Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

Partnership With Harbor Technology Group Delivers Cyber Security Assessments and CISO as a Service

RAMSEY, NJ--(Marketwired - June 16, 2016) - Comport Consulting announced today that it will offer enterprise-grade cyber security services in conjunction with Harbor Technology Group, in response to increasing ransomware and other cyberattacks impacting hospitals and small to mid-size companies. Comport's security services, available immediately, ensure that an organization's IT infrastructure is properly designed, secured and maintained to the levels required to support today's non-stop business environments.

"Hospital systems in particular have become prime targets for cyber threats and cybercrimes -- but today no business is immune," said Mike Vencel, Comport's Executive Vice President. "Security is complex, involving infrastructure, behaviors and best practices. Together with Harbor Technology Group we can provide valuable services to prevent and mitigate the devastating business and financial impacts for our customers."

Deep Security Risk Assessments

A series of independent, highly customized Security Risk Assessments will help uncover and mitigate areas of vulnerability. Harbor Technology Group's approach is based on industry standard cybersecurity frameworks such as NIST, FFIEC, and CIS CSC. The Security Risk Assessments include:

  • Infrastructure Security Assessment including backups, archive and disaster recovery
  • Mobility/Wireless Security Architecture Assessment
  • Endpoint/Core Virtual Environment Security Assessment
  • Strategic Security Assessment

Remediation recommendations are customized, and may include Hewlett Packard Enterprise's leading security systems as well as other solutions.

Chief Information Security Officer (CISO) as a Service

Comport also announced the availability of Chief Information Security Officer (CISO) as a Service aimed at small and medium businesses (SMBs) and hospitals. SMB's face similar cyber and data security pressures as large enterprises, and also require strategic leadership and expert guidance. CISO as a Service provides affordable expertise in an environment where CISO salaries are high and CISO availability is low. The CISO can also serve as the HIPAA Security Officer in many cases.

"Criminal attacks in healthcare continue to escalate and are the leading cause of data breaches," stated Michael Markulec, Founder and Partner of Harbor Technology Group. "Healthcare organizations often lack the resources and processes to protect patient and other essential data. The current wave of threats is slipping past perimeter security to reach the unprotected internal network. We are thrilled to combine our cyber security expertise with Comport's leading IT lifecycle services and healthcare industry experience."

Data Protection for Virtualized Environments

Separately, Comport and partners HPE and Veeam are developing best-practice security/backup solutions for virtualized environments. Many ransomware attacks can be neutralized when proper backups and procedures are in effect. This solution is fully HIPAA compliant.

About Comport Consulting Corp.

Comport is an award-winning HPE Platinum Partner and CRN Triple Crown winner recognized for helping clients more effectively deliver services to end users and customers. Comport has expertise in demanding, complex IT solutions including on premise, hybrid cloud, data protection and security, networking, and enterprise-level personal systems. Comport is a true IT partner that invests in clients to achieve the organization's strategy and maximize return on IT investments. For more information visit www.comport.com.

About Harbor Technology Group

Harbor Technology Group was founded by networking and security veterans to address the cybersecurity threats impacting small to medium businesses (SMB). Harbor Technology Group specializes in enterprise-level solutions that meet the budgetary restrictions of growing organizations, and forward-thinking to provide advanced protection as your business evolves. For more information visit www.harbortg.com

The Business Continuity Institute - Jun 17, 2016 09:31 BST

Companies that have predefined Business Continuity Management (BCM) processes in place are able to find and contain data breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM. This is according to a study sponsored by IBM and conducted by the Ponemon Institute.

This is of significant importance as the study revealed that the average cost of a data breach for companies has grown to $4 million, representing a 29% increase since 2013, at least among those companies surveyed as part of research.

The Cost of Data Breach Study found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million). The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.

Cyber security incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost continues to rise. In fact, the study found that companies lose $158 per compromised record. Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.

Business continuity professionals are well aware of the threat the cyber world poses to their organizations, as identified in the Business Continuity Institute's latest Horizon Scan Report. In this report cyber attack and data breach were ranked as the top two threats with the vast majority of respondents to a global survey (85% and 80% respectively) expressing concern about the prospect of them materialising.

"The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Ted Julian, Vice President, Resilient an IBM Company. "While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event."

