Category Archives: Cyber Security Awareness

ApplyLogic Ranked on Inc. 5000’s Fastest Growing List for Third Year in a Row!

ApplyLogic Consulting Group, LLC is proud to announce that we have ranked on the 2017 Inc. 5000 list of America’s fastest-growing private companies. This is the third year in a row with our continued growth in the Federal Information Technology sector.

“I am excited and proud of the ApplyLogic staff as we continuously exceed customer expectations, growing the services and mission support we provide,” said Jeff Ramella, Founder and President of ApplyLogic Consulting Group, LLC.

ApplyLogic, a Virginia based, veteran owned small business, provides services and solutions such as:

  • ApplyLogic Data Analytics Portfolio Tool
  • Cloud (AWS and Azure)
  • Cybersecurity
  • Network & System Engineering
  • Project Management Solutions.

About Inc. 5000
Inc. magazine, founded in 1979 and based in New York City, is an American monthly publication focused on growing companies. The Inc.5000 is ranked according to percentage revenue growth over a four-year period. The Inc.5000 is an expansion of the previous Inc.500, which now ranks the country’s top 5000 fastest-growing private companies.

About ApplyLogic Consulting Group, LLC.
Founded in 2004, ApplyLogic is a privately held, veteran owned small business with corporate headquarters in Dunn Loring, Virginia. ApplyLogic, a Virginia based, veteran owned small business, provides services and solutions such as: ApplyLogic Data Analytics Portfolio Tool, Cloud (AWS and Azure), Cybersecurity, Network & System Engineering, Project Management solutions for the Federal Information Technology sector.

Tagged , , , , , , , , , ,

ApplyLogic Ranked on Inc. 5000’s Fastest Growing List for Second Year in a Row!

ApplyLogic Consulting Group, LLC is proud to announce that they have ranked on the 2016 Inc. 5000 list of America’s fastest-growing private companies. The company made the list for the second year in a row with its continued growth in the Federal Information Technology sector.

NEW YORK, August 17, 2016 – Inc. magazine today ranked ApplyLogic on its 35th annual Inc. 5000, the most prestigious ranking of the nation’s fastest-growing private companies. The list represents a unique look at the most successful companies within the American economy’s most dynamic segment— its independent small businesses. Companies such as Microsoft, Dell, Domino’s Pizza, Pandora, Timberland, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees of the Inc. 5000.

“Being on the Inc.5000’s list for the second consecutive year is a significant achievement and not possible without the support of our talented staff and customers,” said Jeff Ramella, Founder and President of ApplyLogic Consulting Group, LLC, about the inclusion of ApplyLogic on the list. “We’ve worked very hard to sustain and grow our business over the past year. It’s nice to have our results publically acknowledged on a national level.”

ApplyLogic, a Virginia based, veteran owned small business, provides tools and solutions such as:
• The ApplyLogic Data Analytics Portfolio Tool
• IT Staffing Solutions
• IT Professional Services such as Cybersecurity, Network & System Engineering and Project Management Solutions.

About Inc. 5000
Inc. magazine, founded in 1979 and based in New York City, is an American monthly publication focused on growing companies. The Inc.5000 is ranked according to percentage revenue growth over a four-year period. The Inc.5000 is an expansion of the previous Inc.500, which now ranks the country’s top 5000 fastest-growing private companies.

About ApplyLogic Consulting Group, LLC.
Founded in 2004, ApplyLogic is a privately held, veteran owned small business with corporate headquarters in McLean, Virginia. ApplyLogic, provides customers with tools and solutions such as: The ApplyLogic Data Analytics Portfolio Tool, IT Staffing, and IT Professional Services such as Cybersecurity, Network & System Engineering and Project Management solutions for the Federal Information Technology sector.

 

Tagged , , , , , , , , , ,

ApplyLogic at FOCUS14 Security Conference

Cyber Security

We are excited that one of own has been invited to speak at McAfee FOCUS14 next Wednesday, 10/29.   Lester Nichols, ApplyLogic Director of Cyber Security Practices will be speaking on web security.

