Tuesday, July 16, 2019

Payment Security Expert Sam Pfanstiel Joins ControlScan

MSSP’s security consulting services business attracts top talent

ATLANTA, July 16, 2019 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has attracted a notable name in the payments industry to join its ranks. Sam Pfanstiel now serves in an all-new role as the company’s Director of Security Consulting Services, drawing on his unique expertise and skill sets to provide consulting and assessment services for payment solution technologies as well as identify the impacts of third party solutions on merchant payment environments.
Pfanstiel joins ControlScan with over two decades of senior IT management and payment security, card brand compliance, fraud, application security, mobile security, and IT infrastructure experience. His current credentials include CISA, CISM, CISSP, CTGA, 3DSA, Visa SA, PA-QSA, PCI QSA and QSA for P2PE.

“It is critical that as we grow and scale, we do so with the brightest minds in the industry,” said Marc Punzirudu, Vice President of Security Consulting Services, ControlScan. “Sam is a very welcome addition to the ControlScan family, because he brings many years of experience in the payments ecosystem, including helping to develop and continually improve standards, as well as educating and advocating for reducing payment security risk.”

Pfanstiel is vice-chair of the Electronic Transactions Association (ETA) Risk, Fraud and Security Committee, and also actively contributes his security subject matter expertise to the ETA Mobile Payments Committee, Conexxus Data Security Standards Committee (DSSC), PCI Mobile Task Force and various other PCI Special Interest Groups (SIGs). In addition, Pfanstiel regularly speaks at payments and security industry events. He holds a BS in International Business, an MBA in eBusiness, and is currently completing his Ph.D. dissertation on the impacts of management perceptions on cybersecurity investment.

“The team at ControlScan has been leading the conversation on simplifying payment security and compliance for years,” Pfanstiel said. “My driving passion is to work within the industry toward a strong payments ecosystem while simultaneously building organizational efficiencies for customers and partners, and the team at ControlScan shares that vision.”

For more information about ControlScan and its full range of managed security and compliance solutions, please visit ControlScan.com.

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts, 24x7 managed detection and response, advanced endpoint protection, managed UTM firewall services, ASV vulnerability scanning, QSA and HIPAA assessments, security penetration testing, PCI compliance programs and more, we’ve got your back. For more information visit ControlScan.com.


Press Contact
Stacey Holleran
Director, Corporate Communications
678-694-0654
sholleran@controlscan.com


Monday, July 15, 2019

A Q2 Update from ControlScan

I can’t believe we are already over halfway through 2019!  The year has flown by so far and out team at ControlScan has been busy working on new security and compliance services to help support your business.

Check out these key initiatives and areas of focus for our team:

  • Cyber Security: At ControlScan, we believe that every business should have the means to protect itself and its customers from falling victim to cybercrime. Our mission is to let nothing block your path to a strong security posture – not budget limitations, not lack of expertise and certainly not a lack of resources. We are continuing to expand our capabilities related to managed security services; here are two new offerings:
    • Managed Detection and Response: It’s a fact that malware has become increasingly advanced, and the security threat landscape is changing daily. No business is safe from cyber threats. Recently, our Director of Security Operations, Tom Callahan, found that 1 in 3 organizations that have deployed our MDR services have malware already residing on their systems! Our MDR team is positioned to help your organization protect its network 24x7x365. Our service delivers an individualized threat detection program that ensures you won’t have to worry about being victimized by a data breach, malware, ransomware, or any other form of cyberattack.  Want to see our SOC analysts in action? Check out our new video here. 
    • Security Awareness Training: We've enhanced our Security Awareness Training program to offer more courses and provide enriched classes that cover the latest threats. Our new platform is ideal for larger, multi-location merchants and can also be deployed as a comprehensive program in within your own organization.
  • Security Consulting Services: We’ve recently added more senior QSAs to our bench, increasing our collective strength and expertise to assist you with PCI and HIPAA compliance and other security standards. If you have questions or need assistance, we’ve got the people to help. Learn more here.
  • Upcoming Events: Our team is hitting the road, visiting conferences and events across the country. Here are a few of the shows we’re attending; let me know if you’d like to meet up!
    • RetailNOW – July 28-31 in San Antonio, TX
    • NACS – October 1-4 in Atlanta, GA
If any of the items above triggered a thought or interest, or you have another area of interest in mind, I’m happy to discuss with you. Contact me today or schedule a meeting with me here.

