanson Bourne survey of 1,900 Senior IT Leaders and Security Professionals around the world, a vast majority (95%) cannot even come close to the standard 1-10-60 Rule of CyberSecurity.

What is the 1-10-60 Rule?
One minute to detect a threat, 10 minutes to investigate, and 60 minutes to contain and remediate.

What DOES adhere to 1-10-60?  ControlScan Managed Detection and Response (MDR). Let ControlScan keep 24/7/365 watch over your network for you with our advanced technology and superior security analysts in our state-of-the-art Security Operations Center.
Contact me today to learn more about how we can help.

Thursday, January 9, 2020

Who's got your back in 2020?

If you are like many IT leaders, you likely experienced some cybersecurity challenges in 2019. We know this because our 2019 ControlScan Managed Detection and Response Report found that more than half of businesses are still trying to manage their security programs entirely in-house, and that’s no easy feat!

At ControlScan, we deeply unde
rstand and focus on SMBs’ challenges in maintaining a secure IT environment with limited resources. One of the ways we solve this is by performing managed detection and response (MDR) specifically for organizations like yours.

Our security expertise is at your fingertips, 24x7, so you can focus on your day-to-day operations of running the business. In other words, we’ve got your back.

Let’s talk! I can show you how a ControlScan partnership will save you significant time and money - and take some weight off your shoulders - in 2020. Reply to this email or give me a call today at (678) 694-068.

Tuesday, January 7, 2020

The GO2 Foundation for Lung Cancer Brings Their Lung Cancer Living Room to Atlanta!

Every month, The GO2 Foundation for Lung Cancer hosts their “Lung Cancer Living Room” from their headquarters in San Carlos, CA.  It is an education and support group for patients and their families. It is a forum for presentations by lung cancer specialists, physicians, and researchers.  The session is an unrestricted forum covering all topics: early detection, treatment options, molecular and genetic testing, clinical trials, drug discoveries, personalized medicine, nutrition, surgical equipment and procedures, up-to-date news about advancements, and more.  They share personal stories, get/give advice and support, and share critical information from doctors and researchers. 

This month, they are bringing their show on the road to Atlanta, Georgia!

Why Biomarker Testing is Important


Jennifer King, PhD - Senior Director, Science and Research - GO2 Foundation for Lung Cancer

Speakers from the Winship Cancer Institute of Emory University

Dr. Suresh Ramalingam - Medical Oncologist
Dr. Drew Moghanaki - Radiation Oncologist
Dr Onkar Khullar - Cardiothoracic Surgeon
Dr. Charles Hill - Pathologist

Date / Time

Wednesday, January 22nd, 2020 from 5:30 to 7:30 pm Eastern Standard Time
(In person attendees are invited for dinner at 5:00pm.)


Emory Conference Center Hotel / Garden Level - Azalea Room
1615 Clifton Road
Atlanta, Georgia
(Or, in your living room via YouTube or Facebook!)

How to Participate
All interested patients, caregivers, advocates, and health care professionals are encouraged to join the conversation. There are three ways to participate:
  1. In Person – If you live close to Atlanta, join for dinner and conversation (see above).
  2. Facebook – tune in at 5:30 pm ET and ask questions online.
  3. YouTube – tune in at 5:30 pm ET.
Click HERE to download the flyer.  Print! Email! Share!

More info:  Contact the Patient Services Team at (650) 598-2857 or

Friday, December 13, 2019

Agnes Scott College Campus Master Plan Open House

Thursday, December 19 at 6:30pm to 8:00pm

Agnes Scott College invites all residents of the City of Decatur/DeKalb County to a Campus Master Plan Open House to be held on its campus in Elizabeth Kiss Welcome Center located in Rebekah Scott Hall.

The Open House will showcase Agnes Scott College's draft plan, focusing on the six big ideas that will guide the college over the next ten years and beyond. There will not be a formal presentation, so residents are free to come and go freely during the time allotted. Representatives will be available to answer your questions and obtain residents feedback.

Details HERE.

