VPLS Marketing Team

As a worldwide leader in internet infrastructure and computing, VPLS partners with businesses to solve their most complex technology challenges. Have a question about the article? Contact our team at [email protected].

VPLS Offers Comprehensive SOC as a service

VPLS Offers Comprehensive SOC-as-a-Service as Part of Expanded Managed Security Services

News / By
Return to the VPLS Blog

For teams with limited cybersecurity resources, VPLS offers a flexible solution that can be scaled and customized for any enterprise.

Published

Written by

Filed under

With cybersecurity threats evolving at an exponential speed and cloud infrastructure and SaaS applications growing, the need for complex security expertise is at an all-time high. To combat these threats, VPLS has dedicated a division of its Managed Security Services team to specialize in providing Security Operations Center as a service (SOC-as-a-Service). The SOC team provides customers with 24x7x365 real-time monitoring, cyber incident notification, and proactive prevention activities.

When a national trucking logistics company lost their Chief Compliance Officer, the company was at risk of being left vulnerable to costly cybersecurity threats. The organization knew they lacked the expertise required to navigate through securing their complex IT environment on their own and needed an outside expert’s services. By partnering with VPLS and implementing SOC-as-a Service, the company is now able to outsource much of their security responsibilities to VPLS, ultimately increasing their overall security posture to one with enhanced capabilities and 24×7 coverage.

VPLS’s SOC-as-a-Service is powered by security information and event management (SIEM) and eXtended Detection & Response (XDR) technology; hard-wired, wireless, and host-based intrusion detection (IDS); and continuous vulnerability monitoring so that organizations can have complete visibility to detect and respond to issues as soon as they arise.

“VPLS’s SOC-as-a-Service will appeal to security and operations teams at organizations of all sizes and stages of cloud adoption,” says John Headley, Senior Security Engineer at VPLS. “This service is especially valuable for those that are dealing with cyber skill shortages, a remote workforce, alert fatigue, and hiring and resource constraints.”

Read More from this Author

If you enjoyed this article, you'll probably like:

server colocation

What Businesses Can Learn from the Colonial Pipeline Ransomware Attack

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

As Colonial Pipeline returns online after a several-day outage resulting from a cyberattack that instigated a nationwide gas price surge and multiple states to experience shortages, business leaders across industries are left questioning their cybersecurity practices. There is no single solution to prevent a ransomware attack like the one on the largest refined oil pipeline in the U.S., but that doesn’t mean that preventative cybersecurity measures should be put on the back burner.

Security Awareness

Stay one step ahead of hackers with informed security awareness

Ransomware attacks have surged by over 80% in the last few years and a minimum of $18 billion was paid in ransoms alone, while the price of downtime added billions more in costs1. Expert studies show that the most common attack vector for ransomware is email, with infection occurring from a user unknowingly clicking on a malicious link or attachment2. At a minimum, the malware locks the company out of their own systems until a ransom is paid; then the hacker provides a “key” to the victim so they may regain access to their file and resume operations. However, double extortion and even triple extortion strategies are common these days. This is where the threat actors will exfiltrate the data before encryption, and then threaten to leak the company’s stolen data, or the data of their customers, unless their demands are met. 

The first step to preventing ransomware attacks is educating yourself and your employees of the latest tricks that hackers use to infiltrate your network. Security awareness training companies, such as KnowBe4, go above and beyond a stale slideshow and create simulated ransomware and other common attacks on your employees, leaving your workforce more confident to spot a phishing email or domain spoof before they have a chance to permeate your workplace.

Managed Security

Properly managed security is vital to ensure protection

Configuring security measures such as firewalls are just the first steps in staying protected against cyberattacks. As time goes on though, and users adjust permissions, install new software, or open new ports, for example, gaps in the management and maintenance of security systems leave a once-secure system newly exposed to hackers. Solutions like VPLS’s managed security services protect companies all the way from the cloud to the endpoint, relieving business owners of the burden of staying compliant with patching policies and standard configurations, and ultimately ensuring the security measures put in place stay secure over time.

Zero Trust Network Access

Secure distributed environments

Since the start of the pandemic, the need to distribute workplace environments remotely increased rapidly. The tools used to grant access to users remotely are often designed for easy use rather than optimized security. Once an infection occurs, inadequate segmentation between environments permit the spread of the virus laterally within the network. By isolating and segmenting, organizations will be able to cease further spread of ransomware across systems. This has led to the rapid adoption of a methodology known as Zero Trust Network Access (ZTNA). VPLS is an industry expert when it comes to transitioning clients to this new model for security.
Key Takeaways

Companies of all sizes across all industries are at potential risk of a ransomware attack.

