There has been a lot of discussion about the need to have an end-to-end plan to manage your security threats and vulnerabilities. It is easy to agree that our plans need to start at identification and continue through to remediation and we might quickly agree that the first step is to effectively identify the threats. What is far more difficult, is determining how these threats and vulnerabilities are identified; unfortunately, in the increasingly complex enterprise environments of today, this task can be incredibly difficult and in some cases, nearly impossible.Read More
One of my favourite cult classic movies was an obscure, but star studded picture called Mars Attacks. In the movie, Jack Nicholson plays the President of the United States trying to make peace with the vicious Martians. In his final scene, he makes an impassioned speech to the Martian leader with his final line being “why can’t we all just get along?” The Martian leader’s response was a tear and an “Ack-Ack,” followed by killing President Jack.
This scene is all too often paralleled in real life, with the opposing roles played by Security and IT. While they may not vaporize each other, they do operate under diametrically opposed missions. Security’s job is to keep the company safe – full stop. If they had their way, access to systems would be very tightly controlled and an almost weekly patching routine would be implemented, slowing the enterprise to a crawl. IT on the other hand is tasked with keeping the company up and running. They view patching as a necessary evil that consumes precious time and resources that they could focus on more innovative projects.
Recent high profile cyber threats have raised the public’s awareness of vulnerability management to new heights. With the recent WannaCry threat, we learned first-hand the dangers un-patched infrastructure can have in your environment. From hospitals, to financial institutions, and critical government services, no industry or country was left unscathed.Read More
In my last blog (which you can read here), I discussed the hacking of Casino Rama and how this may have been caused by something called the Ostrich Effect. To review, the Ostrich Effect occurs when an organization knows they have a security risk but is unable to remediate the threat, often due to the cost and effort required for remediation.Read More
Companies bury their heads instead of tackling vulnerability remediation
In November 2016, Casino Rama made Canadian news headlines after being hacked and having massive amounts of employee, vendor, and client data stolen.
Casino Rama is a large Canadian casino and is a joint venture between First Nations, commercial operators Penn National Gaming, and the Ontario Lottery and Gaming Corporation. It is Ontario's only First Nations "commercial casino" and the largest First Nations casino in Canada.Read More
Online is proud to be an AppDynamics AppSphere partner. If you are new to the application performance monitoring discussion, AppDynamics is the place to start. AppDynamics gathers all the information you need about the performance of your systems and processes and puts it into the real-time context of your critical business services – it works (and its very cool).Read More
Most organizations have invested in some form of IT service management (ITSM) solution, like the BMC ITSM product suite or ServiceNow. These tools enable organizations to be more effective because they help save time and money by automating tasks that would normally require hours of manual work by your employees.
But if you’re using BMC or ServiceNow already, you knew all that.
The same tools that help you manage and deliver IT services can be used to save your organization money, without investing in any new products. Leveraging your ITSM investment can provide significant improvements and savings - some of these efficiencies are intuitive, but others you may have never considered before.Read More