1 TRANSCRIPT OF WEBINAR Beyond the Firewall Watch the webinar PARTICIPANTS: Moderator Neil Carter, StillSecure Senior Security Engineer Chris Hill, Hostway Sales Engineer Manager JUMP TO A TOPIC: 1. Introduction 2. Security Risks and Mitigating those Risks 3. Costs of Cyber Attacks 4. Firewall Tools 5. Intrusion Detection Prevention System 6. Web Application Firewall 7. Log Management and Integrity Monitoring 8. Vulnerability Scanning 9. Implementing Technologies 10. Difference Between a Firewall and Web Applications Firewall? 11. Is Cloud Server Technology More Secure Than Traditional Servers? 12. Firewall Best Practices 13. How to Deal with a Hacked System 14. How Does Outsourcing Help With PCI Compliance?
2 [silence 00:00 to 00:04] Jeff: [0:05] All right. Starting broadcast right now. Woman: [0:13] The broadcast is now starting. All attendees are in listen only mode. [silence 00:17 to 00:23] Introduction Jeff: [0:24] Hi, everybody, good afternoon, and welcome to Beyond the Firewall, presented by StillSecure and Hostway. This webinar's going to cover the top network security issues and six ways to avoid them. On the line, we have Neil Carter, senior security engineer with StillSecure, as well as Chris Hill, sales engineer manager at Hostway. [silence 00:45 to 00:48] [0:49]...of what you will learn today. We're going to talk about security threats, threat vectors and cyber attacks, the cost implications of cyber attacks. We're going to cover, also, managed security, six tools to secure your network, as well as data center security and compliance. Also, Hostway's approach to managed security. [1:12] Now, in the next slide, I'm going to go ahead and pass it over to Neil, who's going to go ahead and kick it off here. Security Risks and Mitigating those Risks Neil Carter: [1:19] Great. Thank you very much. Yeah, as Jeff just said, we're going to talk about some security risks and some costs and some ways to mitigate those risks. Not everyone may feel like they're a target, but all companies, even small businesses, no one is immune to cyber crime. Criminals and attackers target small businesses for many reasons. One is an attempt to defraud them. [1:51] This can be really devastating to a small business as they tend not to have large amounts of resources to begin with and it can really hurt them. Another reason attackers go after small businesses is because they have few, if any, security network personnel, or even, possibly, IT personnel. A lot of the times, it leaves their systems unpatched, unmonitored and vulnerable to attack. [2:19] Once an attacker has control of these systems, they like to install bots or malware in order to launch attacks at other targets, perhaps larger companies that they might try and DDoS. That can possibly open up the business up to lawsuits or even legal action, which is no good. Let's see...let's talk about some of the threats out there today and where they're going and what exactly they are. [2:58] The Internet today is a pretty dangerous place. If you were to take an unpatched server and put it directly on the Internet, within minutes, it's going to be scanned, it's going to have rootkits on it, it's going to be attacked. It's going to have bots on it, malware, all kinds of things, just within minutes. Attackers just especially like to set up FTP servers where they host their most likely illegal files for dispersing among other people. [3:33] A couple things here...malware, let's talk about what some of these are. Malware's basically programming or code that is there to disrupt or deny operation. It's used sometimes to gather information that leads to possibly loss of privacy or exploitation. It can be used to gain unauthorized access to systems and resources. [4:01] Sequel injection attacks, what they are...attackers will run queries against a web application. They do this so that the query actually returns an error. They inject a request into the servers that should return an
3 error. Depending on what they get back in this error, they can learn a lot about the database, how it's structured, what columns are in there, even what possibly, what usernames are in there? [4:33] Once they do that, then they can compromise the database with a brute force password attack, or better yet a more focused password attack. It basically gives them insight into what the database looks like. Botnets are created when an attacker places a bot on multiple computers, so it becomes a network of bots. These bots can be anything from keystroke loggers used to get user names and passwords, to proxy servers so a hacker can possibly hide their identity by proxying through this server they've attacked or compromised. [5:15] If they get enough bots on enough machines, they can launch a DDoS, or a "distributed denial of service attack", which we'll talk about in a minute. Those are really difficult to stop and are very damaging to networks. A DDoS is an attack that is a distributed denial of service attack. What that means is that an attacker ties all these bots and requests resources from a specific target system. Just this flood of requests creates