Cyber Security- The Ostrich Approach is hurting the world


Image result for ostrich with head in sand



How important is cyber security to you?  You folks in education, and healthcare how about you? IT professionals, I know you have your pretty little firewalls, but seriously does your software update every minute so it catches every threat out there? Perhaps its “good enough”  It’s 2018, in case anyone hasn’t noticed and Cyber Security continues to be a huge issue for every business that has a network. That means EVERY business out there is subject to these threats.

In 2017, hackers stole $172 BILLION dollars from people all over the world according to an article from MIT Technology Review. $19.4 Billion happened in the United States. I am willing to bet that in each of these threats, those pretty little firewalls were up and running and all the lights were flashing that all was good in the world.
The forecast for 2018 isn’t any better. According to Forbes, education and healthcare are going to be big targets this year. Educational institutions lack resources to defend their endpoints. school systems are a lightly secure network of endpoints that contain personally identifiable information on students, parents and staff.
The increased use of IoT in the healthcare industry will also create data security concerns in 2018. In the era of connected devices, the healthcare industry needs to make patient security a top priority by increasing security protocols. To combat this, businesses should look to third-party security providers to encrypt these devices and monitor with live ethical hackers that can actually see an intrusion and catch it BEFORE it infects  your network or brings it down.
So stopping it BEFORE devistation?? What a novel idea.
So why are we taking the Ostrich approach again? The pretty little firewalls we have so much faith in are obviously not getting the job done. Oh, oh wait it’s too expensive, right? Once a school is hacked and the child’s data is in the wrong hands, have you figure out what that childs value is? How much money does it cost you to be down?
Sometimes its expensive to be cheap.  For a few hundred, maybe a few thousand dollars,  you can stop adding to the billions lost. Get a pen test  or have your network monitored.
Anne Tarantino


Velocity Tech Solutions launches their Mugs for Giving Campaign!

Velocity Tech Solutions,  a supplier of Dell Servers is starting the holiday season by giving back to those in need with their Mugs for Giving campaign. Over 50% of the proceeds from the campaign will go to a local charity in Minnesota known as Sharing and Caring Hands.  Velocity Tech Solutions will match every dollar raised! Help us support the cause by purchasing a handcrafted mug made by Deneen Pottery.


I Always Feel Like, Sombody’s Watching Me

And in some cases, that’s a good thing.

This is not a case of paranoia, (it’s not a case of being stuck in 90’s music either) this is the 21st century and it’s scary out there.

Network security for corporations is growing to be the number one issue that often times companies can’t manage because it remains a low priority. THAT statement makes no sense.

As of 2015 $24- $120 BILLON corporate dollars have been lost on viruses (including ransom, heart bleed, black energy and many more) and thats only whats been reported. You too can be part of the billions should you continue to make network security something “you will get to”.

You say you have invested thousands of dollars on your firewall? Ok that’s a start, but will your firewall know enough to shut down a port at 3 am when 8gb of your customers data (including names addresses and social security numbers) is flying out of your network? Firewalls are smart, but not THAT smart.

80% of your company’s threat are the folks that work there. Have you ever seen someone charge their cell phone in their workstation? This was after they plugged it in to the kiosk at Wal-Mart to print of their pictures. This is after they posted a picture of their lunch on Facebook. EWWWW, there isn’t enough sanitizer in the world to remove all of those germs.

And if the wasted billions of dollars, the Wal-Mart thing and Facebook thing aren’t enough to scare you, then this should scare you; less than 1% of hacks and crimes are reported. No company wants you to think they are unsafe. If you knew there was even a remote possiblity they were unsecure, you would not do business with them.

Check out the Cyber- attacks from October of 2016. Courtesy of

The best way to keep your data safe, is by having it actively monitored. Yes it sounds a little 1990s, but there is still something to be said about humans actually doing some work. Remember that 8gb of data that is flying out of your network with your customers information? Someone watching your network would shut it down, that $10,000 firewall and AI, might let it go since those appliances can be compromised by a high schooler with a months hacking experience

Call or email us for help on this on this huge undertaking. It is easier than you think

(651)313-5220 or (651)313-5236

Continue reading

An additional External Pen Test is a no-brainer for every company, no matter the size, for 2017

Account Executive at Velocity Tech Solutions, Inc.

