On Thursday, April 11 this year. in Concordia Design a business breakfast devoted to network security by Palo Alto Networks will take place in Poznań.

During the meeting, we will discuss Palo Alto Networks technologies, in particular:

• next-generation firewalls (NGFW) operating on the application layer,
• protection of workstations using TRAPS software,
• operation of the WildFire cloud service,
• Thread Prevention protection,
• filtering network traffic,
• reporting on network traffic.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

Cybersecurity, hackers, threats and vulnerabilities have been talked about more and more recently. The entry into force of the provisions of the GDPR caused the first wave of increased interest in the issues of risk analysis, vulnerability identification and risk minimization. Almost a year has passed since then, and security still seems to be one of the most popular issues in the IT industry. At the end of last year, another wave of interest aroused the so-called "Cyber Act", i.e. the Act on the National Cybersecurity System. Although it does not arouse such emotions as the GDPR, because it covers only providers of critical services from the point of view of the state, it is one of the hottest topics in the sectors of the economy related to energy, transport or health protection. It is also worth recalling that since 2015, the public finance sector is still covered by the regulation on the National Interoperability Framework, in which a fairly large fragment has also been devoted to security issues.

All the above-mentioned regulations refer to the need to implement information security management systems, the task of which is to identify vulnerabilities and threats, analyze the risks associated with them and implement action plans aimed at minimizing this risk to an acceptable level.

Is the threat of attacks by cyber criminals or cyber terrorists really that serious? Unfortunately, everything indicates that it is. Already some time ago, NATO recognized cyberspace as one of the areas of combat operations that it must defend Continue ...

On Thursday, January 31 this year. in Mous Bar A business breakfast devoted to hyper-converged solutions will be held on the 15th floor of the Bałtyk office building in Poznań.

In a relaxed atmosphere with a view of the whole of Poznań, we will discuss various aspects of the implementation of flexible solutions for data centers on the example of HPE Simplivity:

• Overview of the concept of hyperconvergence,
• Solution - physical platform, functionalities,
• Technical issues of SimpliVity,
• SimpliVity in terms of business and examples of applications.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

You can read more about HPE SimpliVity here.

Maintaining business continuity, i.e. the ability to undisturbed implementation of the main processes that bring income to the company, is one of the tasks that are often delegated to representatives of the IT department. Due to the high involvement of information technology in business processes, the IT department seems to be the cell best prepared to handle any unforeseen situations in the form of hardware failure, user errors or deliberate actions by intruders. Is this assumption correct? Unfortunately, not entirely.

Indeed, technology is one of the main factors that have the greatest impact on the performance of any organization and, at the same time, a factor that fails relatively often. Therefore, when we think about business continuity, first of all, solutions aimed at ensuring operation in the event of failure are verified. They are most often limited to redundancy, i.e. redundancy that allows uninterrupted operation in the event of damage to one of the system components. Another category of security are backup systems, which are to make the environment immune to situations related to data loss as a result of a failure, user error or deliberate action to our detriment. Both backup systems and solutions ensuring high availability (HA) are something without which the IT department would not be able to fulfill its business function. If they were not there, the first failure would have serious consequences for those responsible for maintaining the ICT environment. Continue ...

Personal data breach incident - how to handle it?

It is the fifth month since the new regulations on the protection of personal data come into force. The period of the media storm related to the GDPR is probably behind us. Slowly, everyone has adapted to the new regulations, completed the documentation, implemented appropriate procedures and are trying to implement them with more or less commitment. However, one of the most frequent dilemmas related to the protection of personal data is the handling of security breach incidents.

Where did the idea for incident handling come from?

Both the old Act on the Protection of Personal Data and the new provisions of the GDPR mention the need to keep a register of incidents and implement the process of their proper handling. Where do such requirements come from? It is probably a derivative of ISO standards, where such a register has a control function that allows to monitor and evaluate the effectiveness of the information security management system. The number and frequency of security incidents proves whether our data protection system is effective. It also allows you to verify whether the security measures introduced by us are effective, i.e. whether they cause the number of incidents to decrease. Continue ...

On Thursday, June 28 this year. in Mous Bar a dedicated meeting will be held on the 15th floor of the Bałtyk office building in Poznań technical security issues related to the GDPR.

In a pleasant atmosphere of a business breakfast with a view of the whole of Poznań, we will discuss data leakage and theft protection offered by Palo Alto Networks (Next generation Firewalls and TRAPS):

• Securing personal data,
• Data protection against unauthorized access / theft,
• Reporting on events related to data theft.

 Information on the meeting agenda can be found here here. Please register using form on our websitej.

For more information on the compliance of Palo Alto Networks products with GDPR requirements, see here.