Wednesday, December 11, 2019

Financial Services Firm Cutter, LLC Chooses ControlScan for Managed Security Threat Detection and Response

Cybersecurity risk reduction a prime motivator for Cutter, which holds multiple portfolios of small and mid-sized merchants.

ATLANTA, Dec. 11, 2019 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security services specializing in compliance, detection and response, has been chosen by Cutter to help the financial services firm reduce its cybersecurity risk. According to the newly signed agreement, ControlScan will provide Cutter with 24x7 threat detection and response as a managed security service.

According to the ControlScan 2019 Managed Detection and Response Report, IT teams spend an average of 40 hours per month monitoring endpoints and security logs. Because of this, 62 percent are at best only moderately confident in their ability to respond to a cyberattack. Cutter recognized its ability to reduce this risk in their own business by utilizing the ControlScan Managed Detection and Response (MDR) service.

“Cutter purchases portfolios and residual streams and manages every portfolio, each containing hundreds if not thousands of small and mid-sized merchants,” said Denise Shomo, President, Cutter, LLC. “ControlScan’s MDR service gives us confidence that qualified security analysts are watching our IT environment around the clock, ensuring that the data we’re entrusted with doesn’t fall into the wrong hands.”

“Cutter’s leadership team has taken the time to understand the business’s cybersecurity risk,” said Chris Bucolo, SVP Market Strategy, ControlScan. “Through this up-front investment, as well as implementing 24x7 threat detection and response, Cutter has proactively taken control of its security posture.”

The ControlScan MDR service leverages the company’s security operations center (SOC) and its proprietary SIEM platform, Cyphon, which captures and compiles data from both physical and digital sources. This elite combination of people, processes and technology provides Cutter with a managed security partnership they can rely on.

ControlScan is also a longtime PCI program partner for Cutter. Since 2010, ControlScan has helped thousands of merchants within Cutter’s portfolios achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS).
For more information about ControlScan and its range of managed security services, please visit

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs; QSA, QSA(P2PE), QPA and HIPAA assessments; and more, we’ve got your back

For more information visit

About Cutter, LLC
David Daily, CEO of Cutter, founded the company in 2006 with a primary focus of helping ISOs and merchant level sales (MLSs) leverage the value of their residual income streams. At the time, he saw an increased need to provide them with an avenue to sell their residuals. Originally based in Franklin, Tenn., Cutter has grown to 22 employees and is now headquartered in Wyomissing Pa., with branches in Birmingham, Ala., and Franklin. Since its inception, Cutter has completed hundreds of portfolio acquisitions and is now actively pursuing other types of purchases to include software companies with SaaS revenues and ISVs. 

For more information, visit

ControlScan Press Contact
Stacey Holleran
Director, Corporate Communications

Thursday, December 5, 2019

Why ControlScan Managed Detection and Response?

ControlScan performs Managed Detection and Response (MDR) for organizations that don’t have the internal bandwidth to keep a vigilant watch over the security events in their IT environment. We employ the right people and the right processes to efficiently supplement your organization’s cybersecurity management efforts.

Our team identifies intrusions as they are happening, so you can extract them from your environment before any damage is done by:
  • Defining, implementing and updating security rules
  • Running targeted threat hunting sequences to trace anomalies
  • Examining alerts to separate true concerns from false positives
  • Addressing and appropriately escalating threats in real-time

What sets us apart?

ControlScan MDR includes monitoring for syslog devices such as Network Devices, POS Systems, etc. But those devices are not counted as an endpoint with licensing. Those systems are integrated into logging during the onboarding process.

Many MDR providers dictate that their response to be a notification to the customer that an event has occurred, with no active further investigation or hands-on remediation of the threat and affected systems. ControlScan provides hands-on true “response”. Our analysts perform extensive investigation and correlation of any event on the customer network and performing the necessary actions in real time to ensure the customer environment remains protected.

Our Cyphon platform will hash known bad viruses and can monitor any new threat.

What is included with ControlScan MDR?

As part of our MDR service, we collect, aggregate and normalize your organization's log data from servers, endpoints, applications and security devices for compliance and infrastructure management. Our expert security analysts monitor and analyze your log events, freeing up your IT resources to focus on growing your business.

The ControlScan Security Operations Center (SOC) captures and compiles data from both physical and digital sources to develop a level of decision support not possible in a standard monitoring environment. This process combines our people, processes, and technology to analyze and act on robust data sets - allowing us to see the whole picture of an enterprise. We keep your business optimized and running no matter what challenges arise.

Our SOC runs 24x7 and is staffed by highly trained SecOps personnel. Located in Hunt Valley, Maryland, the SOC is a secure facility featuring video surveillance, biometric access control, redundant fiber-optic Internet connectivity, and battery and diesel redundant power.

24x7 Managed Detection and Response of threats and attacks against your systems and networks.
ControlScan provides a fully managed solution incorporating:
  • Log Collection and Correlation
  • Monitoring and identification of anomalies and security threats in your organization.
  • Cloud Application Monitoring for Office 365, Gmail, on-premise Microsoft Exchange
  • ControlScan provided Next Generation Endpoint Protection
  • File Integrity Monitoring with 3 or 12 months of retention (MDR and MDR+)
  • Interactive web-based dashboards
  • Cloud Productivity Tool Connectors (Office 365 or Google GSuite)
  • Command and Control Traffic; Identify source/ block and quarantine quickly
    • Defend against spray password attacks
    • Disable Account Access Attempts
    • Defend Network Probing
    • Identify Rogue Machines

ControlScan MDR replaces traditional Log Collection (SIEM) and Endpoint (Anti-Virus/Anti-Malware) solutions.


ControlScan MDR provides a consolidated installer that is easy to use and deploy, with only four clicks to completion on average. The installer also supports centralized deployment through any existing software management systems in place (SCCM, Active Directory, etc.)

PCI Fulfillment

MDR can assist in completing sections of PCI requirements:
  • Requirement 3: Protect stored cardholder data
  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 10: Track and monitor all access to network resources and cardholder data
Questions?  Contact me today.

Joe Gaeta
Direct: 678-694-0687
Mobile: 404-435-7376

Wednesday, November 20, 2019

A cybersecurity program you can rely on.

If you’re like many IT leaders, you’ve likely had a rough year. We know this because our 2019 ControlScan Managed Detection and Response Report found that more than half (53%) of businesses are still trying to manage their cybersecurity programs entirely in-house.

ControlScan performs managed detection and response (MDR) specifically for organizations that don’t have the internal expertise and/or bandwidth to keep a vigilant watch over the security of their environment. Our 24x7, in-house SOC and SIEM-as-a-Service will help complement your in-house efforts for a cybersecurity program your company can rely on.

In other words, we’ve got your back. 24x7x365.

Let’s talk! I can show you how a ControlScan relationship will save you significant time and money - and take some weight off your shoulders - in 2020. Give me a call today at (678) 694-0687.

Friday, November 15, 2019

[Webinar] Sharing Responsibilities: Applicability of PCI DSS Requirements for Merchants and MNSPs

Register now to attend this November 21st Conexxus webinar by ControlScan's Sam Pfanstiel.

Using third-party services providers (TPSPs) to help meet security goals and compliance requirements is an effective way to leverage collective strengths and allow the merchant to focus on its core business. One common TPSP in the fuel retail industry is the managed network service provider (MNSP), which provides technology, service and expertise to support secure network configuration and operation for convenience stores and other fuel services.  Nonetheless, it is the merchant who must ultimately demonstrate that all applicable security and PCI DSS compliance requirements are being met and doing so may be very confusing without a good understanding how these requirements apply to these entities.

In this session, Sam Pfanstiel will review common PCI DSS controls for MNSPs and other TPSPs, how to confirm that your selected vendor is meeting these controls on your behalf, and a review of requirements that must be met by the merchant to confirm and enforce this delegated security relationship.  In addition to gaining a better understanding of these service providers as they relate to PCI DSS, attendees of this webinar will also learn what questions must be asked, what agreements must be in place, and which specific artifacts must be collected in order to clearly delineate responsibility for and compliance with PCI for their business.