A Day in the Life of an MSSP Engineer

A Day in the Life of an MSSP Engineer

Cybersecurity is a term heard three or four times before breakfast these days. But what really goes into keeping businesses secure? Here we detail a day in the life of one of my senior cybersecurity engineers…and what it takes to ensure if breaches happen, they happen to the other guys.

This article was originally posted on CSO Online
By Andrew Douthwaite, Vice President of Managed Services
Jordan has worked as the senior engineer at VirtualArmour since 2011. He is part of a Security Operations Center that oversees client sites across 30+ countries and five continents. Its focus is on protecting client networks, employees and staying up to date with the latest technology in the cybersecurity space.

Starting the day

My day starts with a quick check of emails from overnight to determine if there is anything that needs addressing immediately or if it can wait until I get to the office. As we are a 24/7 operation and our other Security Operations Center (SOC) is in the U.S., there may be tickets that have to be handed off overnight. If there isn’t anything urgent I will scan the news headlines and key tech sites that post the latest threats that we need to be aware of.  From there I grab a quick cup of tea with breakfast and then head to work.

My commute

Thankfully my commute’s relatively short, however, I do use this time to recap my previous day and think through the goals for the day ahead. As we are in an environment that requires us to be “always on” in protecting our clients this time gives me an opportunity to plan ahead without distractions.

At the office

Once in the office, I check our current tickets and determine if I need to pick any of them up to support the team and ensure we maintain our 15-minute response time. From there, I follow-up on any non-urgent emails that came in overnight from the U.S. that didn’t go through our ticketing system. As the Lead Engineer for several of our clients, I often have messages from key contacts directly asking for advice or information about a certain part of their system.

Innovation and development

We are constantly evaluating new products and processes to spot potential risks or possible fixes for gaps we may observe in a client’s network topology. We also “eat our own dog food” as they say so I spend time running scenarios within our internal network to ensure a robust defense against any attempted a breach on our systems. This allows us to test the technology we are using with our clients before we deploy it within their environment. This can include doing a full cycle review and Proof of Concept (POC) with our major partner systems such as Juniper, IBM, Splunk, etc. on how each of these technologies work together. I will spend time monitoring devices across the networks, looking for anomalies, link changes, and performance spikes.

Lunch

I typically grab a sandwich with team members and although it’s not exclusively work chat, this is a good time to talk with members of the team about what they are seeing from the day’s tickets. The majority of us are genuinely interested in technology and therefore do like to exchange ideas on new solutions that may be coming to market and which have the potential to perform better than the current leaders. It is a good time to connect with people away from the more pressured environment that exists when we’re engaged in monitoring and ensuring we’re reacting to situations the moment they arise.

Afternoon

For me afternoons consist of client meetings with the accounts that I personally manage. I meet with every account at least once a week to ensure we are up to speed with what’s happening within their business. Each client meeting starts with a standard agenda and is usually attended by the technical contacts as well as key stakeholders. We tend to review what happened in the previous week, what projects are currently open and then discuss what the client is seeing on their side, any concerns and/or any changes that may need implemented.
My clients’ technical expertise varies so I try to customize the discussion based on how they like to work (easier for me to adjust vs. making them try to fit to my approach) and what their needs are. I typically have 2-3 client meetings in a day. After each call, I update the Slack channel that is dedicated to that client with the details and any potential action items. This helps ensure that anyone on shift has the latest details of the client. As our client portal (CloudCastr) is a tool for our clients to see all of the relevant details regarding their network protection in real time, I typically close the calls with a quick recap on the key points they should be aware of.
In between client calls I commonly work on any change requests that have come in via our ticketing system. While our SLA is to do these in 24 hours, we are pretty competitive internally and try to get these done in less than 12 hours. Another key element of the in-between time the “huddles” that I do with the other engineers to hash things out that we come across. The collaboration that we get from this approach speeds up problem-solving and our responsiveness to client issues.

Market events

It seems like every day there is news of a new breach (most recently at the time of writing – Uber) and I have to be ready to, not only respond to our clients, but be ready to provide company management with an assessment of the situation so they can communicate out more broadly to the market. As a public company, we feel an obligation to help educate the market on what we know about these types of events.

Training and Development

Learning is part of our culture and a requirement for an engineer in our space so I do spend time continuing my education and development through technical training (ex. Webinars, partner material).

Handoff

At the end of each day, I make sure that I hand off any issue that is still being worked to our US SOC for them to continue to work on it overnight. Given my role, I am consistently checking email so that I can respond to any tickets or issues that come up which need my response or me to provide context to a fellow engineer.
Before I turn in for the day, I double-check emails and our dashboards, finishing off the day just the way I started it.

Glossary of terms

Tickets: are the result of an end user submitting a help request via an issue tracking system, and it typically contains elements detailing the exact nature of the problem the end user is having with a specific network component.
Change requests: a document containing a call for an adjustment of a system.
Client network topology: is the structure of a client’s network.
Full cycle review testing: is a methodology used to test whether the flow of an application is performing as designed from start to finish. The purpose of carrying out end-to-end tests is to identify system dependencies and to ensure that the right information is passed between various system components and systems.
Link changes: changes that occur within a network.
SLA: Service Level Agreement.
Check out the original article on CSO Online HERE.

Just How Smart Are Smart Contracts?

Just How Smart Are Smart Contracts?

The use of Smart Contracts is on a meteoric rise. How safe and secure are they though?

This article was originally posted on CSO Online
By Andrew Douthwaite, Vice President of Managed Services
If you haven’t yet heard of a Smart Contract, just wait. You will.
Using blockchain technology – a secure, decentralized digital ledger, introduced in 2008 as the technology underpinning Bitcoin – Smart Contracts enable the exchange of money, property, shares or anything of value, in a transparent, conflict-free way while avoiding the services of a middleman. The most popular of the cryptocurrencies associated with Smart Contracts is Ethereum. It allows developers to write their own contracts which detail the responsibilities of each party and the self-executing payments that should be made based on fulfillment of these.
In any real-world situation where two parties form an agreement that becomes a contract, there is always the potential for one party to enter that contract at a disadvantage. A Smart Contract solves this. It is coded and built on the Ethereum blockchain, completely decentralized as a third-party entity and self-executes as it is programmed to do. Its self-executing and self-enforcing nature creates a fair environment for both parties involved, and therefore there is little room for conflict and costly litigation down the road.

Sounds almost perfect

With the technology expected to see an increasing number of use cases, it’s not unlikely that you might soon find yourself in a situation where a service, client or partner requests to use one. It’s therefore worth asking the question now: where’s the rub?

Just how secure are they? The short answer is, currently, not very

While the blockchain is inherently secure, Smart Contracts suffer through the code used to create them being prone to bugs. In June 2016, a hacker made off with over 50 million dollars of cryptocurrency by exploiting a bug in Smart Contract code and, even more recently, in July 2017 another bug was exploited in the code of a well-known Ethereum wallet to the tune of over 30 million dollars of cryptocurrency.
The level of bounty available offers an extremely lucrative incentive for hackers to invest the time and resources needed to find bugs and loopholes in Smart Contract codes.

Holy growth, Batman!

Although the technology remains in its infancy, the rate of adoption has been increasing at a rapid rate. Between June 2017 and October 2017, the number of Smart Contracts grew from 500,000 to over 2,000,000 with expectations that this could grow to around 10 million within another year. It is clear, therefore, that although this is currently a niche issue in the world of network security, Smart Contracts have the potential to become a far bigger consideration in the not too distant future.

Big pile, small shovel

Current efforts to validate Smart Contracts are inadequate. To adequately audit one, an organization would need to engage a network security consulting company and enlist experts in blockchain and Smart Contract coding. If this sounds impractical, that’s because it is. The process involves a host of specialist resources, is expensive and would still be prone to the “human element,” i.e. simple human error mistakes, bad actors or a simple lack of trust in the motivations of those auditing.
The growth in Smart Contract use and limited specialists able to properly vet such large amounts of code means that currently, organizations can struggle to properly protect themselves. Case in point, the Guardian recently reported that more than $300 million of cryptocurrency (in the form of Ether, the tradable currency that fuels Ethereum) has been lost accidentally due to changes in code from a developer.

A solution for every problem

For every growing tech problem, there are those who will look to create solutions and for Smart Contracts, one such solution seems to have taken a lead – the Quantstamp protocol. Self-described as “the first scalable security-audit protocol designed to find vulnerabilities in Ethereum smart contracts,” it uses a balance of automated and crowdsourcing methods and has the potential to provide security experts a cheap, inexpensive method of finding exploits and bugs in Smart Contract codes. The protocol is itself built on the Ethereum blockchain and provides token incentives for the contribution of verification software (submitted by security experts), for validating requests (processed by nodes on the blockchain) and for finding bugs that break Smart Contract codes.
The result is a system able to audit any Smart Contract submitted to it in a much more time and cost-effective way.

The good news?

At the time of writing, an estimated $3.2 billion is locked in Smart Contracts and this figure will obviously rise exponentially in line with increasing adoption. As these locked-in values continue to grow, the potential cost of vulnerabilities and attractiveness to hackers grows with it. The good news? For every motivated hacker, there is an equally motivated developer working to create solutions able to secure the latest innovation in the world of blockchain.
Check out the original article on CSO Online HERE.

VirtualArmour Finalizes US$650K Expanded Contract with Existing Retail Services Client

VirtualArmour was taken private in Q3 2021. These legacy press releases are kept online for informational purposes. VirtualArmour is a proud member of the Evergreen Services Group family of companies.

Vancouver, B.C. – (November 14, 2017) Premier Managed Services Provider, VirtualArmour International Inc. (the “Company”) (CSE:VAI) (3V3:F) (VTLR:QB) announced today it had finalized a three year, recurring revenue contract for the expansion of network and security managed services with an existing client in the retail services sector. The expanded contract has a total value of USD$650K over its term.
The average cost of a data breach in the United States rose for the fourth straight year, hitting $225 per compromised record–the highest it has been since 2006, when the Ponemon Institute began to publish research on the topic.
“For large organizations with potentially thousands of active locations to support, the risk of security breaches at “endpoint devices” (internet-capable computer devices) has become a key concern. Preventing issues relating to endpoint breaches requires not only the right technology solutions, but the right specialists in place, able to work seamlessly with internal teams.” said Kyle Duffy, VP of Customer Experience at VirtualArmour. “Our technical teams are able to analyze scenarios in which multitudes of users are accessing desktops, logging into email, corporate systems, browsing the internet and/or accessing apps and design and manage solutions able to protect organizational networks from all of the direct and indirect threats that these activities will attract.”
Due to the sensitivities inherent within its industry, VirtualArmour’s policy is not to disclose specific client details in press releases
About VirtualArmour
VirtualArmour is an international cybersecurity and Managed Services provider that delivers customized solutions to help businesses build, monitor, maintain and secure their networks.
The Company maintains 24/7 client monitoring and service management with specialist teams located in its US and UK-based security operation centers (“SOC”). Through partnerships with best-in-class technology providers, VirtualArmour delivers only leading hardware and software solutions for customers that are both sophisticated and scalable, and backed by industry-leading customer service and experience. VirtualArmour’s proprietary CloudCastr client portal and prevention platform provides clients with unparalleled access to real-time reporting on threat levels, breach prevention and overall network security.
VirtualArmour services a wide range of clients – which include those listed on the Fortune 500 – within several industry sectors, in over 30 countries, across five continents. Further information about the Company is available under its profile on the SEDAR website, 
www.sedar.com, on the CSE website, www.thecse.com, and on its website www.virtualarmour.com 
Company Contact:
Nick Dinsmoor
Vice President Strategy and Marketing
Office: 720-644-0913
[email protected]
Media Contact
Josh Stanbury
Office: 416-628-7441
[email protected]
 
Forward-Looking Information:

This press release may include forward-looking information within the meaning of Canadian securities legislation. The forward-looking information is based on certain key expectations and assumptions made by the management of VirtualArmour.  Although VirtualArmour believes that the expectations and assumptions on which such forward-looking information is based are reasonable, undue reliance should not be placed on the forward-looking information as VirtualArmour cannot provide any assurance that it will prove to be correct. These forward-looking statements are made as of the date of this press release and VirtualArmour disclaims any intent or obligation to update publicly any forward-looking information, whether as a result of new information, future events or results or otherwise, other than as required by applicable securities laws.

VirtualArmour to Feature Deception Expert at SecureWorld Conference

VirtualArmour was taken private in Q3 2021. These legacy press releases are kept online for informational purposes. VirtualArmour is a proud member of the Evergreen Services Group family of companies.

Vancouver, B.C. – (October 30, 2017) Premier Managed Services Provider, VirtualArmour International Inc. (the “Company”) (CSE:VAI) (3V3:F) announced today that it will be participating at the upcoming SecureWorld Cybersecurity Conference in Denver, Colorado.
The Conference, which will take place on November 1st – 2nd, 2017, will bring together experts across the Cybersecurity industry to discuss the changing threats, newest combative technologies, and opportunities to better protect businesses across all market segments.
As part of the event VirtualArmour will have a deception expert with a background in interpersonal communication and expertise in human hacking on hand to offer specialist guidance and advice. “The greatest threat in cybersecurity continues to be the human element.” said Andrew Douthwaite, VP of Managed Services at VirtualArmour. “Understanding how human behavior interacts with technology is critical to establishing a robust prevention platform for any business.”
To schedule a meeting at the conference please email: [email protected] or stop by booth 109 at the Hyatt Regency Denver Technology Center.

About VirtualArmour
VirtualArmour is an international cybersecurity and Managed Services provider that delivers customized solutions to help businesses build, monitor, maintain and secure their networks.
The Company maintains 24/7 client monitoring and service management with specialist teams located in its US and UK-based security operation centers (“SOC”). Through partnerships with best-in-class technology providers, VirtualArmour delivers only leading hardware and software solutions for customers that are both sophisticated and scalable, and backed by industry-leading customer service and experience. VirtualArmour’s proprietary CloudCastr client portal and prevention platform provides clients with unparalleled access to real-time reporting on threat levels, breach prevention and overall network security.
VirtualArmour services a wide range of clients – which include those listed on the Fortune 500 – within several industry sectors, in over 30 countries, across five continents. Further information about the Company is available under its profile on the SEDAR website, 
www.sedar.com, on the CSE website, www.thecse.com, and on its website www.virtualarmour.com 
Company Contact:
Nick Dinsmoor
Vice President Strategy and Marketing
Office: 720-644-0913
[email protected]
Media Contact
 
Josh Stanbury
Office: 416-628-7441
[email protected]
 
Forward-Looking Information:

This press release may include forward-looking information within the meaning of Canadian securities legislation. The forward-looking information is based on certain key expectations and assumptions made by the management of VirtualArmour.  Although VirtualArmour believes that the expectations and assumptions on which such forward-looking information is based are reasonable, undue reliance should not be placed on the forward-looking information as VirtualArmour cannot provide any assurance that it will prove to be correct. These forward-looking statements are made as of the date of this press release and VirtualArmour disclaims any intent or obligation to update publicly any forward-looking information, whether as a result of new information, future events or results or otherwise, other than as required by applicable securities laws.

VirtualArmour Finalizes USD $800K Contract Expansion with Existing Client

VirtualArmour Finalizes USD $800K Contract Expansion with Existing Client

VirtualArmour was taken private in Q3 2021. These legacy press releases are kept online for informational purposes. VirtualArmour is a proud member of the Evergreen Services Group family of companies.

Vancouver, B.C. – (September 28, 2017) Premier Managed Services Provider, VirtualArmour International Inc. (the “Company”) (CSE:VAI) (Frankfurt:3V3), announced today it had finalized a three year contract for the expansion of network cyber protection and managed services with an existing client in the financial services sector.
With a client brief to maximize performance, uptime, security, reporting and compliance as well as to provide added confidence and assurity to its customers, the expanded contract scope includes the deployment of new hardware and software as well as the provision of ongoing managed services. The expanded contract has a total value of USD$800,000 over its term.
“With notable firms such as Deloitte, Equifax, and even Government entities like the SEC being directly impacted by the rampant increase in cyberattacks, companies are undoubtedly  deploying increasing resources towards the prevention of, and protection against, cyber crime.” said Chad Schamberger, VP of Engineering Services at VirtualArmour.
“We are very proud to maintain a 95%+ client retention rate and have our clients look to grow with us when scaling up to the meet the mounting challenges of protecting their businesses.” said Kyle Duffy, VP of Customer Experience at VirtualArmour. “It is people that play the key role in any successful security culture and the relationship that a service provider like us has with our client can be the difference between success and failure.”
VirtualArmour works with a select group of leading industry solution providers and as part of this contract will be integrating technology from both Cisco and IBM.
Due to the sensitivities inherent within its industry, VirtualArmour’s policy is not to disclose specific client details in press releases
About VirtualArmour
VirtualArmour is an international cybersecurity and Managed Services provider that delivers customized solutions to help businesses build, monitor, maintain and secure their networks.
The Company maintains 24/7 client monitoring and service management with specialist teams located in its US and UK-based security operation centers (“SOC”). Through partnerships with best-in-class technology providers, VirtualArmour delivers only leading hardware and software solutions for customers that are both sophisticated and scalable, and backed by industry-leading customer service and experience. VirtualArmour’s proprietary CloudCastr client portal and prevention platform provides clients with unparalleled access to real-time reporting on threat levels, breach prevention and overall network security.
VirtualArmour services a wide range of clients – which include those listed on the Fortune 500 – within several industry sectors, in over 30 countries, across five continents. Further information about the Company is available under its profile on the SEDAR website, 
www.sedar.com, on the CSE website, www.thecse.com, and on its website www.virtualarmour.com 
Company Contact:
Nick Dinsmoor
Vice President Strategy and Marketing
Office: 720-644-0913
[email protected]
Media Contact
 
Josh Stanbury
Office: 416-628-7441
[email protected]
 
Forward-Looking Information:

This press release may include forward-looking information within the meaning of Canadian securities legislation. The forward-looking information is based on certain key expectations and assumptions made by the management of VirtualArmour.  Although VirtualArmour believes that the expectations and assumptions on which such forward-looking information is based are reasonable, undue reliance should not be placed on the forward-looking information as VirtualArmour cannot provide any assurance that it will prove to be correct. These forward-looking statements are made as of the date of this press release and VirtualArmour disclaims any intent or obligation to update publicly any forward-looking information, whether as a result of new information, future events or results or otherwise, other than as required by applicable securities laws.