this denial of service, preventing the legitimate use of the website or application. [6:04] A zero-day exploit is one that has just been released into the wild. We've actually come to the point where these can be purchased at any point, the well-known Zeus malware code can be purchased on the black market. It's basically been altered so that it's zero-day. It's a new code, but it's still the Zeus attack. [6:33] It's pretty incredible what's happening out there. It's amazing. Malware is quickly becoming pretty much a commodity. Some other things we're concerned about are exploited vulnerabilities within software. We'll talk a little bit more about that in a minute. Then some employees, insider attacks are becoming more and more frequent. A couple of the technologies we're going to look at actually directly address insider attacks. [7:11] We'll just talk a little bit about SANS here. SANS is a source for information security and training and security certification. They're pretty well known. They develop and maintain, at no cost, a large collection of research documents for everyone, anyone that is interested, about various aspects of information security. [7:34] Now, according to SANS, there are two factors that organizations fail to mitigate the most that cause the most problems. That's unpatched software and vulnerable websites. It's somewhat understandable that systems may go unpatched for a time these days. [7:55] Who doesn't get annoyed with a task bar notification saying you need to update this and that, Adobe needs to be updated. It does get annoying. But it's something that people really need to keep on top of and make sure that they get that done. [8:12] Internet-facing websites by their very nature are prone to attack because they sit on the network or on the Internet. We need to make sure that they're patched and up to date the most. They're the most dangerous of servers, so they need to be kept up to date. The security steps we're talking about today will cover these areas. Costs of Cyber Attacks [8:41] OK, now let's talk a little bit about the costs associated or the cost implications of cyber-attacks. Now, Ponemon is a company is a research center dedicated to privacy, data protection, information security policy. They produce annual consumer studies on privacy and trust. What we're going to look at are some of their graphs and information from their Second Annual Costs of Cybercrime Study, which was done last year.
4 [9:22] This study is based on a representative sample of 50 organizations in various industry sectors. Cyber-attacks have become so common that these companies in this study experienced 72 successful attacks per week, so that's more than one successful attack per week per company. It's happening a lot. It's definitely out there. [9:48] OK, so this first chart, the average annualized cost by industry sector, we're looking at the cost of cybercrime per industry. The cost appears to vary by industry segment and shows a consistent pattern between 2010 and Those that were targeted in 2010 are still being targeted the most in [10:16] As you can see, defense, utilities and energy, financial services companies are experiencing the most cost associated with cybercrime. But all industries are experiencing these costs, so it's not just those. Everyone has to deal with it, even if it is at a lower cost for, say, hospitality, retail, customer products. [10:42] But as we can tell, from year to year it is increasing for pretty much every one of those sectors, except for, I think, public sector there. That cost has increased from 2010 to Now, let's move on the cost mix of attacks by organizational size. What this does is it compares small, medium, and large organizations and reveals the cost mix, or the cost for specific types of cyber attacks. [11:27] Specifically small organizations seem to experience a higher proportion of cyber crime cost relating to malicious code and malware, and that makes sense if you think about it smaller companies maybe aren't as large a target, they are still targets, but they would see the most cost coming from malicious use of malware, things that people download in the work area. [11:53] In contrast, large organizations experience a higher proportion of cost relating to malicious insiders, stolen or high jacked devices, and of course denial of service. This is probably due to what the attackers are maybe after. Larger organizations may have more valuable secrets trade secrets and this could be their target. Also the DDoS attacks actually happen because attackers will hold a network hostage. They'll start a DDoS attack and not allow any legitimate traffic through until the organization actually pays to have the DDoS removed. This occurs quite frequently as in organizations will end up paying that ransom to get the DDoS attack removed. [silence 12: [12:19] 45 to 12:51] Let's see... [silence 12: [12:51] 52 to 12:54] [12:54] Oops, I think I skipped too many slides here. OK, let's talk about the average annualized cost per enterprise seat. What this is telling us, what this graph is showing us is the cost