Let’s face it. You cannot turn on any major media outlet today without hearing about “hacking.”  Whether it’s alleged hacks to affect an election, to attempt to take over a power grid, to steal health care records and information, or simply for someone to fill up their gas tank on your dime through simple identity-theft level hacking – cyber security is an issue for everyone everywhere!

We read about biometrics and dual authentication for everything from a POS purchase to

logging into a mobile device for work.  This is being done for good reason. (Keep in mind, that some of the most embarrassing and comprehensive hacks tend to go unreported.)  Even the “alleged” hack of the Central Bank of Russia, which of course took place during an “unspecified date of 2016” paid an alleged bounty of approximately $31mm USD to the attackers.

We read about terms like a “mega breach” where accounts are hacked in the tens of millions of users for applications such as Dailymotion which is of course much more pertinent to my friends using Android Apps or Google Play for video sharing sites such as Dailymotion (82.5 million users compromised in 2016.)

We read about these breach events weekly, and yet many of us do nothing because we do not know where to begin.

Even if you are in a current contract with a firm that is monitoring your network, or you have created on site, providing 24 hour active monitoring [with real, living, breathing humans in a SOC in addition to AI and automation and scanning etc.] it would be well worth your time to, at a minimum, have another party perform an External Pen Test to ensure that you are getting the level of protection that you are purchasing.  This is also highly relevant to industries that are the most highly regulated (ie. HIPAA, NCUA, FDIC, GLBA, FFIEC, etc.) and must avoid any potential threat of impropriety or conflict of interest.

So, how does it work?  For those of you who already know, contact me for a quote.

For everyone else, begin by gathering a quote from a trusted expert/vendor. They should quickly and easily be able to provide you the cost and timeline for what type of expense would be involved in a quick external pen test.  Many of these firms should specialize in ethical website hacking and other cyber security issues such as documentation/policy writing, social engineering and employee awareness training.

In other words, you want to work a firm who specializes in Cyber Security. It must be their focus, and not something they offer “on the side” or “as a service.”  If they work with a third party, be sure that this is disclosed up front.  Any reputable company will proudly mention the name of their trusted partner.

You’ll need to provide the amount of Public IP addresses you have. They will then get you a quote.  Should you come to agreement on pricing and choose to
proceed with the test – this is where things get exciting!!!!!!


Image Source

Growing up, we watched Spy vs Spy, Get Smart, James Bond, Burn Notice, Alias, Hackers, Nikita, The Matrix, Mission Impossible, The Net, or any other series/movie where anything from espionage to hacking are the goal. Imagine you’re an ethical spy/hacker.  This generation has Elliott, a cyber-security engineer by day and vigilante hacker by night (“Mr. Robot”) to show us how the underbelly of our society and the dark net operates.  When you perform your pen test, you can assume your favorite persona to investigate your network.

What the penetration test will provide is a combination of the following:

Discovery – security analysts will gather and analyze information about your company.  They will thoroughly test and identify all internet entry points while they prep for enumeration.

Enumeration – here analysts identify targets which were identified during the discovery phase to determine what type of host connection (i.e. web server, firewall, router, etc.) and operating systems (version and patch level) are in use.

Automated Scanning – security analysts use a myriad of tools to determine which potential vulnerabilities to exploit.  Discovery and Enumeration phases allow the analysts to dial in the scanning tools to target their efforts, improve feedback, and rule out unnecessary scanning.

Intrusion Analysis – this is where the analysts provide the lion-share of their efforts.  All results are collected to help you design a network attack plan.  Scanning results are verified so false positives are ruled out and false negatives are explored.  Breaches of your network’s defense system are also analyzed and a mitigation process is developed.

