Most companies today have an IT department for day-to-day technology needs, but when it comes to addressing digital threats, those IT professionals may need the specialized tools and services offered by cybersecurity companies.
TCDI, Greensboro, N.C., offers cybersecurity and forensics services, said Eric Vanderburg, VP of cybersecurity.
TCDI frequently begins by conducting a cybersecurity assessment, Vanderburg said. The company ensures that a client is in compliance with more than 30 different cybersecurity regulations and standards, including the NIST (National Institute of Technology) Cybersecurity Framework, which guides organizations on how to prevent, detect and respond to cyberattacks.
A TCDI cybersecurity assessment examines how a client’s computer systems are configured, how it conducts training, and what processes and procedures it has in place to protect computer systems and to recover in the event of a cybersecurity incident.
“We go into an organization and we talk with them about what they are doing, review some of their documents and give them recommendations on what they should be doing,” Vanderburg said.
TCDI can then offer solutions, such as antivirus software and managed services, such as ongoing vulnerability scanning, which involves identifying where companies are susceptible.
“The biggest part of it that lumps it all together is continuous log management,” Vanderburg said. “We’re monitoring all of the logs and systems inside of a company, and then we can detect if there is a breach or an attempt to breach, and we can implement different security measures to lock those systems down or coordinate with their IT [department or provider] to do that.”
TCDI also can provide data breach response or incident response services. If a client’s information is stolen, or its email is compromised or it is attacked by ransomware, TCDI would investigate the breach to determine the relevant facts the client’s legal team would need to disclose to those affected. Examples could include credit card companies and consumers, or government groups if sensitive government data were breached.
“We would gather the necessary facts for those notifications,” Vanderburg said.
TCDI’s computer forensics experts can provide investigative services in the event of a legal case involving theft of intellectual property or corporate espionage, Vanderburg said.
Cybersecurity firms use penetration testing, sometimes after conducting a cybersecurity assessment, to identify a company’s vulnerabilities.
“Pen testing, that’s where we’re kind of acting like an attacker, except we have prior authorization to perform all these tests,” Vanderburg said. “We try to break into a system.”
A penetration test evaluates the effectiveness of a system’s security by attempting to break into it and then documenting any weaknesses that are found.
“We also have wireless penetration testing, where we’re checking your wireless systems to see if we can break through the encryption or we’ll go through multiple different networks you may have, like a guest network to a production network,” Vanderburg said.
TCDI also offers a test that examines how susceptible employees are to phishing schemes and other techniques used by hackers.
“We split it off from all the rest of them because, honestly, the human component is usually the most vulnerable,” Vanderburg said.
Typically, the test involves sending out phishing emails in which TCDI impersonates a boss, tech support, or a software vendor to see if employees will click on a link that could lead to malware or steal passwords. TCDI might also drop USB drives around a company’s parking lot to see which employees plug them into their computers.
TCDI also sees what information employees have posted online that might compromise a company’s security. For example, an IT worker looking for help on configuring a firewall might have posted in a help forum and unwittingly revealed information about the company’s firewall that could allow a hacker to circumvent it.
AT&T Cybersecurity also offers a variety of services to manufacturers of all sizes.
Manufacturers may only have a few employees on their IT team, which might not be sufficient to respond to a cybersecurity incident. There is a skill-set shortage in the area, said Bindu Sundaresan, director of AT&T Cybersecurity. That means a company should have contracts in place with a cybersecurity consultant or firm to provide additional help when needed.
AT&T offers security awareness and training programs that are focused on manufacturing, Sundaresan said.
“We can help them take care of their IoT network and we can monitor their operational technology assets ... We are able to monitor and alert them of any vulnerabilities that are found. We are able to help them respond to any anomalous traffic.”
Dealing with cybersecurity threats is a complex challenge, she said.
“Proactive planning for a breach will reduce the cost of recovery. It’s not a matter of if this is going to happen to you, it is a matter of when this happens to you, do you have the plans in place? Do you know who to reach out to? In a crisis mode, you cannot be scrambling to respond to it.”
AT&T Cybersecurity also has experience with penetration testing.
“We definitely do penetration testing, and the primary benefits are to make sure you know what it would be for an attacker to get in and how far they can get in,” Sundaresan said.
Such testing is especially important when there are interconnections between the IT and operational technology (OT) networks, she said. A penetration test can expose any weaknesses that could allow a breach in your factory floor equipment or in a control room.
“We go through your network; we do a vulnerability mapping exercise, and then we try to exploit it,” Sundaresan said. “We try to social engineer your end users. This is how in real life hacking would happen. We try to utilize multiple attack vectors to be able to get into your environment and steal or attempt to steal process information or intellectual property and show you where your vulnerabilities lie. The benefit is this is a real-life simulation for you. This is how you’re going to be exposed, and once you know how somebody can get in, then you can close those holes.”
Among other services, AT&T Cybersecurity provides manufacturers with network security solutions, including managed firewall services and the AT&T Global Security Gateway, which filters and inspects outbound traffic to prevent users from accessing malicious sites or content that is not compliant with corporate policies. The cloud-based service, unlike firewalls, can protect users outside headquarters who are connecting directly to the internet with minimum latency and at an affordable cost, according to the company.
AT&T, through its acquisition of AlienVault, operates the Open Threat Exchange, a global threat intelligence community that allows threat researchers and security professionals to share research and investigate new threats.
Bruce Geiselman, Senior staff reporter
For more information:
AT&T Cybersecurity, San Mateo, Calif., 888-613-6023, https://cybersecurity.att.com
TCDI, Greensboro, N.C., 888-823-2880, www.tcdi.com