Cybersecurity today needs to be the primary element of all disaster recovery policies even for organizations that don’t identify themselves as a natural target. The question companies should be asking themselves is “when” an attack will take place rather than “if.” Incidents like the Colonial Pipeline crisis have unfortunately become all too common, making it imperative that organizations take the necessary measures to stay informed and prepared to handle such situations. Better security awareness training, leveraging the power of 24×7 managed security services, and securing distributed environments are just some of the takeaways industries can learn from the Colonial Pipeline disaster.

Is your business prepared to protect itself from sophisticated threats? Check out VPLS’s How to Prevent Ransomware—A Technical Checklist.

  1. Emsisoft, Report: The cost of ransomware in 2020. A country-by-country analysis, February 2020
  2. Sophos, The State of Ransomware 2020, Whitepaper, May 2020

Read More from this Author

If you enjoyed this article, you'll probably like:

CRN Solution Provider

VPLS Featured on CRN’s 2021 Solution Provider 500 List for Third Consecutive Year

Blog Post, News / By
Return to the VPLS Blog

Published

Written by

Filed under

VPLS is excited to announce that CRN®, a brand of The Channel Company, has named VPLS to its 2021 Solution Provider 500 list. CRN announces its top 500 solution providers list each year, ranking the leading IT channel partner organizations across North America by revenue. This year’s impressive list represents a remarkable combined revenue of over $403 billion, underscoring the immense impact and influence these partners have on the IT industry today.

VPLS moved up 48 spots to #315 on CRN’s 2021 Solution Provider Top 500 List due to the company’s continued dedication to providing complete cloud-to-edge services to their clients while delivering best-in-class professionalism and industry experience. As a partner, VPLS continues to expand its team and portfolio to support its clients’ IT needs globally.

“CRN’s Solution Provider 500 list serves as the industry standard for top-performing technology integrators, strategic service providers, and IT consultants, which makes it a valuable resource for technology vendors looking to partner with today’s best-of-breed IT solution providers,” said Blaine Raddon, CEO of The Channel Company. “On behalf of The Channel Company, I’d like to congratulate these companies for their incredible contributions to the growth and success of the IT channel.”

The complete 2021 Solution Provider 500 list is available online at www.CRN.com/SP500 and a sample from the list will be featured in the June issue of CRN Magazine.

Read More from this Author

If you enjoyed this article, you'll probably like:

VPLS data center migration

ASUS Cloud, a division of ASUS, selects VPLS for a seamless data center migration

Blog Post, News / By
Return to the VPLS Blog

VPLS to migrate ASUS Cloud’s cloud infrastructure into a world-class Los Angeles facility

Published

Written by

Filed under

In effort to increase connectivity, security and data accessibility, ASUS Cloud has selected VPLS to migrate its existing Los Angeles-based data center to VPLS’s downtown Los Angeles facility located at 600 W 7th Street.

As a trusted cloud-to-edge computing and solutions provider, VPLS has an extended global network of data centers and points of presence. The company’s downtown Los Angeles facility, known as LA2, is a world-class facility with limitless reach to any carrier in the downtown Los Angeles Telecom Corridor. The 490,000 sq. ft. building offers 24/7 multiple layer security access, multiple colocation configurations, 27 MW of utility power, and connection to over 15 network carriers. Moving to VPLS’s LA2 location enables ASUS Cloud to use a broad and deep portfolio of cloud and network services, including IP transit, 100% power availability guarantee, and improved bandwidth to gain seamless and secure access to their data.

VPLS’s white-glove service approach in colocation management aims to simplify processes and enhance productivity by allowing customers to leverage VPLS’s rapid response team to handle IT needs. Backed by an expert team of technical resources, VPLS ensures secure and compliant migration of ASUS Cloud’s existing data center and infrastructure. As a result, ASUS Cloud can continue critical business services throughout the migration with minimal to no disruption to their operations.

“Migrating our colocation infrastructure is no easy feat and we’re very happy to partner with VPLS to make this happen,” states Peter Wu, CEO at ASUS Cloud. “Their team has been working diligently to ensure a smooth migration. They understand the importance of this move for our business and are dedicated to providing as little interruption to our business as possible. We are pleased with the efficiency and professionalism of the VPLS team as we plan this project to completion.”

Jay Smith, VP & GM of Data Center Operations at VPLS adds, “We are excited to enter into this partnership with ASUS Cloud and grateful that ASUS Cloud has entrusted such an important move to our team. Our experienced technicians are well-equipped to offer a smooth transition for ASUS Cloud and we look forward to having them join the VPLS family.”