Tagged ,

ApplyLogic has been nominated for SECAF’s Government Contractor of the Year.

SECAF AwardGreat news! ApplyLogic has been nominated for SECAF’s Government Contractor of the Year. SECAF’s 6th Annual Award honors small and emerging government contractors. We are proud of the ApplyLogic Team and excited about the nomination and recognition for the hard work we provide: servicing and delivering quality solutions to our customers! Way to go ApplyLogic!

Tagged , , , , , , , , , ,

What to Secure…

encryptionRecent News articles detailing the NSA surveillance monitoring has shown to extend to other countries and that of their high-level officials. A more recent article states the following:

“The U.S. monitored the phone conversations of 35 world leaders, according to a National Security Agency document provided by its former contractor, Edward Snowden, according to The Guardian newspaper.”

Although most people cannot communicate using secure phone calls, it does raise the importance that the data be what is secured, not just the mode of transport. A phone call or even Internet usage should not be considered secure. There are numerous hops and intermediary systems that connect the signal being used. Each of those points of connection are a potential point of surveillance. Add the additional discoveries regarding ATT, Verizon, and other carriers, the expectation of privacy should no longer be expected.

This means that only the data, if encrypted or secured, provides the potential expectation of privacy. Insuring securing data at rest and during transport is critical to insure privacy. It may take more time and resources, but in an age of “continuous monitoring” of everything, it is the best way to provide the assurance most people and businesses desire.

Tagged , , , , , , , , ,

Surveillance versus Breach

GCN published an article on June 3, 2013 regarding the possible data breach of Customs and Border Protection (CBP) systems operated by third-parties for clearances. The information used to obtain clearances is not only personal identifiable information (PII), but also re-tells the past ten or more years of history of an individual. So the potential compromise of this information is a serious issue.

Now add the recent scandals regarding surveillance by the NSA and other government agencies adds to the concern. This is more than a privacy issue, but one of the capability to maintain data secure. DHS is meant to provide the “cybersecurity” component of the government in conjunction with the DoD, but if DHS and the DoD have issues with maintaining the security of their respective systems, what will the potential breach be with the new surveillance information. While granted, the information of the phone calls from the various telecoms is currently not maintaining the call content itself, the associated metadata could expose even greater risk to individuals than is being expressed. Most phones maintain GPS and cell tower information with a call. Add the additional cell phone number and owner information, it is now possible to track the patterns of the individual in addition to the various calls.

While the potential privacy issues around surveillance has its place, the ability for the government to protect the data is also equally important.

Tagged , , , , , , , , ,

IPS Grows Up But IDS On Life Support?

In the November 2012 issue of SC Magazine (Pg 26-28) titled “IPS Grows Up”, an article by Fahmida Rashid discusses some of the changing landscape for intrusion protection systems with a variety of experts. There are a variety of interesting topics and statistics regarding IPS such as the following:

While IPS won’t be able to block attacks exploiting zero-day vulnerabilities or thwart skilled adversaries using sophisticated tactics, it should “prevent 99 percent of push-button or automated attacks, Al-Abdulla says.”

While many can agree with that statement, what probably would not receive a great deal of agreement was the following statement within the article:

Holden predicts IDS will “fall by the wayside” in the next three to five years.

While it is understood that IDS is not detective rather than reactive, but one of the things that many businesses and agencies have a hard time tuning IPS in a way that there will not be any issues with mission or business critical traffic. The thought that IDS will no longer be necessary seems very short-sighted and limited. Granted most IPS devices are also IDS, but if defense in-depth is still a valid concept and that risk is a business decision, then IDS will remain in use for the foreseeable future.

Tagged , , , , , , , , , ,

Cyber Pearl Harbor or Just Cyber Space…

There has been a lot of news recently about the potential for the coming Cyber Pearl Harbor. A cyber attack that would mirror the devastation that hit the naval base in Pearl Harbor during the beginning of WWII. According to an article in CSO Magazine on October 18, 2012, the United States is concerned of a coming cyber attack. The concept of comparing the attack to Pearl Harbor has been around for several years. It wasn’t until a recent a speech by U.S. Secretary of Defense Leon Penetta in New York that this has become more of a topic.