associated per seat depending on the size of the organization. [13:15] We're seeing that the smaller the organization, actually the cost per seat is higher for the smaller organizations than it is for the larger organizations. Which makes sense again as they have fewer employees so the cost to them is going to be a bit greater, for the smaller organizations. Now let's just take a look at what the research shows as far as what companies are doing now to secure their networks, to secure their organizations. [13:54] This is specific to healthcare but I think it's going to be similar for pretty much any vertical, any vertical out there. The graph shows ways that they're attempting to secure their networks. The most frequently cited here are policies and procedures with the anti-virus, anti-malware, training, firewalling. [14:18] Now some of the things we're going to talk about today are a little further down on the list, intrusion detection, encryption. Some of those companies really need to start taking a look at encryption is something that really needs to maybe move up that list as we're trying to protect PII, Personally Identifiable Information, really needs to be encrypted. I think we're going to see in the future, we're going to see some of these things trending upward and being used more and more.
5 Firewall Tools [14:55] Let's go ahead and talk about these six tools. Now I will say that one of them is going to be the firewall. It is still important. It is very important, and absolutely necessary. What are we looking at here? What we're looking at is defense in-depth, now what is that? That's basically what we call layered security, and that is the idea of using multiple different levels of security features are technologies to protect the network. [15:29] We're not just using a single device, we're using multiple devices or multiple technologies. The reason we do this is because there is just not one technology that exists that's going to stop all hackers or all malware from reaching a network. Now there's many different types of technology out there and it's best to use them in this layered approach. [15:52] Most of these technologies are not...pretty much all of these technologies are not, set and forget technologies. They take a lot of time and a lot of management to actually work with these and we're going to talk about a way to get beyond that and to help out with that. Some devices are there to protect a network at its edge like the firewall and IDPS and web applications firewall. [16:21] All of these devices sit at the edge of the network. While others maybe don't sit at the edge of the network they sit inside the network and are monitoring things going on within the network and that includes file integrity monitoring and log management, the log monitor. There, if something's going on within the organization that doesn't maybe cross the firewall, it can still be alerted on, hopefully before any damage is done. [16:50] Let's talk a little bit about the firewall here. Obviously I just said that it's absolutely necessary, the minimum protection you need, and configured properly it actually does provide a lot of protection. That's why they're so popular, that's why they're there, that's why everyone has one. [17:08] Now, the firewall basically allows or denies traffic based on something, based on port or protocol, or IP address that it sees within the packet. The firewall does create this necessary boundary between the Internet and the company's business. Another thing firewalls provide is NAT, most companies use NAT to, so that they can take advantage of private IP addressing within their network but still maintain a presence on the Internet. [17:43] Another thing that the firewalls are useful for is the logs they create can be correlated with other technologies, like IDPS events. This correlation is really important when you're looking at forensics maybe after an attack, or after a breech has occurred to know how to move forward. To know what happened, why it happened, and how to stop it in the future. [18:14] A lot of firewalls serve as a termination point for VPNs so that's another good use that they have. One other thing is that firewalls filter out a lot of noise on the Internet. If you have an IDPS system that you put on the Internet you're going to see so many alerts all the time and if you place that behind the firewall then the firewall is going to filter a lot of stuff that you don't actually need to see at all. [18:44] It's really important not only to layer these devices, but also to place them in the right order so that you're getting the most out of them. A few things to consider about firewalls...some organizations tend to think, "Well, you know what? We have a firewall, so we're safe. We don't need anything else." Like I said, it's important that organizations don't let their guard down in other areas. [19:12] Because there are ways around firewalls. People can get in through older dial-up connections. Maybe though a connection that you have with a business partner. There can be ways around firewalls. They are not a magic bullet.
