The following are 12 best practices companies can follow to minimize the threat and ensure what happens in the boardroom stays in the boardroom.

1. Enhance videoconferencing security by putting the system in a DMZ. Separating it from internal systems will help ensure that any compromise is limited to the videoconferencing system.
2. Enable dynamic inspection of video traffic through the firewall (e.g., H.323).  This leverages the firewall’s capability to monitor and inspect the traffic for potential anomalies or malicious behavior.
3. Turn off the auto-answer feature on the video conferencing system. Many videoconferencing products come with auto-answered enabled as the default, making the system automatically answer and turn on with any incoming call — a virtual welcome sign for any hacker.
4. If possible, disable remote/offsite administration of the video conferencing system, to prevent unauthorized users from attempting to log into the system from external sources.
5. Enable and require administrator passwords for video conferencing/IP phone systems.  Be sure to change the default administrator passwords and keep the password information secure.
6. If possible, use centralized authentication for administration of accounts. This will minimize the overhead associated with administering accounts locally on the videoconferencing device, and help ensure that accounts comply with the organization’s overall administrative requirements (e.g., account lockouts for invalid attempts, password expiration).
7. Create user roles and lock down general user options to only what is needed. Take a close look at who needs access and permissions for which activities. Not everyone will need the same rights and settings.
8. Utilize account lock out for excessive invalid logon attempts. A few slips in entering a password can be expected, but multiple repeated attempts to log on could indicate an attempt at fraud. Lock the account after a specified number of tries (e.g., three or five successive invalid attempts).
9. Provide videoconferencing user and security awareness training. User naiveté about the capabilities of unsecure videoconferencing can pose tremendous risk. Make sure all employees are trained on secure use and practices.
10. Keep videoconferencing systems updated and patched. Videoconferencing systems should be treated like any other networked computer devices or software. Check for, schedule, and run upgrades as needed and make sure you’re operating current versions.
11. Enable audit logging and reporting. This will provide an audit trail and history of access attempts, both legitimate and otherwise, which is essential as part of a monitoring strategy to watch for unauthorized activity in the environment.
12. Take it seriously. Document videoconferencing policies, standards, and procedures and adhere to them.

If you have questions about your videoconferencing security or any aspect of security across your enterprise, contact your partners at GBprotect. As a leader in providing personalized, better security throughout systems, operations, and applications, GBprotect’s only priority is your peace of mind.

Stay informed, stay protected with GBprotect

GBprotect just returned from the annual RSA Conference, where the world’s IT security leaders share insights and strategies surrounding evolving threats and vulnerabilities. GBprotect attends this conference every year to collaborate with presenters and attendees and confirm our insights on the latest security issues.

This year’s hot topics included:

• Hactivisim
• Social engineering
• VoIP security
• Mobile security
• Risk management
• Cloud security

What our clients need to know

• Next Generation Firewall (NGFW) capabilities are more important today than ever. Addressing network security at the port or service level is no longer sufficient. GBprotect can work with clients to maximize the benefits of these new technologies to gain a greater degree of control over specific applications and users, detect and stop malicious software attacks, and address Advanced Persistent Threats (APTs).
• A large majority of attacks are exploiting known vulnerabilities that have security patches available. Why are they overlooked? They’re found on equipment that IT teams are often unaware of, such as development equipment and personal devices “temporarily” connected to the internal network, or on equipment that has not been authenticated to the network to receive the latest patches.SANS has updated its Top 20 Critical Security Controls for Effective Cyber Defense, and number one on the list is ensuring there is an inventory of authorized and unauthorized devices. GBprotect can assist clients in establishing or enhancing their asset inventory systems to be sure they include network addresses, machine names, purposes, and asset owners, as well as whether devices are portable, what software is running on the system (including the revision of code), and what relevant patches are installed.

If you have questions about these issues or any aspect of security across your enterprise, contact your partners at GBprotect. As a leader in providing personalized, better security throughout systems, operations, and applications, GBprotect’s only priority is your peace of mind.

Stay informed, stay protected with GBprotect

ENGLEWOOD, CO – April 5, 2012. GBprotect, an industry leader in client-focused managed security services, today announced it was named a finalist for the 2012 Colorado Companies to Watch Award.

The annual award recognizes second-stage companies that develop valuable products and services, provide quality jobs, enrich communities, and create new industries throughout Colorado. To qualify to be nominated, companies must be privately held, be headquartered in the state, have 6 to 99 full-time equivalent employees, and do $750,000 to $50 million in sales. Moreover, the nominated companies must be focused on growth, thus fueling the state’s “economic fire.”

GBprotect specializes in helping businesses safeguard their information security infrastructure, applications, and devices against hackers, threats, and breaches that can jeopardize their client information, regulatory standing, or reputation. GBprotect’s innovation lies in its ability to deliver high-end security solutions to small and mid-sized businesses that do not have the internal resources to conquer the complex world of IT security. The 10-year-old company has grown steadily based on its commitment to 100% client satisfaction.