Monday, July 8, 2019

Meet your security and compliance challenges head on.

Do you find it difficult to continuously manage security risk and PCI compliance across your business network?  Are you looking for a single vendor to provide an effective strategy to address security and compliance?  If so, you're certainly not alone.
ControlScan has worked with numerous retail, convenience store, restaurant, and hospitality chains to implement programs that resolve their data security and PCI compliance challenges, such as:

  • One IT team managing multiple independent franchise locations
  • Stores with their own unique network infrastructures and/or payment systems
  • A business growth strategy that is introducing network complexity and potential cyber risk
  • Lack of network segmentation and/or controls, which can be easily exploited by hackers

Let's talk at RetailNOW!
Visit me at Booth 443 or email me and let's talk about how a ControlScan partnership can supply the manpower and expertise that meets your security and compliance challenges head on.

Thursday, June 27, 2019

Cyber Risk Management for Credit Unions

Cyber criminals like credit unions. Here’s why.

In recent years, cyber criminals have recognized that business data, like consumer data, is valuable and vulnerable. Credit unions possess an abundance of this sensitive information in the form of company, employee and consumer financial data. As a result, cyber criminals are increasingly targeting credit unions and, unfortunately, becoming more sophisticated with each attack.

The cyber risks—and repercussions—are real.

A primary means by which cyber criminals perpetrate attacks on credit unions is through sophisticated spear phishing emails. Once inside the IT network, the attacker can move laterally to access data in financial accounts, HR records and other business systems. They could even pose as high-level executives demanding wire transfers to unknown accounts.

Cyber criminals also target credit unions, conducting ransomware attacks and bringing business operations to a halt, by contaminating IT systems with encryption malware and demanding bitcoin payments to restore the systems. Because any downtime comes at a high cost to the credit union, they are often left with no choice but to pay the ransom. To make matters worse, Beazley Breach Insights states that small banks and credit unions with less than $35 million in annual revenue are far more likely to suffer a hacking- or malware-related breach due to their inability to maintain the required security technology and expertise.

Cyber risk management involves sustaining a robust internal cybersecurity effort. The sheer significance and scope of this undertaking is often quite daunting.

Choose a partner whose program aligns
with your cybersecurity goals.

Your organization needs a partner in cyber risk management, and that’s where ControlScan comes in. ControlScan is a leader in managed security solutions. Our elite cybersecurity professionals leverage the latest security technologies to support thousands of businesses with a single goal: Stopping cyber criminals in their tracks. We make choosing a cyber risk management program easy, because we work with you to determine the solutions that best align with your goals.

  • Managed Detection and Response (MDR):  This suite of services is performed by our dedicated, in-house team of security analysts located in our 24x7 security operations center (SOC).
    • Log and File Integrity Monitoring: Our team leverages ControlScan’s proprietary incident management platform to collect, correlate, analyze and store log data from your network infrastructure, servers and applications. We actively identify and mitigate security incidents round the clock, freeing up your resources and giving you peace of mind. Our activities are also organized to facilitate compliance with requirements within PCI, HIPAA, GLBA, SOX and other frameworks.
    • Endpoint Detection and Response: This fully managed solution is continuously monitored and provides active audit log reporting to help simplify compliance. The service includes traditional (signature-based) and next-generation (analytics-based) malware protection, with frequent updates and real-time lookup. Most importantly, the advanced endpoint protection we provide lessens your firm’s exposure to the significant financial risk a single malware attack can represent.
  • PaySafe™ UTM Firewall Service: The ControlScan PaySafe UTM Firewall Service provides the best in threat detection and prevention while meeting the variety of network security and productivity challenges organizations may face. It provides isolation, security and redundancy for critical network traffic while protecting enterprise systems from external and internal breach.
  • Security Consulting Services: If your firm is uncertain of its current cybersecurity posture or has recently suffered a data security breach, an IT security risk assessment or even a simple, dedicated security consultation can be a good place to start. A ControlScan information security expert will work with you and your firm to thoroughly evaluate strengths and weaknesses, then recommend a path that closes the open doors they’ve discovered.

We’re with you every step of the way.

Today’s security threat landscape can be panic-inducing, especially when thinking about all the potential entry points and vulnerabilities a cyber criminal can exploit. But with ControlScan, you’re not alone. Partner with us for cyber risk management that delivers 24x7 peace of mind. We’ve got your back.

