Categories
Uncategorized @en-ie Vault365

45 Veeam Recovery Options

The Backup options are endless with Veeam for Office 365.  Whether it’s Exchange, OneDrive,  SharePoint or Teams – we have you covered.

Categories
Uncategorized @en-ie Vault365

The Security Process with Paul Casey – Paradyn COO

As anyone in the industry will tell you, there is more to cybersecurity than simply information technology: human factors are the main vector for attack, and, in the world today, the technology is the business.

Paul Casey, chief operations officer at Paradyn, said that with its security service practice, the goal is to help its clients with a holistic and best-practice framework to secure business assets and resources.

 

The bulk of Paradyn’s clients are in the government and enterprise sectors, both areas in which cybersecurity has shot up the agenda of management.

 

“From an IT or cybersecurity point of view, they tend to be more sophisticated than a mom-and-pop shop on the corner and would tend to have some level of internal IT, whether it’s focused on infrastructure or even has some focus on cybersecurity,” he said.

 

The company works with its clients to understand the business, where and how it is exposed to threats and then from there develop a strategy for keeping things secure.

 

Even organisations at this level where security has never been skimped on have had to learn lessons of late. And it is a tale that will be familiar to just about everyone.

 

“The last 18 months have put the focus on cybersecurity so much. Working practices have changed. Previously, most organisations had everyone inside the castle. Yes, you had some remote workers on the road, but generally you had a lot of control. Then a switch was flicked,” he said.

 

With the shift to remote work, new opportunities were created not only for businesses to move online and workers to consider relocating, but also for criminals seeking to profit from confusion and uncertainty.

 

The organised crime aspect of cyberattacks is what is truly different from the past, when hackers worked for bragging rights or simply to be a nuisance.

 

“Cybercrime is a business and a lot more money is involved [than before]. You can contract and hire ransomware organisations and split the profits. Frankly, it has been commodified,” Casey said.

 

The rational response to this world of professionalised crime is to accept the arms race is going on and to respond with equally professional countermeasures, he said. However, this requires more than throwing resources at the problem. Instead, the first step is to understand the risk.

 

“Obviously everybody is worried about ransomware, but it’s at the end of the process. It’s what happens after someone has given away credentials, clicked on something they shouldn’t have or something hasn’t been patched. We’re looking to take a step back and take a deep look at the business.

 

“It’s easy to get caught up in thinking ‘there’s a shiny firewall I need to buy’ or ‘I can get this software, but, ultimately, cybersecurity is a much wider thing. It’s about company culture, it’s about leadership, and it’s about business processes. A lot of cybersecurity is about getting the boring stuff right,” he said.

 

Casey recommends businesses look at the Center for Internet Security’s list of Controls, version eight of which is now available free online.

 

“CIS Controls is a set of best practices, and it forms part of what we use to identify, develop, validate, promote and sustain best practice solutions for cyber defence,” he said.

 

Paradyn uses a three-stage ‘gap analysis framework’ derived from the CIS Controls, during which it reviews clients’ IT infrastructure estate in order to chart the gaps in not only systems, but also processes and policies.

 

Casey said that the question of people and processes was too often ignored: “You do need the server guys, you do need the firewall people, but you also need to get the business processes right.”

 

Of course, with remote working the question of processes becomes even more urgent.

 

“If you look back ten years ago, what were you securing? You had on-premise users and an on-premise e-mail server, and possibly an on-premise database server. Now you have cloud to manage, possibly multiple ones, plus people all over the place, then the CEO comes down and says they want Outlook Anywhere or Office 365,” he said.

 

From inventory and control of hardware and software assets up to penetration testing, the right controls help protect organisations, and they also enable compliance with measures such as GDPR.

 

GDPR, though, is not the be all and end all of data, and issues such as intellectual property should be in the frame.

 

“GDPR is good, as it brought great emphasis on data, [however], the thing that I talk to companies about is that GDPR is concerned about PII [personally identifying information], but there’s more to data than PII. A lot of organisations put a lot of work into GDPR compliance, but it stops there,” Casey said.

 

“Cybersecurity is not just three things, it’s a thousand small things,” he said.

Categories
Uncategorized @en-ie Vault365

First things first in security

Cyber crime as a service is the new reality, and businesses need to fight back with better defences. They can start by getting back to basics.

Remote working. Previously unknown exploits. Phishing. Smishing. Ransomware. Compliance. It’s a cliché to call the internet the Wild West, perhaps even an insult to the denizens of the old West, but the reality is that businesses today are under extreme pressure to ward off cyber attacks.

Businesses know this, but the question is: do they know how to respond to it?

“There is, I think, a recognition that the threat landscape has changed,” Paul Casey, chief operations officer at network IT and service management solutions company Paradyn, said. Legislation has had an impact, of course, notably the EU’s general data protection regulation (GDPR), which has lit a fire under companies that hold or process customers’ personal data.

“Following on from the likes of GDPR there is a lot more compliance among medium and small enterprises. Of course, large pharma, banking and governments were already used to a level of compliance,” he said.