6 [19:33] Probably the biggest shortcoming of firewalls is that they don't look at the traffic beyond what's in the header. Like I said before, they look at maybe port, IP address, what protocol, but they don't actually look at the traffic. If malicious traffic has the correct destination IP address, it's on the right port, then it's going to go right through the firewall. We need something else to actually look at that traffic and determine if it's malicious or not. Intrusion Detection Prevention System [20:07] The first thing is IDPS, Intrusion Detection Prevention Systems. The function of IDPS is really an alarm and blocking system for malicious traffic coming on to the network. It needs to be deployed in line to be effective at all, and stop malicious traffic. [20:31] Typically, it sits behind the firewall, and analyzes traffic that the firewall allowed through. Because IDPS has been around so long, it's considered a very mature technology at this point. It's been tested by many organizations, and the rates of false positives and false negatives are really going down a lot. Especially with a good fine-tuning adjustment within the IDPS. [21:03] False positives are when legitimate traffic gets marked as malicious traffic. It's important to go through this tuning, so it doesn't happen. False negatives are where malicious traffic is not blocked, or is not seen as being malicious traffic. There's a couple of ways that IDPS systems actually work. [21:30] Typically, they are based on signatures and anomalies. The signatures are written that match some unique property within the traffic or within the packet. While anomaly-based prevention watches for traffic patterns, and matches known types of attacks and their traffic patterns, such as DOS attacks. They tend to have a signature pattern. [22:02] A lot of malware these days actually sets itself up on an endpoint, and without the user's knowledge, communicates externally to another device. Botnet worms tend to do this. Now, it's important, because of this, to actually inspect the egress traffic from your network as well. A typical IDPS system will do this. It will look at the outbound traffic, and make decisions on that as well. [22:32] Now with the added protection of using an IDPS, it does come with a little bit higher maintenance cost. Someone does need to look at the alerts to determine what to do with the alert. To see if it's even useful or not on their network. It's pretty important that you have a 24-hour coverage on these things, and that may be difficult for some companies. But we'll talk a little bit later about how to mitigate that, and how to help out with that. [23:01] Again, a lot of these are not "set it and forget it" technologies, you really need to do something with it. If you have any compliance drivers as well, say, PCI or HIPAA, probably part of that is going to be monitoring. I know with PCI it is, you need to watch those alerts, it has to be someone looking at them. Web Application Firewall [23:24] OK. Move on to, if I can get the slides to change, web application firewall. Web application firewall, it's somewhat like an IDPS, except it looks specifically at HTTP and HTTPS traffic. Now that is obviously web traffic. It's specifically for web applications. They're designed to understand what normal web traffic looks like, and what malicious web traffic looks like. [24:04] If we look at the attacks that are going on across the Internet, we'll see that a large percentage, well over 70% is actually targeting these web applications. This is probably true, because there are so many of
7 them out there, and that's what we use the web for. It's also important because it can be difficult to write web applications that don't have vulnerabilities. [24:33] That's another piece of the puzzle, is the actual writing of the application. These vulnerabilities typically can include cross-site scripting and the sequel injections we talked about. Cross-site scripting is when an attacker basically places scripts within a web page so that when someone else opens the web page they get that script run against their computer. [25:03] Web application firewalls are extremely flexible and custom rules can be written to fit any application, or most any application. Another thing that's pretty amazing about web application firewall is the idea of virtual patching. When a new vulnerability is found within an OS or web server product, it's going to take some time for the patch to be released by the vendor. [25:33] If you have a web application firewall in place, you can write a rule specific to that exploit. Basically, you're blocking that traffic at your web application firewall until a patch can be released for the OS or for the web server product. They're also flexible in that they can be employed in either a positive or negative security model. [26:00] Positive security model is basically a white list. It only lets defined legitimate traffic through while blocking everything else. A negative security model is the opposite, in that it lets through all traffic, and only looks for and blocks malicious traffic. Log Management and Integrity Monitoring [26:22] Let's move on to the last three items here. Log management...i