Contact me today to learn more!


Wednesday, June 26, 2019

It happened AGAIN! Another Florida town pays hackers a LOT of money to unlock data.

Last week, this happened.  $600K.

Now, we hear of another Florida town having to pony up $460K.

That's over a million dollars in ransom to criminals in less than a week in Florida alone! Public funds, no less!

I'll say it again....

ControlScan can protect your organization for a tiny fraction of this cost...and your data won't be held hostage...and your reputation with your clients will not be compromised!  (This is a large hidden cost to be sure!  Once you are breached, what happens to the trust your clients have in you?  Can you afford to lose their business?)

It's called Managed Detection and Response - MDR for short.




If your organization cannot afford to staff a security team and pay for product licenses, you need to contact ControlScan today.  Be PROACTIVE with your cybersecurity.  It is certainly more cost effective - and less stressful - than Riviera City's - and now Lake City's REACTIVE approach.

Joe Gaeta
jgaeta@controlscan.com
(678) 694-0687

Thursday, June 20, 2019

$600,000 is a lot of money.

Read this article and then come back here, I'll wait...
...done?  Great. Scary stuff, huh?  Do you have over a half a million dollars to invest in IT?

ControlScan can protect your organization for much, MUCH less than this.  A fraction of the cost...and your data won't be held hostage!

It's called Managed Detection and Response - MDR for short.



If your organization cannot afford to staff a security team and pay for product licenses, you need to contact ControlScan today.  Be PROACTIVE with your cybersecurity.  It is certainly more cost effective - and less stressful - than Riviera City's REACTIVE approach.

Joe Gaeta
jgaeta@controlscan.com
(678) 694-0687

Monday, June 17, 2019

ControlScan MDR: Can you afford to wait?

Here is a startling fact from ControlScan's Director of MDR Operations:
Roughly 30% of customers on-boarded to our MDR services in the past couple months had pre-existing malicious activity inside their networks detected within hours! All had anti-virus and anti-malware software running previously.
How confident are you that your network is secure? Learn how ControlScan MDR can help you.
Contact me today.

Thursday, June 13, 2019

Who is ControlScan?

ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies, and services that keep cyber criminals and data thieves at bay. We have highly credentialed cybersecurity and compliance experts, 24x7 managed detection and response, advanced endpoint protection, managed UTM firewall services, ASV vulnerability scanning, QSA and HIPAA assessments, security penetration testing, PCI compliance programs and more!

To learn more, don't hesitate to contact me directly. Or, if you prefer, you can click here to schedule some time on my calendar.

At ControlScan, we've got your back!

Sunday, June 9, 2019

RetailNOW 2019

My colleagues and I will be at RetailNOW 2019 in San Antonio
at the Henry B. Gonzalez Convention Center, July 28th - 30th.

If you are attending, be sure to come by Booth 443 to learn about ControlScan an our services!
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. With highly-credentialed cybersecurity and compliance experts, 24×7 managed detection and response, advanced endpoint protection, managed UTM firewall services, vulnerability scanning, QSA and HIPAA assessments, penetration testing, PCI compliance programs and more, we’ve got your back.

Friday, June 7, 2019

ControlScan is Bringing Managed Detection and Response to Small and Mid-Sized Businesses

Cyberattacks are ongoing. Today, there are an average of 20 to 100 attacks every minute.  Small and Mid-Sized Businesses (SMBs) in today’s market need cybersecurity more than ever.  That’s where ControlScan MDR comes in.  We work with SMBs and develop an individualized program to make sure that they are protected and don’t have to worry.  ControlScan’s Managed Detections and Response (MDR) services treat every attack as a serious attack.
Stopping cybercriminals day-in and day-out is what our Security Operations Center (SOC) analysts look forward to.  Our SOC analysts work with our clients on an ongoing basis.  We are able to provide 24/7 “eyes on glass” support:  our analysts are watching our clients’ systems even while they are sleeping.  This gives them peace of mind about their operations.
Historically, we find that the companies that are attacked are those that can provide some financial gain to cybercriminals or those that contain data that is valuable cybercriminals.  Over 90% of attacks that happen today are started through phishing campaigns and various other “social engineering” types of attacks.  These are predominantly through email that can be read through traditional desktop/laptop-based systems.  However, we continue to see further movement toward attacks on mobile devices.
When a company looks at a breach, they not only need to look at it from a financial standpoint, but also from the standpoint of their reputation.  While they are down and not available, their customers still need the service that is being provided.  So, they may be going to a competitor.  Once they have made that move to a competitor – are they really going to come back?
The average time to detection within an organization today is anywhere from three to nine months.  Within the ControlScan SOC, we are able to identify threats in our clients’ network within seconds to minutes.  Through our analysts’ capabilities, we then make a decision within a ten minute timeframe and we aim to have a remediation in place within sixty minutes.