Casey said that one of the important aspects of GDPR was that companies had to not only do the right thing, but demonstrate good faith. Insurers, too, want to see the right policies in place, otherwise they may adjust rates or even remove cover. “Even from an insurance perspective, businesses are looking to demonstrate that they’ve done the right thing,” he said.

Clearly, then, the pressure is on. There are methodologies out there, though, that can help, notably from the Centre for Internet Security (CIS) and National Institute of Standards and Technology (NIST), adherence to which can give businesses confidence that they are doing things right.

“Were doing a lot with CIS controls. There’s another one, NIST, and there’s also ISO 27001. They all work in similar ways: what they do is allow an organisation to examine and understand everything they do.” Casey said that adherence to these standards led to what he called ‘security hygiene’. “Cyber security hygiene is like personal hygiene: you will be more prone to infection if you are not looking after hygiene,” he said.

Despite the whirlwind of change, businesses have a responsibility to themselves and to their customers, one that is increasingly present in law. “The boundaries have all moved, but the fact is you still have to control things. You need to find out where you’re doing well and where you’re not and work from there,” he said. “That’s where the frameworks come in.”

The goal is a different way of thinking about security, one that means stepping back from saying ‘right, I need another box with lights on it’ and instead looking at the data, systems and network that run a business. ‘It’s really not about putting another box in,” he said.

In fact, businesses often trip up on basic measures including things such as patching and updates. The threat from this seemingly trivial fault is very real indeed and businesses may find they are entirely exposed as a result, especially as so-called ‘zero day’, or novel, exploits are on the rise. “The Chrome browser has had 12 zero day exploits this year alone,” said Casey.

In any case, businesses need to get the basics right before they can move on to more complex measures. As a result, auditing processes is at the top of Paradyn’s list of crucial steps to take in the fight to protect its clients from online criminals.

“If your processes aren’t right, if your users aren’t being trained, and your users on-boarded and off-boarded correctly, then there is a problem. These are things that organisations need to think about and it requires a formalised approach,” he said.

Casey said he is not arguing there is no requirement for new technology, however.

“There are next generation tools with the capability to mitigate against new threats, but if those tools are not implemented in the right way you’re not going to get maximum benefits or, if it’s particularly badly done, you’re leaving yourself open,” he said.

Paradyn also helps to produce reports for internal teams or for businesses own cyber security teams, helping to ease the burden on often already stretched IT staff. “Keeping on top of everything that is changing – the Windows 11 rollout, all of your ongoing projects – is a difficult job as it stands,” Casey said.

But keeping on top of things is essential. A recent report in trade newspaper Computing indicated that it is not only legitimate businesses that are leaning on service providers: strange as it sounds, hackers are now offering criminal gangs ‘exploit as a service’. As a result, the only possible response is to seek external help to fight off the growing threat.

“There’s a massive demand for security services,” Casey said. Little wonder.

Categories
Uncategorized @en-ie Vault365

Paradyn and Veeam keep National Concert Hall’s show on the road

Cybersecurity experts implement watertight system for the high-profile venue

Cybersecurity experts implement watertight system for the high-profile venue

Paradyn is one of Ireland’s leading cybersecurity service providers, with a security-first approach to implementation, monitoring and ongoing support. Its team of highly trained network and security consultants deliver best-in-class advice and support, enabling customers to reduce their cyber risk and focus on delivering their core business activities.

As the trusted technology partner of the National Concert Hall, Paradyn has delivered a secure Veeam data backup, storage, and
disaster recovery solution to protect the venue’s Microsoft365 data.

Robust backup and recovery solution

Having recently rolled out Microsoft365 (including Office365) to its entire IT user base, the National Concert Hall required robust backup and recovery for this new deployment. Paradyn designed and implemented a tailored Veeam 365 Backup solution which backs up data for Mail, SharePoint, and Exchange Online.

All National Concert Hall’s M365 data is securely hosted at Paradyn’s data centres through Veeam’s technology, meaning no downtime in the event of an incident, enabling speedy disaster recover and eliminating data loss. Furthermore, the venue has access to a self-service portal where it can carry out information recovery and restores, in cases of accidental or malicious
deletion.

“Having previously worked with Paradyn, we knew we could trust them to deliver on a resilient M365 backup solution”, said Philip Deacon, IT manager at the National Concert Hall. “Hosting a busy programme of events each year with multiple clients, we are confident that company and customer information is secure with backup and disaster recovery in one, so that our business can continue uninterrupted.”

“Veeam is like having an internal backup team and this solution enables us to provide proactive, real-time monitoring to the National Concert Hall,” said Cillian McCarthy, chief executive officer of Paradyn. “It’s not widely known that M365 doesn’t come with backup, which is why a solution such as this is essential for businesses. We have created a secure environment which
enables business continuity and protects against ransomware in a challenging IT landscape.”

Schedule Demo

Provide your details, and one of our specialists will be in touch to arrange your demo.