think two log management and file integrity monitoring are becoming more and more important as time goes on. Most of the devices, if not all of the devices on our network, have some kind of log. [26:43] They're either logging configuration changes, access, user activity. With these logs, if you can parse them, they're actually is a wealth of security and configuration information in that data. The problem is, consolidating it, correlating it, and actually understanding what's going on. This is what log management helps you to do. [27:08] With normalized data, it's easier to find patterns within that data to look for attempted breaches, actual breaches, or maybe misconfigurations that would possibly cause a problem. If a company is monitoring their logs, they'd be more likely to notice that, say every night, there's multiple login failures to a specific place. They could be evidence of a brute-force attack against a network, a dictionary attack, and without this monitoring, a company could completely miss that until the attacker actually gains access, and it's pretty much too late. [27:51] Along with giving a better view into how possible security-related issues, log management is extremely useful in helping IT staffers resolve other problems. As well as security, it's also helpful for IT staff. In the event of a breach, it's really important in helping to determine what happened, log management. You can see users logging in, attempting to log in, once they get access, you can see what commands they ran. What they were accessing, what software they installed. It's really great for forensics, and actually cleaning up the problem. Another thing too is that a lot of companies are under compliance [indecipherable 28: [28:20] 45], as I've mentioned, PCI, HIPAA, and log management is usually one of the necessary items on those lists.
8 [28:56] Finally, integrity monitoring is another key aspect of network security. It can be extreme powerful if used correctly. Unfortunately today, it's very under-utilized. Probably because of the administrative overhead that's created with these services in these technologies. [29:18] Most attacks and attackers will modify, somehow, critical system files or configuration files, maybe the registry. They may be installing their malware or stealing data, but they're going to leave some trace of that they were there, and they touched files. File integrity monitoring really helps to find those changes. [29:41] Basically what file integrity monitoring does is it takes a one-way hash of these important files, and theoretically takes the same hash. If the hash changes, we know that the file has changed, and something has happened, and we can look into it. The one-way hash is a form of encryption that these systems use. [30:07] Again, as with log management, file integrity monitoring is great specifically for data breaches. Especially when the breach occurs from insiders or privileged users as those types of breaches don't typically cross a firewall or into the Internet. They happen inside the network, and therefore IDPS may not detect them. Both log management and file integrity monitoring are great for that. It also helps to prevent system instability from unauthorized, or possibly, unplanned changes to the system. Again, as well as with log management, file integrity monitoring is an integral part of compliance. [silence 30: [30:40] 55 to 31:10] Vulnerability Scanning [31:11] OK. Vulnerability scanning...vulnerability scanning is extremely important as application and OS vulnerabilities are basically open doors for hackers, and people trying to steal data from the organization. These vulnerabilities are exactly how they gain access. The vulnerabilities are released publicly. [31:37] You do a scan of the network, you determine what version of specific software is running, and then they exploit that vulnerability. It's really important to keep up on these vulnerabilities. That's what a vulnerability scan does, it allows us to know what the vulnerabilities are and hopefully get them fixed before the bad guys find it. [32:02] Now, it's not really enough just to scan the network for vulnerabilities. A scan by itself is pretty useless. You need to scan, remediate, and then rescan to make sure the problem has been resolved. [32:18] New vulnerabilities are found for all kinds of applications all the time. It's important to remember that scans aren't a onetime thing and that you must, you do have to remediate, which get patches and then do rescans. Now, for the best ROI for vulnerability scanning, a company really should prioritize what systems it's scanning. [32:42] As I said, earlier, no web basing applications, web basing service are probably the most critical and must be done first, web facing databases. Then, other end points, internal end points can be dealt with. They should not be left out, they should still be scanned, but it's prioritized with this thing. Implementing Technologies [33:06] Now, I know that we've gone through a few technologies here. It can be daunting as to how to manage these types of technologies. How do we get them implemented? How do we manage them? It might be tempting to say, well, let's just have IT do it.