Read More from this Author

If you enjoyed this article, you'll probably like:

Ruckus CommScope

VPLS is Now A CMAS Partner for Ruckus CommScope

Blog Post, News / By
Return to the VPLS Blog

Published

Written by

Filed under

VPLS is excited to announce that we are now authorized to participate in Ruckus’s California Multiple Award Schedules Partner Program. Ruckus’s CMAS Master Service Agreement 3-15-70-3218A allows public entities to buy Ruckus’s enterprise wireless and network solutions from VPLS via a pre-negotiated cooperative contract.  

As a Ruckus partner for over nine years, VPLS addresses the various IT needs of government agencies and school districts across California. In addition to network and wireless solutions, VPLS also offers other cloud-to-edge technologies, such as storage infrastructure, hosting, cloud, and security. In addition to the CMAS designation, VPLS is a NASPO-approved vendor for CISCO, HPE, Aruba Wireless, Extreme Networks, Cradlepoint, and other industry-leading technology partners. 

Read More from this Author

If you enjoyed this article, you'll probably like:

VPLS is named to the CRN MSP 500 Elite 150 list

VPLS Named to 2021 Managed Service Provider 500 List by CRN

Blog Post, News / By
Return to the VPLS Blog

Published

Written by

Filed under

Los Angeles, CA – VPLS is excited to announce that CRN ®, a brand of The Channel Company, has named VPLS to its 2021 Managed Service Provider (MSP) 500 list in the Elite 150 category. The list, released annually, recognizes the leading North American solution providers that have demonstrated innovative and forward-thinking approaches to managed services. These services help end users improve operational efficiencies and navigate the ongoing complexities of IT solutions, while maximizing their return on IT investments.

VPLS was selected for the MSP Elite 150 list because the company demonstrates the gold standard of cloud-to-edge services with off-premises professional services that include network and security optimization, all while bringing its services back to the data center with expert migration services, managed colocation, and more. The wide range of services offered by VPLS, paired with its professionalism and industry expertise, has positioned the company as one of the nation’s best MSPs.

“Effective MSPs enable companies to focus on their core objectives while improving the quality and reliability of their cloud computing capabilities,” said Blaine Raddon, CEO of The Channel Company. “The solution providers on CRN’s 2021 MSP 500 list deserve recognition for their innovative and forward-thinking approaches to managed services, and the ability to optimize operational efficiencies and systems to maximize return on investments.”

With cutting-edge approaches to delivering managed services, MSPs have become an integral part of the success of businesses worldwide. They help empower organizations to leverage complex technologies, keeping a strict focus on their core business without straining their budgets. CRN’s 2021 MSP 500 list identifies the market’s key managed services players who are setting themselves apart with best-of-breed solutions that provide the business outcomes customers need.

The MSP 500 list is featured in the February 2021 issue of CRN and online at www.CRN.com/msp500.

Read More from this Author

If you enjoyed this article, you'll probably like:

FBI CISA

The FBI and CISA Issue Joint Security Advisory on Fortinet FortiGate Vulnerabilities

Advisory, Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Advisory Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory to warn the public that threat actors are actively exploiting a suite of known Fortinet FortiGate firewall vulnerabilities. These vulnerabilities allow an attacker to steal VPN user credentials and gain initial access to the protected network environment, which positions them to be able to conduct further attacks.

Although two of the three vulnerabilities mentioned in the advisory have been known to the public since 2019, with the third being made public in 2020, it is clear by the issuing of this alert now in 2021 that there are still many firewalls in the wild that have not been updated and are still vulnerable.

Vulnerabilities

Vulnerability 1

CVE

 CVE-2018-13379

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-18-384

VPLS Summary

An attacker can steal SSL VPN user credentials on FortiGates with SSL VPN enabled, allowing them to gain access to the protected network environment

Vulnerability 2

CVE

CVE-2019-5591

CVSS Score

7.5/10 – High

Fortinet PSIRT

FG-IR-19-037

VPLS Summary

An attacker with local network access can perform a MITM attack to intercept FortiGate LDAP connections and obtain sensitive user authentication information.

Vulnerability 3

CVE

CVE-2020-12812

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-19-283

VPLS Summary

An attacker can bypass 2FA requirements for VPN users by adjusting the case used when entering the username.

VPLS's Recommendation

These three vulnerabilities each have their own conditions required for your FortiGate to be vulnerable, as well as specific mitigation instructions, which are described in detail in the provided Fortinet PSIRT links. To summarize, for Vulnerability 1, the mitigation step is as simple as upgrading the firmware version. Vulnerability 2 and 3, however, require specific configuration changes to mitigate.