Results – For many companies, something such as a simple patch download will suffice to repair a chain of vulnerabilities.  However, more often than not, the solution is more complex.  Based on what findings are presented in your report, you will now have the knowledge on HOW to protect your network against malicious hackers outside your network perimeter.

An External Pen Test gives you a starting point.  We all know we are vulnerable, but many of us lack the knowledge of where we are vulnerable.  Schedule your quote today to review actual steps you can take to better protect your network for 2017.

Request Quote

Next topic: Internal Testing and Vulnerability Assessments from within your network.


An Udderly Incredible Job!

I like to think about the service part of our company as “saving asses among the masses” as we provide IT equipment THAT fast. I can now say with pride that we save the “rumps of every roast”

Yesterday, we had a call from a large farm in Arizona: 1300 cows could not eat.  The server running their feeding machine was down. It’s pretty hard to find a nice green pasture in Arizona.


So we got on it, built a server put it on a plane for same day delivery. They received it about midnight plugged it in, moved their drives over and the state of Arizona had 1300 happy cows. It really MOOOVED me when we got the call, our rep said the customer said “you guys performed magic”.

Think this through, the STEAKS are high. We hate to MILK this example of how good we are, because I know it’s just GRAZY talk.

I hope you find my post AMOOOSING. Thanks to Stotz Dairy for being a great customer. Seriously, never forget to support your local farm.

Don’t let this go in one ear and out the udder. Redundancy is of most importance! I am NOT STEERING you in the wrong direction. In your organization don’t take for granted that your hardware won’t fail, your software won’t get corrupted and your firewall will take care of all of your network security.

However, if any or all of the above happens, call Velocity Tech Solutions, we’ll be there when you need us.  We are available 24×7.

I’m officially done with this post for heifer and heifer amen.


Hey You Get Outta that Cloud- or at least ask some questions before you get hung up there

For those of you that went to the cloud, or are thinking of moving to the cloud, can you answer with certainty who owns your data? This isn’t a new question or new controversy, as big data gets bigger, as more data is stored in the cloud, as  more devices hit the market and as more hackers are getting into our banks and government servers  do you own your data and if not who does and where is it?

Over the past few years there has been controversy over the “Cloud” and who owns what data where.   For those willing to play “who’s data is it anyway”, the legal issues aren’t getting any clearer.

As a consumer user of the cloud -posting my so important pictures of my yellow lab Riley on Facebook

rileyhead Riley, the best dog ever!

or using my Gmail account or the obsessive habit of using my Amazon prime account so I can feel like a kid at Christmas every day seeing a box on my doorstep, I fail to realize the pain of this issue: probably because it’s so convenient. I then suggested the cloud as a solution for one of my customers.  That’s when it hit me.

As someone working in technology (ok I’m a sales geek) I need to really think about how real and complicated this issue is to better serve my customers by educating them in the pros and cons of using the cloud

For those thinking of going to the cloud, it seems like such and easy thing. So you call Mr. Cloud company and say “Mr. Cloud company, I want to put my data way up in the cloud so no one can get it.” Mr. Cloud says ok “we’ll store your data and all will be safe in the world forever and ever amen.” You sign the contract there, you’re in the cloud. You’re happy your data is safe, no one will ever get your data, you will have access to it at all times and you don’t have to hire and pay someone to support it.

What you don’t ask Mr.  Cloud company is “what is the trail of your cloud”? Why would you ask that? What is the “trail of the cloud” Clouds don’t trail! Have you ever looked up and seen those long skinny clouds? Yeah, they trail.


In some cloud companies you give your data to a cloud provider who then outsources its work to another storage or process provider, who’s responsible if your information is lost or damaged? What if that outsourcing happens in another country? So if data is created in one country, but then stored in another the legal rules that apply become blurred. YIKES!!

Now you worry about your data. You call an attorney. What area of law is this? Cloud law isn’t a thing……yet. There are 3 main areas of law (and maybe more) that cover this: Copyright, Confidentiality and Contract. So do you need 3 attorneys? Also if your data is stored or outsourced in another country do their rules apply?