DriveScale, the Silicon Valley data center technology startup founded by a group of Sun and Cisco veterans who were behind some of the two iconic companies’ core data center product lines, such as Sun’s x86 servers and Cisco’s Nexus Switches and Unified Computing System (Cisco UCS), has built a scale-out IT solution geared specifically for Big Data applications. The company, which recently came out of stealth and announced a $15 million funding round, is addressing a growing need in the data center and has a founding team whose technological abilities are undeniable, but its current product is only on its first generation and still has a ways to go before it is proven out in the market.

Let’s back up a little and discuss why a scale-out solution for Big Data is important. Creating virtual controllers which enable some kind of software-defined platform aren’t anything new. In storage, we’ve seen this with Atlantis USX and VMware vSAN; in networking, it’s Cisco ACI, Big Switch, and VMware NSX. The vast majority of these technologies however are designed for traditional workloads, such as virtual desktop infrastructure, databases, application virtualization, web portals, and so on.

What about managing one of the fastest-growing aspects of IT today? What about controlling a new critical source of business value? What about creating a virtual controller for Big Data management?



Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy. The other one was “too big to fail” (TBTF) or TICTF referring to any entity that could by its own failure cause systemic failure. Thus, American investment bank Lehman Brothers was “too big to fail”.

However, fail it did, triggering a financial crisis worldwide. However, rather than TBTF, another measure known as TICTF may be a smarter way of understanding which measures for resilience you should be taking.

Interestingly, TICTF (Too Interconnected to Fail) was also the measure preferred by the US government in many cases, when deciding whom to help financially.

The impact of a “TICTF” enterprise is measured in terms of the products and services supplied by that enterprise, plus all other activities that depend on that enterprise, plus the exposure of the enterprise to other systemic risk.



The compliance profession faces many challenges. Some are more important than others. When it comes to evaluating performance, or measuring compliance programs, the profession has a steep uphill climb.

Unfortunately, measuring compliance programs and defining what an “effective” program is an issue that requires extensive research and analysis. Justice Potter Stewart’s famous words defining “obscenity” – “I know it when I see it,” just will not work when it comes to effective compliance programs.

The US Sentencing Commission has provided required elements of an “effective” compliance program; the Department of Justice has advanced the dialogue with its own approach and definition, as set forth in the FCPA Guidance and recently in the FCPA Pilot Program.



In the film Limitless, the main character Eddie finds himself able to learn and analyze information at a superhuman rate. He temporarily has the ability to instantly and meaningfully cross-correlate all of the previously forgotten experiences from his past (1) and assess multiple scenarios in the future. He does this simply by taking a pill.

I don’t have a pill for you, and I’m not going to claim any product can make you Limitless. However, I will say Cisco Tetration Analytics comes closer than anything in the industry to delivering similar capabilities!



At Citrix Synergy this year, ExtraHop won the Best of Show award for our ransomware detection solution.

Giving the reasons for the win, panel judge Brian Madden said, “You could literally put the product in, push GO, and get the benefits instantaneously.”

We were honored by the recognition and thrilled that the judging panel interviewed some of customers and heard firsthand how they were using the ExtraHop ransomware detection solution.



(Bloomberg) — Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

“It’s a marketplace similar to EBay where people can trade information about cracked servers,” said Costin Raiu, head of global research at Kaspersky Lab. “The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions.”



(TNS) - The Baltimore 911 system crashed for at least an hour Tuesday night, leaving police and firefighters unable to receive calls to the emergency phone line, the city's Office of Emergency Management and firefighters announced.

The system went down around 8:20 p.m., city officials said. Mayor Stephanie Rawlings-Blake announced around 10:15 p.m. that it was restored.

The crash was suspected to be caused by a problem with Verizon, said Robert Maloney, director of the Mayor's Office of Emergency Management.



(TNS) - The Newton, Iowa, Police Department in partnership with the Jasper County Sheriff’s Office to launch the “If You See Something, Say Something” campaign throughout Jasper County.

The U.S. Department of Homeland Security’s campaign aims to raise public awareness of the indicators of terrorism and terrorism-related crime activity.

“This program came about as a result of our want and need to partner with the community at a deeper level and encourage them to report any type of suspicious activity,” Newton Police Chief Rob Burdess said.

The main focus of the national campaign is terrorist and terrorist activity, but Burdess sees the local program as a way to empower citizens to report any suspicious activity regardless of the severity.