9 [33:25] This is technology, this should be IT's realm. But more and more, we're seeing that that's not really a good idea, and that it's putting more of a burden on IT, and makes it harder for them to keep critical systems up to date. It's really best to have a dedicated network security team to handle the job. [33:46] Unfortunately, as we're talking about, companies may not have those resources. One great choice out there is to actually look at a managed security service provider. Basically, outsourcing that security to a full time, 24 by seven security staff of experts in the field of security. That's a really good choice for managing these kinds of devices. [34:18] In the past, we've thought that people have outsourced to reduce costs. Well, that used to be the main driver for outsourcing, but as we can see here from this graph from Forester, that's no longer the case. More and more, companies are looking to outsource because of that coverage, because of the experts in security that they're going to get, the greater competency, improving protection. It's actually really a good choice for most companies out there, pretty much all companies, to look at a managed security service. Now, with that, I'm going to hand it over, back over to Chris, so he can tell you a little bit about the Hostway StillSecure managed security services. [silence 35: [34:51] 09 to 35:12] Chris Hill: [35:13] Thank you very much. Thank you for that. First and foremost I like to thank everyone for attending today's webinar. We really appreciate the opportunity to speak with you about StillSecure Services and also learn a little bit about Hostway. The Hostway was founded in We are privately owned and operated and headquartered in Chicago, Illinois. [35:30] Currently we have over 600 employees in 13 countries across the globe and have over two million customers spanning our portfolio of products and services. We also have over 15,000 servers across our North American data centers. We have data center locations on the East Coast, the Central United States and also the West Coast. [35:55] Hostway has worked with StillSecure to add eight new standard security packages ranging from an economical multitenant option, to a solution designed to support multitenant options all the way to options which will support a PCI compliant initiative. The options include introductory option, which is a network firewall, SSL, our VPN for remote access, patch management, vulnerability scanning, and utilizes a multitenant environment to deploy the model. [36:29] This model allows multiple customers to be hosted on a single appliance running in our data center and allows us to have our customers physically separate their data to ensure the confidentiality and security. Other multitenant dedicated bundles include various combinations of intrusion detection or intrusion prevention, log management, file integrity monitoring, and web application firewall, for Hostway customers needing to block attacks on their website or protect an e-commerce application. [37:05] Most of the time on the sales and engineering calls security is at the forefront of almost every call that we're on. We tend to try to balance and close the gaps between our customer security needs and budgetary controls of our customers. The integrated service, the StillSecure Service is very easy for us to deploy. [37:25] We send out a presales questionnaire that helps us address many of the security questions that you'll go through upfront so we can configure or preconfigure the device prior to deployment. At that point it becomes a real minimal downtime for an existing infrastructure or we can do a quick deployment if it's new equipment. We are currently also the only hosting provider to allow or to provide a multi-tenant system available, for customers looking for a low scale or low usage solution but still get, still leverage the IDS and IDPS solution. [38:01] The multi-tenant allows us to leverage the extra added security with also the economy of a multi-tenant environment. We also provide custom solutions for most of our customers that meet their business and technical requirements. The environments can range from very simple solutions, webserver, database server to very complex solutions utilizing NAS, SAN, clustering technologies.