We have just over two weeks until the new regulations on the protection of personal data enter into force. Adopted by the European Parliament in April 2016, the General Data Protection Regulation, known as the General Data Protection Regulation (GDPR), will come into force on May 25, 2018.
Lawyers actively support their clients in adjusting formal requirements to the new regulations. However, the preparation of appropriate templates of information clauses, questions for consents to the processing of personal data and contracts for entrusting or sharing data is not everything. It is important to adapt the technical infrastructure to the new realities along with formal and legal activities. And here a question often arises that lawyers are not able to answer: "what requirements must the IT infrastructure meet to be considered compliant with the provisions of the GDPR"? This problem stems from the fact that, unlike the "old" Act on Personal Data Protection, the new regulations do not indicate specific technical requirements. In the entire Regulation, there are only general conditions relating to the safety of infrastructure. So how do you adapt to them? We will try to help you find the answer to this question.

So what are these general requirements? Article 32 of the GDPR, which specifies that the personal data administrator implements appropriate technical measures to ensure a level of security corresponding to the risk, is the most relevant to this topic. It asks, inter alia, attention to solutions such as:

• Personal data encryption
• The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
• The ability to quickly restore the availability and access to personal data in the event of a physical or technical incident
• Regularly testing, measuring and evaluating the effectiveness of technical measures to ensure the security of processing

Continue ...

As you probably already know, on May 25, 2018. new provisions on the protection of personal data enter into force - the so-called GDPR. One of the novelties defined in the regulation is the right of persons whose data we process to "be forgotten". They are defined in article 17 of the GDPR, the content of which is as follows:

Art.17

Right to erasure ("right to be forgotten")
1.The data subject has the right to request the administrator to delete his personal data without undue delay, and the administrator is obliged to delete personal data without undue delay, if one of the following circumstances occurs:
a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject has withdrawn consent on which the processing is based in accordance with art. 6 sec. 1 lit. a) or Art. 9 sec. 2 lit. a), and there is no other legal basis for the processing;
c) the data subject objects to the processing pursuant to Art. 21 paragraph 1 against processing and there are no overriding legitimate grounds for processing or the data subject objects to the processing pursuant to art. 21 paragraph 2 against processing;
d) the personal data have been processed unlawfully;
e) personal data must be removed in order to comply with the legal obligation provided for in the Union law or the law of the Member State to which the controller is subject;
f) the personal data have been collected in relation to the offering of information society services referred to in art. 8 sec. 1.

However, the client's request, which seems to be easy to fulfill, raises some doubts. Backup system administrators pay attention to the fact that deleting a single record of personal data from an archival copy, which is stored on an external medium, sometimes in an external location and Continue ...

Systems implemented to protect IT infrastructure, like any other, may be vulnerable to various types of threats. There are many known cases of threats related to, for example, anti-virus software. We can cite here, for example, the recent critical errors of the RCE class (remote code execution) in the Windows Defender service. In 2017 alone, 6 vulnerabilities were identified, estimated at 9.3 on the 10 point CVE scale.

The same is the case with devices such as firewall, UTM, NG firewall. We can quote some of the louder mishaps a hole in the Cisco ASA IPsec service (versions 7.2-9.5). A buffer overflow vulnerability rated at 10 on the CVE scale could lead to remote code execution.

The end of last year is, in turn, an equally critical flaw in Palo Alto Networks products. PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier turned out to be vulnerable to remote code execution as root without the need for authentication. Two were also identified in 2017 other critical vulnerabilities in PAN-OS systems.

Considering the above information, it is worth taking care of regular updates of your security systems. Below we present a tutorial on how to configure Palo Alto Networks PAN-OS updates.

On October 11-13, 2017, the Primavera Conference & Spa hotel in Jastrzębia Góra takes place II IT Security Forum in Administration. There is a nationwide conference addressed to people responsible for cybersecurity in the public sector.

The topics of the Forum include both organizational and technical issues related to protection against external and internal threats. During the meeting, topics such as:

• obligations of public entities towards the President of the Data Protection Office under the new Data Protection Act,
• preparation of data protection documentation in accordance with the requirements of the GDPR,
• IT systems vulnerability testing,
• civil liability of administrators under the GDPR,
• risk analysis as the basis for the implementation of data protection: methods, scope, practice.

At its stand as part of the Forum, our company will present:

• implementation of network protection solutions based on PaloAlto firewalls and user station protection system using TRAPS software,
• security and GDPR compliance audits,
• NetApp arrays as an efficient platform supporting applications and guaranteeing data availability,
• our proprietary "Plug-In backup" solution built on the basis of Veeam products (data protection in 5 minutes, monthly billing according to the number of virtual machines).

Our participation in the Forum will be complemented by 2 webinars organized after the end of the event:

• PaloAlto next generation firewalls and TRAPS workstation protection - 20 October 2017, 11.00 a.m.,
• IT security in the context of GDPR - 27 October 2017, 11.00 a.m.