GBprotect CEO Mel Holstrom said it is an honor to be named one of the finalists. “We are proud to contribute to the economy of Colorado and to stand beside the other fine finalists in representing the entrepreneurship and growth of our state.”

Ed Bassett, president of GBprotect, concurred. “We work very hard to bring our clients high-quality, perfect-fit security services, and it is an accomplishment to be recognized as a leading Colorado company.”

ABOUT GBPROTECT

Founded in 2002 and headquartered in Englewood, Colorado, GBprotect delivers comprehensive managed security services, including operations management, enterprise log management, application security, and strategic consulting to organizations of all sizes. With a commitment to architecting and integrating built-to-fit information security solutions that are sophisticated, flexible, and always backed by a personalized approach, GBprotect enjoys a 100% satisfaction rating with clients throughout the United States. To stay protected with GBprotect, visit www.gbprotect.com.

ENGLEWOOD, CO – Feb 23, 2012. GBprotect, an industry leader in client-focused managed security services, today announced its official partnership with Palo Alto Networks™ — the network security company.

While GBprotect has worked extensively with Palo Alto Networks as a Platinum Reseller and value-add managed services provider for several years, this announced partnership further solidifies both companies’ commitment to superior information security.

GBprotect is now one of Palo Alto Network’s elite managed security services partners, and Palo Alto Networks joins the select list of GBprotect technology partners that the company stands behind and whose products it can seamlessly manage as part of its comprehensive information security service mix.

GBprotect specializes in integrating security operations and leading-edge technologies, including the next-generation firewalls of Palo Alto Networks, into its clients’ existing security architectures. The company’s personalized approach enables its clients to take advantage of sophisticated broad-scale technologies, with a dedicated helping hand to smooth the transition, manage the process, and maximize the return on investment.

Palo Alto Networks products are purpose built with service providers in mind and provide the opportunity for service providers to offer Palo Alto Networks as part of their existing service offerings as well as create new service offerings on the same platform. As a Palo Alto Networks partner, GBprotect can give clients the expertise, specialization, and hands-on service to best implement and manage Palo Alto Networks’ renowned next-generation firewalls to complement data transport services that service providers offer today or to manage and monitor customer premise equipment.

“We are excited about our partnership with Palo Alto Networks. We feel that the combination of GBprotect’s commitment to quality, our ability to continuously deliver on client requirements, and the capabilities of the Palo Alto Networks solution provide us an unrivaled offering in the MSSP market,” said Mel Holstrom, CEO of GBprotect.

With GBprotect and Palo Alto Networks working together, clients who may not think they’re ready or operationally mature enough, or who do not have the expertise or in-house resources, to integrate this emerging technology into their environments will be able to have GBprotect walk them through the process and get the product up and running quickly and efficiently, said Holstrom.

“With this expanded partnership, we anticipate GBprotect will continue its successful track record working with Palo Alto Networks to deliver best-in-class network security services to its customers,” said Rene Bonvanie, chief marketing officer at Palo Alto Networks. “By partnering with Palo Alto Networks, partners like GBprotect gain new business opportunities and revenue streams, while their customers save time and money and enjoy a higher level of service.”

ABOUT GBPROTECT

Founded in 2002 and headquartered in Englewood, Colorado, GBprotect delivers comprehensive managed security services, including operations management, enterprise log management, application security, and strategic consulting to organizations of all sizes. With a commitment to architecting and integrating built-to-fit information security solutions that are sophisticated, flexible, and always backed by a personalized approach, GBprotect enjoys a 100% satisfaction rating with clients throughout the United States. To stay protected with GBprotect, visit www.gbprotect.com.

About Palo Alto Networks

Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, “The Network Security Company,” the Palo Alto Networks Logo, App-ID, GlobalProtect, and WildFire are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Metis Security specializes in application security risk management, mature security programs, and critical security infrastructures, and provides comprehensive risk management programs, including application testing, vulnerability assessments, information security program development, security framework/ architecture development, and security management consulting. Ed Bassett, President of Metis Security, was brought on board as President of GBprotect as part of the acquisition.

“Our clients’ needs and the threat landscape they have to manage are changing every day. With the addition of Metis Security, GBprotect is able to provide a more comprehensive set of security services to support clients’ emerging security needs and keep them protected across their enterprises,” said Mel Holstrom, CEO of GBprotect.

Ed Bassett concurred, “GBprotect recognizes that providing superior managed security services is not just about the perimeter anymore. By combining our capabilities, GBprotect has redefined the traditional boundaries of security managed services.”

Ed will be instrumental in delivering highly customized solutions that clients will require to remain compliant in their industries and address ever-changing security threats, including those inherent in applications and software development.

ABOUT GBPROTECT

Founded in 2002 and headquartered in Englewood, Colorado, GBprotect delivers comprehensive managed security services, including operations management, enterprise log management, application security, and strategic consulting to organizations of all sizes. With a commitment to architecting and integrating built-to-fit information security solutions that are sophisticated, flexible, and always backed by a personalized approach, GBprotect enjoys a 100% satisfaction rating with clients throughout the United States. To stay protected with GBprotect, visit www.gbprotect.com.