10 [38:27] We also have customers that are both running Hyper-V clusters and also the VMware clusters and private cloud solutions. At Hostway we can really basically customize your solution to the needs of your business, keeping your budgetary concerns in mind. Difference between a firewall and web applications firewall Jeff: [38:47] Great, Thank you very much Chris. One of the questions that we have on here before we wrap everything up is, and I don't know Neil if you want to take this one? Its, what differentiates a firewall from a web applications firewall? Does anybody want to take that? Neil: [39:09] Sure, I can definitely take that one. Yep. Jeff: [39:10] Thanks. Neil: [39:12] As I mentioned the firewall basically allows or denies traffic by port, by IP. It's really just looking at the header and saying OK, my rule is I allow port 80 traffic through to this IP address, maybe a webserver. What a web application firewall does is it actually looks inside the packet for matching signatures, looks for cross site scripting types of signatures, sequel injection attacks. It's actually looking at the data matching it to either anomalies or specific rules that are written for that application. Is Cloud Server Technology more secure than traditional servers? Jeff: [40:04] OK great. Another question we have is, "Is cloud server technology more secure than traditional servers?" Neil: [40:14] That's a good question. I don't know that either...i wouldn't say that either is more secure. You still have to take everything into account. There is some thoughts that maybe they're less secure because the Hyper-V they're sharing hardware, but I don't believe that's true. I think they're just as secure. I don't think one is more secure than the other, no. Chris: [40:42] Yea I would agree. I would say that the attraction layer between the attraction layer and the hypervisor, and the guest OS is quite secure. Neil: [40:49] Right. Yeah. Firewall best practices Jeff: [40:53] All right great. Another question we have is, "Is there a resource for best practice firewall rules for various common services, i.e. FTP, http, etc.?" Neil: [41:07] Well for a firewall, I would say, I mean the best practices are don't have the port open if you're not running the service, A. If you are running the service, make sure that if it's an FTP site, and you are allowing access from specific IPs, then only allow service from specific IPs. I don't know that there's a specific resource for firewall rules and what the best practice is but Google, you can Google that and I'm sure you'll come up with a big list of them. [41:47] But those are two big ones. You know, don't have ports open that you don't need, and really limit what you have open and what you allow. Really limit that. Don't just open that up to the entire Internet.
11 How to deal with a hacked system Jeff: [42:03] All right great. Another question that we have is, "If my system has been hacked, what steps should I take?" Neil: [42:11] Good, good question. The steps you should take are pretty obvious I think. First of all you need to remove whatever malware or whatever has been placed on your end point. You need to...sometimes that includes booting into safe mode and removing things. If you're talking about servers, there's software that you can run to remove that stuff after it happens. [42:44] Now once that's done you need to take a look at what security you have in place. Why it happened? How it happened? What vulnerability was exploited? Use that information to stop it from happening again. [42:58] Maybe that means you were missing a patch, make sure you get that patch on there. Maybe it means that someone had access to the server that shouldn't have, and downloaded something they shouldn't have. Make sure that only people that need access to that server have it. [43:15] Then making sure you have up-to-date AV as well as have these security technologies in place that we're talking about. Using the fact that you got hacked to prevent it from happening again is a really important thing moving forward. How does outsourcing help with PCI compliance? Jeff: [43:36] Great. Another question we have is, "How does outsourcing help in my PCI compliance?" Neil: [43:44] With PCI, a lot of the technical details within PCI necessitate 24x7 watching of IDPS alerts, or a certain amount of time looking at logs, making sure that the alerts are dealt with in a timely manner. A managed service basically gives you a network security team to do that for you. 24 hours a day they're watching alerts, they're watching your logs. That's really where the importance of a managed service comes from. Jeff: [44:37] All right, great. Well, I think that's it in terms of questions, and the webinar. I'd like to thank everyone for attending. We also have this webinar recorded as well, and we'll be sending that out as a follow up later, as well as making sure that we answered all of everybody's questions. If there's nothing else, we'll go ahead and wrap it up. Thank you, Neil, and thank you, Chris. Chris: [45:01] Everyone have a great afternoon. Neil: [45:03] Thank you everyone. Ready to add pro-active security to protect your data? See how Hostway can help. Call: Hostway Chat: Visit: ges.html