Author Archives: Victor Filoromo

Thrive’s ServiceNow-Powered Platform Transforms IT Service Management

Over the past few years, we’ve worked hard to improve how we deliver managed IT services to clients. With the Thrive Platform, powered by ServiceNow, we eliminate many of the IT challenges organizations face on a daily basis.

The platform removes manual error from the equation, allowing tasks to be handled more efficiently, improving the day-to-day productivity of the IT team and saving valuable time. By building on the enterprise-class power of ServiceNow, the Thrive Platform gives clients better access to service and more accurate environment insights, while also transforming how IT is consumed through self-service.

The Power of Self-Service IT

When it comes to self-service, our goal is to streamline the process for employees and organizations. Whether utilizing a managed services provider or an IT help desk, employees may have to place a call or send an email to solve even the simplest of issues, such as changing a password. Gartner Group estimates at least 20% of help desk calls revolve around password resets. With the Thrive Platform, that once-tedious task is simplified by providing an employee a portal log-in, where a password reset takes just seconds.

Organizations can benefit from Thrive in a variety of ways. One example is in the legal profession. I’ve talked to a number of CIOs in the legal world, and it’s clear the top issue they face is maximizing billable hours. Attorneys need to be spending time on what they do best, not waiting for new passwords or finding time to handle application updates on their own time. And that’s just one quick example. There are so many organizations that can benefit from having a platform that:

  • Automates IT tasks
  • Enables self-service for employees
  • Delivers a 360-degree view of an organization’s technology
IT Service Management Drives Efficiency Gains

The Thrive Platform provides a number of benefits to users in SMB, mid-market, and enterprise organizations.

The platform automates the user creation process, so new hires enjoy a streamlined onboarding process that puts them in control. The outdated method of emails, spreadsheets, and manual entry leaves new hires waiting around for access to key applications and programs. The Thrive Platform brings them up to speed almost instantly.

Even when the onboarding process has come and gone, end users have access to helpful knowledge articles, too. These guides allow users to solve their own issues without contacting IT.

The IT team benefits, too, as the platform offers dashboards with reporting information, including service desk metrics and the ability to sort tasks by order of importance. Instead of manual calculations and outdated user issue reports, IT sees the latest trends and knows where to direct resources.

Want to Learn More?

The Thrive Platform offers several advantages, from increased end user productivity to faster support resolution to less IT time spent on tasks.

If you’re interested in learning more about our easy-to-use portal, get in touch with us to schedule a demo today. It’s the best way to experience the Thrive Platform for yourself!

How to Perform a Cyber Security Tabletop Exercise

Incident response planning is an important part of any organization’s cyber security program. Having a proper plan in place ensures smooth communications and quick decision-making in the event of a breach or attack.

To facilitate planning, the team at Thrive devises cyber security tabletop exercises to help organizations identify and prepare for various scenarios. The goal is to increase situational awareness and facilitate discussion of incident response.

This invaluable exercise clarifies an organization’s incident response plan, identifying what works and where improvements should be made.

Types of Cyber Security Incidents to Prepare For

An incident can occur at any time and include many variables, so it’s not always practical to write step-by-step instructions for each potential one. However, a tabletop exercise provides clarity on how to handle different types of incidents with an actionable strategy.

First, it’s important to understand the types of attacks that can occur.

  • External/removable media: An attack executed from a flash drive, CD, or other device
  • Attrition: A brute force attack meant to compromise or destroy systems, networks, or devices
  • Web: An attack from a website or web-based application
  • Email: An attack executed via an email or attachment (phishing)
  • Improper usage: An incident resulting from a violation of usage policies
  • Loss or theft: A computing device or media used by the organization, like a smartphone or laptop, is deemed lost or stolen

These categories can be used to define specific responses, as different incidents will require certain response plans.

As the tabletop exercise commences, Thrive runs through various scenarios, discussing proper course of action at each inflection point.

Preparation
Before any technology or business practice discussion begins, a risk assessment will be performed. The assessment can be formal or informal, and enables a full understanding of typical network activity while documenting network infrastructure.