Most SMBs do not have the manpower to effectively detect and remediate cyberattacks.  Cybercriminals see these businesses as an easy target.  ControlScan is here to truly be an extension of their team and to be a trusted advisor.  Our analysts are here to identify threats and work with our clients’ teams to keep them protected.  This allows them to focus on their business initiatives and goals while not having to worry about all the ancillary cybersecurity threats that are out there.

Who is watching YOUR network?  Contact me today to learn more about our Managed Detection and Response solution – and any of our other compliance and security solutions.

At ControlScan, we’ve got your back.

Friday, May 24, 2019

ControlScan's very own Tom Callahan will be speaking on the Endpoint Security Panel at SecureWorld Atlanta!

ControlScan's Director of Operations - MDR, Tom Callahan, will be speaking on the Endpoint Security Panel on Thu, May 30th at 1:15pm at SecureWorld Atlanta.

The Battle for the Endpoint Continues

What are you doing to keep the network safe for your employees?  

You've got your fancy next-gen firewall and some anti-virus.......Maybe even some biometrics or 2FA thrown in for safekeeping.......We also keep hearing the IAM acronym thrown around.......And what is Zero Trust?  What are you missing?  Oh, yeah...remote workers and IoT!

Wouldn't it be cool if you had someone to ask? Now you do. This panel will go through these questions and much more. Join Tom and the group discussion as they address the challenges in endpoint and network security.

And, while you're at SecureWorld Atlanta, swing by Booth 272 to talk security and compliance with my colleagues and I and let us show you what ControlScan can do!
Image result for secureworld Atlanta

Thursday, May 23, 2019

SecureWorld Cybersecurity Conference 2019

My colleagues and I will be at the
at Cobb Galleria Center in Atlanta, May 29-30!

If you are attending, be sure to come by Booth 272 to learn about ControlScan and our services!
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. With highly-credentialed cybersecurity and compliance experts, 24×7 managed detection and response, advanced endpoint protection, managed UTM firewall services, vulnerability scanning, QSA and HIPAA assessments, penetration testing, PCI compliance programs and more, we’ve got your back.

Wednesday, May 15, 2019

Penetration Tests vs. Vulnerability Scans: What's the difference?

Penetration testing and vulnerability scanning are both required by the Payment Card Industry Data Security Standard (PCI DSS), but there is often confusion about the differences between the two services.
Vulnerability scans look for known vulnerabilities in your systems and report potential exposures.

Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.

A vulnerability scan is typically automated, while a penetration test is a manual test performed by a security professional.

Here's a good analogy: A vulnerability scan is like walking up to a door, checking to see if it is unlocked, and stopping there. A penetration test goes a bit further; it not only checks to see if the door is unlocked, but it also opens the door and walks right in.

CLICK HERE for a side-by-side comparison of the two services.

Contact me today to learn more about these services as well as all the other compliance and security services that ControlScan provides!

Thursday, May 9, 2019

Is your company protected?


Your company's networks are being probed, prodded and possibly attacked countless times every day. Unless you're monitoring your logs, you're likely unaware all this actvity is taking place. Awareness is a critical element of an effective defense.

Are you aware of your security shortcomings?

Network and Application Layer Penetration Test simulates a real-world attack against your network infrastructure and information systems in order to see how far an attacker would actually be able to progress within your cardholder data environment. In short, penetration tests expose holes in your defense.


Do you need a Pen Test?

If you think you may need a pen test — or aren't sure — give me a call! I'd be happy to answer any questions you have. In the meantime, ControlScan subject matter experts have put together helpful information:

  • Learn about penetration tests in this blog post by industry expert Chris Bucolo;
  • Read how SaaS company QuickSilk confirmed their security posture through a ControlScan penetration test; and
  • Watch this to learn how to select the right penetration testing service company.

Contact me today to learn more.