Monday, July 13, 2020
Monday, July 6, 2020
P2PE for Merchants: How to Leverage Point-to-Point Encryption for Stronger Payment Security and Simplified PCI Compliance [WEBINAR] Thursday, July 23, 2020 | 2:00 PM ET
- The important connection between terminal encryption, security and PCI compliance;
- How to get up and running with a P2PE solution provider; and
- Steps for assessing your listed or non-listed encryption solution.
Wednesday, July 1, 2020
3.13.20: My 2020 New Year’s Resolution was simply to “Read more. Eat less.” By the end of February, I could report that my reality was exactly the opposite. :-(
Enter “social distancing” and its harsher cousin, “self-isolation”. While arguably making it harder to “eat less”, it has given me the kick-start I needed to “read more”.
In this space, I will update the list of books as I finish them...
- - by Roger Daltrey
- Aleksandr Isaevich Solzhenitsyn
- The Ox: The Authorized Biography of The Who's John Entwistle - by Paul Rees
- Great Society: A New History - by Amity Shlaes
- Talking to Strangers: What We Should Know About the People We Don't - by Malcolm Gladwell
- The Political Theory of the American Founding: Natural Rights, Public Policy, and the Moral Conditions of Freedom - by Thomas G. West
- How Innovation Works: Serendipity, Energy, and the Saving of Time - by Matt Ridley
- Aristotle's Revenge: The Metaphysical Foundations of Physical and Biological Science - by Edward Feser
- Taboo: 10 Facts You Can't Talk About - by Wilfred Reilly
So, for the purposes of this "book club", when does it end? Well, as I mentioned originally, "Read more" was to be half of my New Year's Resolution. So, I'm trying to keep the reading going ad infinitum. But, I've decided that this published diary will end on the date that my two sons go back to full-time, in-person classes at their respective schools.
That seems logical since I chose the March 13th date because it was the date in-person classes were cancelled. As of this writing, plans have not been finalized in our school district; but, one option is a "middle ground" of a half-and-half hybrid between in-class and in-home learning. THIS WILL NOT COUNT! I will only consider this odyssey to be over when they are back at school full time! (I think the parents out there can sympathize.)
Tuesday, June 30, 2020
- Managed next-generation anti-virus/anti-malware
- Managed threat intelligence
- Endpoint detection
- Incident response
- Log event collection and correlation (Managed SIEM)
- Proactive threat hunting
- File integrity monitoring
- SaaS threat monitoring (Cloud IaaS and PaaS)
- Log data retention
Thursday, June 25, 2020
How companies can leverage point-to-point encryption (P2PE) to secure payments and to simplify the PCI compliance process.
|Give it a listen here.|
Tuesday, June 23, 2020
Your company's networks are being probed, prodded and possibly attacked countless times every day. Unless you're monitoring your logs, you're likely unaware all this activity is taking place. Awareness is a critical element of an effective defense.
Are you aware of your security shortcomings?
A Network and Application Layer Penetration Test simulates a real-world attack against your network infrastructure and information systems in order to see how far an attacker would actually be able to progress within your cardholder data environment. In short, penetration tests expose holes in your defense. It's also a requirement of PCI compliance.
Do you need a Pen Test?
If you think you may need a pen test — or aren't sure — contact me today! I'd be happy to answer any questions you have. In the meantime, ControlScan subject matter experts have put together helpful information:
- Learn about penetration tests in this blog post by industry expert Chris Bucolo;
- Read how SaaS company QuickSilk confirmed their security posture through a ControlScan penetration test; and
- Watch this to learn how to select the right penetration testing service company.
Sunday, June 21, 2020
How Convenience Store Retailer Weigel's Achieved Continuous Threat Prevention with ControlScan Managed Detection and Response (MDR)
Saturday, June 13, 2020
- ControlScan has your back: Our innovative endpoint software is managed and deployed by your team and then backed by the ControlScan Security Operations Center (SOC). 24x7x365 support provides assistance with managing and maintaining the security and protection of your assets. Each of your servers, desktops and laptops remain secure, because the ControlScan security operations specialists are available to assist your team with issues or questions at any time.
- Reduced operating costs: A breakdown in security can bring employee productivity to a halt, and this downtime can significantly impact your bottom line. Malware can attack multiple endpoints at once, taking weeks to exterminate, but with the ControlScan MDR Essential service, you can keep the gears of your business in motion and your valuable assets protected.
- Next-gen innovative security solution: In order to secure your organization, you need an additional layer of protection to help thwart targeted attacks and advanced persistent threats. The ControlScan MDR Essential service provides this additional layer of protection using innovative, best-in-class technology that delivers prevention and remediation through advanced artificial intelligence, behavioral monitoring, and the most advanced threat detection capabilities.
- An agile security solution: ControlScan MDR Essential offers protection for any size organization or IT environment. Moreover, our solution can grow and scale with your business.
- Robust and comprehensive reporting: You won’t feel in the dark or worry if your endpoint solution is deployed correctly. We provide real-time, self-service dashboards showing the deployments of your solution, along with proactive alerting if assets within your organization stop reporting for extended periods of time.
- Baked-in compliance: In order to achieve and maintain compliance with certain security and privacy standards, companies must actively manage antivirus and malware prevention systems and prove that the solutions are operational and up to date. The ControlScan MDR Essential service helps your business specifically comply with PCI DSS and HIPAA antivirus and host-based intrusion prevention requirements.
- Antivirus and Anti-malware protection
- Advanced Machine Learning exploit prevention
- Ransomware detection and prevention
- Advanced threat indicators of attack identification
- In depth threat details and root cause analysis
- Remediation and malware removal support
Wednesday, June 10, 2020
How ControlScan and Chesapeake Payment Systems Collaborated to Achieve a Mid-90s Portfolio Compliance Rate
Friday, June 5, 2020
From the article:
Continually Monitor Your SaaS
Use a third-party provider to monitor your SaaS environment 24/7. The provider can identify new ransomware attacks in real time, remediate them, alert you immediately and provide an advanced incident response plan.Managed Detection and Response can do just that.
Thursday, June 4, 2020
Our team identifies intrusions as they are happening, so you can extract them from your environment before any damage is done by:
ControlScan MDR includes monitoring for syslog devices such as Network Devices, POS Systems, etc. But those devices are not counted as an endpoint with licensing. Those systems are integrated into logging during the onboarding process.
Many MDR providers dictate that their response to be a notification to the customer that an event has occurred, with no active further investigation or hands-on remediation of the threat and affected systems. ControlScan provides hands-on true “response”. Our analysts perform extensive investigation and correlation of any event on the customer network and performing the necessary actions in real time to ensure the customer environment remains protected.
Our Cyphon platform will hash known bad viruses and can monitor any new threat.
As part of our MDR service, we collect, aggregate and normalize your organization's log data from servers, endpoints, applications and security devices for compliance and infrastructure management. Our expert security analysts monitor and analyze your log events, freeing up your IT resources to focus on growing your business.
The ControlScan Security Operations Center (SOC) captures and compiles data from both physical and digital sources to develop a level of decision support not possible in a standard monitoring environment. This process combines our people, processes, and technology to analyze and act on robust data sets - allowing us to see the whole picture of an enterprise. We keep your business optimized and running no matter what challenges arise.
Our SOC runs 24x7 and is staffed by highly trained SecOps personnel. Located in Hunt Valley, Maryland, the SOC is a secure facility featuring video surveillance, biometric access control, redundant fiber-optic Internet connectivity, and battery and diesel redundant power.
24x7 Managed Detection and Response of threats and attacks against your systems and networks.
ControlScan provides a fully managed solution incorporating:
ControlScan MDR replaces traditional Log Collection (SIEM) and Endpoint (Anti-Virus/Anti-Malware) solutions.