The article states the following:

The results of cyberttacks by a hostile nation-state on critical infrastructure like transportation, water supply or the electric grid “could be a cyber Pearl Harbor — an attack that would cause physical destruction and the loss of life,” Panetta said. “In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”

Panetta also invoked the image of a cyberattack on the level of 9/11. “Before September 11, 2001, the warning signs were there. We weren’t organized. We weren’t ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment,” he said.

In a follow-up article in CSO Magazine November 7th, the opposing viewpoint was brought forth. Many in the security industry feel that the concept and description of a Cyber Pearl Harbor is nothing more than hot air. Experts including Bruce Schneier have chimed in. Bruce has reduced the extent to which he believes the concept to be exaggerated but according to he article:

Critics argue argue that not only is the threat of a catastrophic cyberattack greatly exaggerated, but that the best way to guard against the multiple risks they agree exist is not with better firewalls or offensive strikes against potential attacks, but to “build security in” to the control systems that run the nation’s critical infrastructure.

Bruce Schneier, author, Chief Technology Security Officer at BT and frequently described as a security “guru,” has not backed off of his contention made at a debate two years ago that the cyber war threat “has been greatly exaggerated.” He said that while a major attack would be disruptive, it would not even be close to an existential threat to the U.S.

“This [damage] is at the margins,” he said, adding that even using the term “war” is just a, “neat way of phrasing it to get people’s attention. The threats and vulnerabilities are real, but they are not war threats.”

The reality is that it is probably somewhere in the middle of the two viewpoints. It can be likened to the Y2K issue a little over a decade ago. The world was going to come to an end and the dark ages would re-emerge. The reality was that preparation help minimize what little impact there may have been. Security is a risk decision, but most risk decisions are defensive in nature. The other decision of a preemptive cyber capability is another aspect of the decision-making that needs to be addressed. Should the U.S. begin cyber strikes on perceived threats? What is the impact of doing this on the long-term? The world has already seen a small view of what can be done with Stuxtnet and will these type of state-sponsored cyber attacks the new nuclear deterrent…that is yet to be seen.

Regardless of the direction that gets taken, business needs to look at potential cyber attacks/hacks as a real potential threat and determine what risk is willing to be accepted and what will need to be mitigated. Whether the issue is the size of a country or your home computer, measure twice, cut once is still the best direction.

Tagged , , , , , , , , , , , , , , ,

Windows 8 is Here and So Are is the Zero-Day…

Microsoft’s new flagship operating system Windows 8 was released at the end of October, but with its release, so has a new zero-day. In a recent article in SC Magazine, the article describes how the French security firm Vupen is offering the recently discovered zero-day for sale. In fact, a mere $50,000.00 could allow you to obtain the vulnerability that has been described as affecting the new Internet Explorer 10 browser.

According to the article:

Last week, Vupen CEO Chaouki Bekrar tweeted that “various” IE10 and Windows 8 vulnerabilities had been combined to circumvent exploit mitigation safeguards in Windows 8, which was released to the public on Oct. 26. The exploit was reportedly not disclosed to Microsoft, nor was its price made public. Vupen did reveal that the zero-day could allow a particularly skilled hacker to bypass embedded security measures, which include high-entropy address space layout randomization (HiASLR), anti-return oriented programming (AntiROP), data execution prevention (DEP) and protected-mode sandbox.

According to the article, Vupen only sells the vulnerability information to governments and business, but this is very concerning. The fact that they have not shared it with Microsoft, this could become a way to hold applications, business and governments hostage. Secure coding needs to be the priority of developers and the time to market needs to be properly married to insuring limited vulnerabilities.

Tagged , , , , , , , , , , , , , , , , , , ,
%d bloggers like this: