More Perspective

ePlus is known for our engineering talent and rigor, and we employ many experts who have a keen pulse on the IT industry. From security, cloud, and storage to lifecycle and deployment services, our staff has a unique perspective. Read our thought leadership articles below.

  • Using the CSC 3 Control to Secure Configurations for Hardware and Software

    • Russ Ortmann
    • Mar 26, 2018
    Freshly installed operating systems and network-connected devices, by default, are usually configured for ease of deployment and ease of use. This means that the security controls are set to the least restrictive settings to ensure users experience little to no issues deploying their products. While this is great from the deployment perspective, it is not so great from the security perspective. Default admin accounts, unused protocols, and unnecessary pre-installed software can all be exploited in their default configuration.
    Continue Reading >
  • Don’t get phished! Personal Online Identity Protection

    • Marc Cohen
    • Feb 22, 2018
    Keeping your account information secure is the vital first step to good security hygiene. Below are some easy steps that can help keep your accounts safe. Much of the advice applies to both employees in an organization as well as to individuals’ personal online security.
    Continue Reading >
  • Taking a Closer Look at CSC 2: Inventory of Authorized and Unauthorized Software

    • Russ Ortmann
    • Feb 1, 2018
    In my last blog post, I discussed the history of the CIS 20 Critical Security Controls and the relevance they hold for organizations today. In my second post on this topic, let’s dive a bit deeper in CSC 2 security control, which is very tightly aligned with CSC 1 (Inventory of Authorized and Unauthorized Devices) control.
    Continue Reading >
  • The Year of Security Automation: A Look Back

    • Tom Bowers
    • Jan 18, 2018
    In 2017, the industry saw the birth of security automation. As it continues to grow from infancy into something more robust, now is a good time to reflect on what it is and what operational impacts it is having on our systems.
    Continue Reading >
  • Spectre, Meltdown, and What Can Be Done!

    • Paul Lenhard
    • Jan 12, 2018
    As most of you are aware by now, researchers have discovered a set of critical vulnerabilities in all Intel CPU hardware, currently impacting the vast majority of devices in the wild. These devices include desktops, servers, mobiles devices and appliances, regardless of Operating System and whether they are located in the cloud or on premises.
    Continue Reading >
  • A History of the CIS 20 Critical Security Controls

    • Russ Ortmann
    • Jan 4, 2018
    The modern world of information security can often be a confusing one. Security practitioners are continually inundated with a barrage of data coming from reports, alerts, security tools, threat feeds, and more. At the same time, they are trying to align this data with the multiple security requirements, regulatory mandates, best practices, and frameworks that define their environment. Unchecked, the sheer volume of information can easily paralyze an organization from taking action when necessary. The ‘Fog of More’ can essentially become the larger threat to the environment.
    Continue Reading >
  • Stay Safe during the Holidays!

    • Paul Lenhard
    • Dec 14, 2017
    As we get closer and closer to ringing in the New Year, threat actors remain very busy attempting to intrigue us with phishing campaigns that promise great deals on products and services. In an effort to keep these final weeks of 2017 as joyful as possible, below are a few tips to stay ahead of the Grinch as he looks on with a malicious grin over your data.
    Continue Reading >
  • When It Comes to IT Security: Don’t Forget the Mail

    • ePlus
    • Nov 30, 2017
    For nearly ten years, I’ve looked forward to the release of Verizon’s annual Data Breach Investigation Report (DBIR). With its analysis on the thousands of breaches and incidents from across the globe, occurring over its last full revolution around the sun, which cybersecurity pro among us does not look forward to such a treasure trove of insights and predictions to guide our focus for the coming year?
    Continue Reading >
  • Critical Security Controls - A Close Look at the Six Sub-Controls to CSC1

    • Mark Pellechio
    • Nov 10, 2017
    Organizations are inundated with the latest security solutions and “expert” opinions on what they should be doing. In many cases, it might make more sense to take a step back and decide on a framework to map your current security posture against and get back to basics in developing solid cyber hygiene. One of these frameworks would be the Critical Security Controls (CSC) published and maintained by the Center for Internet Security (CIS).
    Continue Reading >
  • What does the rise of artificial intelligence mean for your security operations?

