NetWorks Group Blog

Security technologies such as firewalls are meant, at best, to prevent data security breaches, or at worst, detect them before they get out of hand; but in some cases, organizations have been complacent. In the infamous Target data breach of 2013, hackers were roaming their system and stealing data for two weeks before the breach was even detected. In the equally egregious breach of Heartland Payment Systems five years earlier, hackers were stealing data for several weeks before the invasion was discovered. Ironically, both Heartland and Target were PCI-compliant, but the time lag between system compromise and detection was unnecessarily long. And, they’re not alone in this regard. 

Topics: Security Monitoring, Managed Detection & Response, Compliance, PCI

What the security community says about a specific industry vertical usually holds true for a good percentage of what is seen in the wild. You can ask any hacker, defender, CISO, etc what industries struggle the most and there are common themes in their answers. Top of the list includes healthcare, manufacturing, government, and financial. Some of the most heavily compliance controlled and regulated are also some of the least secure. Why is this? Is it due to administrators and senior management taking compliance standards as gospel? Maybe it’s a lack of knowledgeable staff like the blind leading the blind.

Topics: Information Security, Compliance, Healthcare, HIPAA

With data breaches in the healthcare industry increasing exponentially, it's critical for those in leadership positions to get serious about HIPAA security and enforcement. You need to understand not only why HIPAA is important but how the rule enforcement process works and the penalties that can be implemented.

Topics: Information Security, Compliance, Healthcare, HIPAA

PCI Compliance is here to stay:

Typically, IT managers dread the annual PCI assessment. With publicized credit card breaches on the rise, meeting PCI compliancy will be even more so of a requirement with potential increases in punitive actions for companies not meeting that compliancy. To add to the existing complexity of PCI DSS, with emerging threats of capabilities to breach corporate networks on a consistent basis, PCI requirements will remain in a perpetual state of change. 

Topics: Ethical Hacking, Vulnerability Management, Compliance, Penetration Testing, Threat Management

Healthcare data theft totaled more than 112 million records in 2015, according to the Office of Civil Rights. Moreover, 42.5 percent of all data breaches have occurred in the healthcare industry in the last three years, and 91 percent of healthcare organizations have reported at least one breach in the last two years. Hackers, unauthorized access from staff, improper disposal, data loss — all of these factors contributed to large-scale data breaches in hospitals and medical facilities across the United States. Now, more IT managers and administrators are investing in cybersecurity to safeguard patient data.

Topics: Managed Detection & Response, Information Security, Vulnerability Management, Compliance, Healthcare

A comprehensive cyber security framework consists of several components, and one of the most important among them is security log monitoring. Without an effective security log monitoring and management policy in place, a company runs the risk of non-compliance, and perhaps fines, if there is ever a data breach. In order to maintain compliance with guidelines laid out by laws like HIPAA, and frameworks such as PCI, companies need to have an effective security monitoring solution in place that can help them collect and analyze log information so they can detect and respond to cyber attacks.

Topics: Security Monitoring, Managed Detection & Response, Information Security, Compliance

What is PCI Compliance?

Topics: Managed Detection & Response, Information Security, Vulnerability Management, Compliance

In March 2015, the PCI Council released their Information Supplement for Penetration Testing Guidance.  This is a fantastic move as previous guidelines were centered on the completion of penetration tests and left the methodology for completing those up to the auditor.  With this guidance in place, we now have a clear definition to what qualifies as a penetration test in the eyes of the Council.  There isn’t a need to rehash the document for you here, and I encourage everyone to read it.  I would like to focus on a few key highlights that I’m happy to see added.

Topics: Ethical Hacking, Compliance, Penetration Testing

If you're a fan of delicious restaurants, awesome concert venues, Big 10 sports, or just a bike-friendly city, then you should probably be working with us in beautiful downtown Ann Arbor, Michigan. The team at NetWorks Group works at the corner of Main and Huron, a central-point to blocks of great places to shop, eat, and relax at. Located a short distance from the University of Michigan, NetWorks Group benefits from the feeling of both a college-town and an active business hub for southeastern Michigan. For a vibrant mixture of cultures, architecture, and activities, Ann Arbor is hard to beat!

Topics: Security Monitoring, Managed Detection & Response, Ethical Hacking, Device Management, Information Security, Threat Hunting, Vulnerability Management, Security Architecture Review, Compliance, Penetration Testing, Incident Response, Threat Management

At NetWorks Group, we put a lot of value in interacting in person with the various technology communities important to our team. More than that, we love to be able to meet with customers and people looking to find out more about what we do and how our team could help yours achieve tough goals.

Topics: Security Monitoring, Managed Detection & Response, Ethical Hacking, Information Security, Vulnerability Management, Compliance, Penetration Testing, Threat Management