In speaking with a customer of mine from a University, he mentioned real concern about security in regard to the cloud. He mentioned his concern regarding student personal information as well as student loan information. Once student loan information is breached now we have a tax payer issue, and as he put it, “now we have a federal issue”.

There are guidelines from PTAC – the US Department of Education’s Privacy technical assistance center. But it gets a little “cloudy” regarding the cloud.

What it boils down to is Data Mining or Big Data.  In the education world to use as an example; this is a huge no no as it violates the “no commercial use of student data” policy.  According to Education Weekly when the litigation started in 2014, consent was not given to scan or index emails under the Google for education platform.

This issue isn’t any clearer in 2016 as UC Berkeley has this lawsuit pending for the same thing, called. “UC Berkeley students sue Google Alleging their emails were illegally scanned”.

I have only discussed a bit of the issue, but how about your industry? How about your data? Think about what you personally put out there? Your buying habits, your search habits. What about when you are in crisis? Is that something we want out in the “cloud”?

Should you decide to go to the cloud, read your contracts, ask some questions. Make sure the provider can specify who will be responsible for the data should it be lost or stolen. There should also be a provision in that contract as to who is responsible if the cloud company goes bankrupt, or is purchased by another cloud company.

If you need some help to get started in this process, help is here just give us a call.


It’s the end of the road for Equallogic. Now what?

Dell and EMC are getting married again. In this being their second marriage, they are taking Compellant and Powervault, but leaving Equallogic as the possession sold in the Saturday morning garage sale.

What does this mean for the current Equallogic users? The support is ending, to extend support if even possible, is really expensive. So you, the IT person says, “well I’ll limp along until my budget allows me new storage”. Oh wait, no support contract, no firmware upgrades you think to yourself. “Will my critical data be unstable with no firmware updates?” I’ll be able to get hardware for a while should something fail, but… that …software……sigh.

You don’t have to be held hostage by the hardware OEM’s for your storage. The 3 to 5 year rip and replace cycle of pain, agony and expense doesn’t have to continue to be part of your daily pain and suffering. The difficult marriage to your storage can be repaired with a little information,  some trust and your current hardware. Yes your CURRENT hardware if you desire to keep it. Or, get a little crazy and mix your hardware up. Live dangerously, but keep your data safe.

What makes storage smart isn’t the hardware, it’s the software.  So why not get the smartest software out there that can run on ANY OEM and out perform everyone else and why not get the best least expensive hardware to run it on.

One word…… DATACORE. Datacore San Symphony V Software defind storage  is hardware agnostic. It will run on any OEM hardware. If your need is for speed check out the SP1 RECORD BREAKING SPEED: If your need is high availability or business continuity, there are real cases of years of zero downtime. Is managing data in one pane of glass a dream for you? They have that covered too.  Latency is minimal with Datacore as their parallel i/o keeps those multi cores working as they can simultaneously handle compute, networking and i/o loads with minimal hardware.

Let’s talk dollars and “sense”. At $ .08 /SPC-1 IOPS Datacore blows away the $.41/SPC-1 IOPS of and EMC VNX8000 storage array. In real dollars we can say as an example an  EMC VNX8000 will run about $177,000 for a mid range storage. Datacore $38K. And oh by the way, get ready to spend more than $177,000 in 3 to 5 years when support ends and you get ready for a rip and replace that EMC array. If you want to change your hardware with Datacore in 3 to 5 years aside from the hardware you want to purchase your cost:  $0.00. You don’t have to EVER buy a new license. What makes sense to you?

Datacore really does what Nutanix does for Dell, what ScaleIO does for EMC , and  what On Command does for Net Apps array. The difference is you no longer have to be bullied by the OEMS to spend excessive amounts of money just for it to do the same thing Datacore can do on a JBOD, or a DAS. So keep your old hardware, buy some new less expensive hardware, or go for recertified. Keep that return on investment to invest in your organization.

The partnership of Velocity Tech Solutions and Datacore Software gives you the best of all things storage. Low cost, high availability, speed and ease of use. Check us out, ask some questions, and don’t hesitate to ask for a demo.