    • Tom Bowers
    • Nov 1, 2017
    Are you struggling with security? If so, you’re not alone. Security gets harder every year. Thanks to digital business and mobility, you need to guard more attack vectors than ever before. Product updates and new software innovations often result in new vulnerabilities—and hackers are getting craftier and more adept at exploiting them.
    Continue Reading >
  • KRACKing the Code: New Wireless Exploit

    • Bryce Floyd
    • Oct 18, 2017
    Well it’s been an interesting start to the week to say the least. We all woke up Monday to read about a new wireless vulnerability labeled KRACK, or key reinstallation attack.
    Continue Reading >
  • Are You Prepared to Meet the Next Benchmark in the New NYS DFS Cyber Security Regulations?

    • Paul Lenhard
    • Oct 4, 2017
    March 1, 2017 marked the date in which the NYS Department of Financial Services announced their compliance requirements for all covered entities that do business in New York State
    Continue Reading >
  • Navigating the World of Advanced Endpoint Protection

    • Bill Wheeler
    • Sep 21, 2017
    Ever feel like you’re fighting a losing battle? Your organization is pretty diligent when it comes to security. You have firewalls at the perimeter between your internal networks and the Internet. You have an anti-virus product deployed on every laptop, desktop, and server within your organization and the updates are kept current. You may have even deployed an application-aware next generation firewall, an IPS, or a SEIM/SEIM to collect and correlate security events from many data sources. Yet, despite your best efforts, your end users still manage to become infected with malware—or perhaps even ransomware. You may ask yourself, “With all of this protection in place, how is this possible?”
    Continue Reading >
  • Et Tu, Equifax? Navigating IT Security and Keeping Your Personal Data Safe

    • Justin Bodie
    • Sep 12, 2017
    The world is changing rapidly, and we’re starting to see cracks in the security controls we’ve come to rely on in our digital society. Even Equifax, one of the largest credit reporting organizations out there, has suffered a data breach. I’m often asked by friends and family how I react to the news and what I recommend, so I thought I’d share my suggestions with you
    Continue Reading >
  • 10 Considerations to Build Strong Security Programs in Education

    • John Otte
    • Sep 11, 2017
    Information security is a top concern in every industry. In 2015, the percentage of reported data breaches caused by hacking incidents increased 8.4 percent over 2014 numbers to reach the highest value in nine years (37.9 percent), according to a report from the Identity Theft Center. Cyber crime is a sophisticated criminal enterprise, and billions are lost annually through breaches of businesses, healthcare organizations, and government entities; and yes, educational institutions too.
    Continue Reading >
  • Can’t Find Cyber Security Talent? Try These 5 Things

    • Tom Bowers
    • Aug 15, 2017
    According to a recent survey by Enterprise Storage Group (as reported in this Network World article), 45% of organizations reported a “problematic shortage” of cyber security skills, representing a 17% increase from their 2015 survey results. The shortage of skills creates a problem. But the obstacle is not insurmountable. Despite the talent shortage, here are five things you can do to find resources and build an effective cyber security program.
    Continue Reading >
  • Connecting Cloud and Security in the Digital Age

    • ​Lee Waskevich
    • Mar 16, 2017
    Cloud adoption is increasing. While growth rate estimates vary, the trend is going up. But some studies reveal that cloud security remains a big concern, and it’s having an impact on cloud services adoption. According to a study by Intel, 49% of customers said they slowed down their rate of adoption last year over security-related concerns, specifically citing a shortage of cybersecurity skills.
    Continue Reading >
  • Optimize Your Security Program with Managed Security Services

    • Wayne St. Jacques
    • Feb 10, 2017
    I talk about security a lot these days. It’s unavoidable, really. In my position, I meet and speak with so many IT people—colleagues, customers, and prospective customers—from commercial industry, healthcare, government, and education. And all of them share one similar concern: security.
    Continue Reading >
  • New Cybersecurity Regulations Soon to Take Effect in New York. Is Your Company Ready?

    • Tom Bowers
    • Jan 12, 2017
    New cybersecurity regulations go into effect for financial services companies in the state of New York on March 1, 2017. And the time to act is now.
    Continue Reading >
  • Ransomware Attacks on the Rise. Take Steps Now to Avoid Being a Victim.

    • Tom Bowers
    • Jan 6, 2017
    Ransomware attacks are increasing. And it’s costing U.S. companies millions to extract themselves from the clutches of these blackmailers—to the tune of $209 million in the first three months of this year, according to information provided to CNN by the Federal Bureau of Investigation (FBI).
    Continue Reading >

Ready To Begin? Contact Us Today.

Request A Presentation