Identification
The mock scenario seeks to detect the incident and determine its reach, while involving the appropriate parties. Information sources will be analyzed, including antivirus logs, server connection attempts, and suspicious network traffic.

Mitigation
The primary goal of mitigation is to lessen the impact of a security incident. It’s generally assumed that incidents will occur from time to time, so containing the incident and mitigating its effects are key. This portion of the exercise includes taking steps to disconnect an infected area from the internet, while understanding how to best throttle or block distributed denial of service (DDoS) traffic.

Remediation
Ensuring impacted services are once again reachable, the remediation stage involves discussing best practices for security patches, antivirus signature database updates, and restoring data from uninfected backups. If disclosed data cannot be recovered, a report must be provided to executive management, and applicable legal and customer teams must be made aware of the issue.

Recovery/Root Cause Analysis
Recovering from an incident is key to future success. The analysis exercise identifies what went right, what went wrong, and provides a timeline of important events. We will discuss the results of the incident, the lessons learned, and explain the steps to take to respond more effectively in case of a real attack.

The Benefits of Completing a Tabletop Exercise

A tabletop exercise raises security awareness within an organization, highlighting what could occur during a real cyberattack. It is meant to highlight deficiencies and weaknesses, so proper steps can be taken to prepare an efficient organizational response in advance.

The exercise determines whether an organization can coordinate communications, business operations, and external parties, with every scenario designed to focus on the likeliest threats.

Thrive provides enterprises with the tools to facilitate a tabletop scenario, but we also have the capability to run the exercise from beginning to end. To get better insights into the readiness of your organization’s cyber security incident response plan, contact our experts today.

How Thrive’s Layered Cyber Security Bundle Protects Your Data

Today, it’s hard to go more than a few days without hearing of some sort of cyber security issue or breach on the news. Cyber security isn’t just a “set it and forget it” type of endeavor — it’s something that requires planning, detail, and attention.

Thrive’s Cyber Security Bundle leverages best-in-class technologies to educate and ultimately protect end users. We’ve worked hard to protect businesses and organizations by preparing a multi-layered cyber security plan that mitigates the enormous consequences a data hack can have.

Protect Against a Potential Data Breach

Data breaches affect organizations in many ways, both monetarily and psychologically. It’s possible the issue may be smaller in nature; perhaps an employee’s laptop is infected with ransomware, causing a lost day of work or decrease in productivity. The employee may have had personal information on that laptop, even if it was a work-issued device.

If a large-scale database hack were to happen, that personal information exposure may be more widespread. The database could hold valuable client information, including usernames, e-mail addresses, and phone numbers, and the PR ramifications can be immense.

No solution provider can promise organizations they will never be breached. A company that stays in business long enough may deal with a cyber security issue at some point, but it’s imperative to create layers of security to protect the organization.

Just five years ago, it was widely believed antivirus software on a workstation and a firewall would do the job. Today, with many people working from home, the firewall idles in the office while antivirus protection only does so much. More specifically, signature-based antivirus protection may not catch a malicious file, which is why we look at anomaly-based antivirus protection while adding a cyber security bundle to deliver best-in-class endpoint security.

Targeted Cyber Security Training That Informs

Thrive’s Cyber Security Bundle offers protection for end users against:

  • Malware
  • Social engineering
  • Phishing
  • Ransomware

One of the top bundle benefits is the targeted training it provides for employees. It’s easy to tell someone not to click on a phishing email, but is that practice being followed? Thrive sends simulated phishing messages, changing the patterns and language to make each one a challenge. While we do inform organizations that these simulated phishing exercises exist, they are designed to mimic the real thing. This is all in the name of better informing end users so they can easily pick up on real phishing attacks.

We devise quarterly training for organizations through videos, too. These videos are short, typically around five to 15 minutes in length, and discuss important topics like what phishing emails look like, social engineering, and how to create strong passwords. Security and IT can have a negative connotation and imply a broken process that needs fixing, but these training videos open the lines of communication and provide end users with the information they need.

Educating and protecting end users mitigates data and productivity loss, which is why Thrive offers end user security solutions through our Cyber Security Bundles. Find the right fit and bring your cyber security practices up to speed today!