Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Most of this work goes unnoticed as it happens behind the scenes (the best IT is invisible!), but we wanted to share some key points.

Theme of the Quarter:

VISIBILITY

We can only respond to what we know or can see. If you don't know there's a problem, there is no way for you to respond to it. The majority of the highlights from this quarter relate to our ability to identify security risks, which then allows us to act on them.

Internal Security Awareness

We talk a lot about security awareness training for our clients and recognize that it’s of prime importance for our organization to keep ourselves at the top of our game when it comes to cyber security. We have been actively developing our team member skillsets and familiarity with technical security topics.

Vulnerability Management

We have tools in place for our clients that scan for security vulnerabilities and bring the most concerning risks to our attention. Since the beginning of the year, we have remediated thousands of vulnerabilities across our client base by updating software, reviewing potential configuration problems, or removing software that was outdated.

While we do not have any requirements or regulations dictating monitoring for these types of risks, it is important to us that we are able to monitor every computer closely for potential security concerns and be able to take action when necessary.

"CVE" Notification

In a similar area of focus, our security team recently began monitoring for known vulnerabilities in the software that we and our clients use. We do this using the "CVE" system (Common Vulnerabilities and Exposures). CVEs are specific vulnerabilities in a piece of software that are documented and published.

While we often know about these vulnerabilities before they are published, it is helpful to be alerted to CVEs from a wider range of software. This alerting helps us to stay ahead of potential attackers.

Cloud-First Security Policies

The transition to the cloud presents a new challenge for managing security policies. As devices become further detached from physical locations, the need to apply the same strong security policies means re-building those policies in a different set of tools. We have done considerable work to bring our cloud-first clients forward into a reliable and secure policy configuration.

More To Come

These efforts are only the beginning of the many other security-related initiatives that we are working on. We hope to provide updates each quarter with the latest solutions that we have implemented to keep you informed!