Please reach out to us if you would like more information on this advisory. We are happy to provide a free consultation to evaluate if any of the three vulnerabilities apply to your environment and discuss with you what mitigation steps are required.

Additional Resources

Read More from this Author

If you enjoyed this article, you'll probably like:

managed security services

VPLS Ranks No. 239 on Inc. Magazine’s List of California’s Fastest-Growing Private Companies

Blog Post, News / By
Return to the VPLS Blog

With multiple offices in California, VPLS is recognized as one of the fastest-growing companies in the region

Published

Written by

Filed under

Inc. magazine today revealed that VPLS is No. 239 on its second annual Inc. 5000 Regionals: California list, the most prestigious ranking of the fastest-growing California-based private companies. Born of the annual Inc. 5000 franchise, this regional list represents a unique look at the most successful companies within the California economy’s most dynamic segment—its independent small businesses.

The companies on this list show stunning rates of growth across all industries in California. Between 2017 and 2019, these 250 private companies had an average growth rate of 535 percent and, in 2019 alone, they employed more than 40,000 people and added nearly $7 billion to the California economy. Companies based in major metro areas—Los Angeles, the Bay Area, and San Diego—brought in the highest revenue overall.

Complete results of the Inc. 5000 Regionals: California, including company profiles and an interactive database that can be sorted by industry, metro area, and other criteria, can be found on Inc’s Top 250 Fastest-Growing Private Companies in California list starting March 16, 2021.

“This list proves the power of companies in California no matter the industry,” says Inc. editor-in-chief Scott Omelianuk. “The impressive revenues and growth rates prove the insight and diligence of CEOs and that these businesses are here to stay.”

Read More from this Author

If you enjoyed this article, you'll probably like:

cyber risk management

VPLS Expands Bare Metal and Cloud Platform into A New Singapore Data Center, Reinforces Presence in Southeast Asia

Blog Post, News / By
Return to the VPLS Blog

VPLS Expands Its Bare Metal & Cloud Platform into A New Singapore Data Center, Reinforces Presence in Southeast Asia

Published

Written by

Filed under

We are excited to  announce the addition of a second Singapore data center location. The facility, known as SIN2, is located at 20 Ayer Rajah Crescent in Ayer Rajah Industrial Park in Singapore.

Home to the Asia-Pacific Network Operation Center (NOC), the SIN2 datacenter provides access to one of the world’s three GRX peering points, making it one of the most network-dense data centers in the region.

The SIN2 data center offers increased bandwidth capabilities to customers in Thailand, Indonesia, Hong Kong, and China, as well as the rest of Southeast Asia and Hawaii.

Queenstown, Singapore Data Center Highlights

  • 181,716 sq. ft. near downtown Singapore
  • Multi-stage security, including biometric sensors and proximity card readers
  • N+1 redundant critical load generator standby power
  • Access to 150+ carriers from the GRX Peering Point
MORE SIN2 SPECIFICATIONS

Read More from this Author

If you enjoyed this article, you'll probably like:

network services

Who is the Insider Threat?

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

The insider threat is something that’s faced by all organizations, regardless of size or industry. This year alone, insider threat attacks have skyrocketed, and organizations are now looking for ways to identify these threats before it’s too late.

Part of the challenge for modern organizations is that today’s perimeter is no longer easily defined. The data center was once your network’s primary point of entry and exit. However, the explosion of new connected devices, 5G, and hyper-scale cloud deployments have expanded the perimeter across the entire infrastructure. The modern network has even reached our home offices, creating new edges that now need to be secured. The proliferation of applications and the number of connected devices create billions of edges that need to be managed and protected. In addition, according to Google, more than 80% of online traffic is now encrypted, presenting new challenges for inspection of malicious traffic.

Unfortunately, most security breaches today are due to human error. Anyone with access to your data or systems—whether that be your employee, former employee, partner, supplier, or even your board member — has the potential to expose confidential information.

Accidental Insiders

When looking at the different types of insider threats, accidental insiders represent the largest percentage. These are individuals that are unwittingly causing harm by clicking on malicious links, failing to follow policies and procedures, or simply just being careless. Accidental insiders can also be the people that are driving technology changes within your organizations but don’t want to be slowed down with processes. They can even be overworked admins who try to take shortcuts by not patching or having weak passwords.

Malicious Insiders

The malicious insiders are deliberate and intentional in their efforts to either steal information or cause disruption. Usually, it’s for financial gain, but it also can be a disgruntled employee that has been downsized or laid off. While these individuals can work on their own, they can also work on behalf of a third-party agent.

Credential Thieves

The last group of insiders is the credential thieves. Once any adversary compromises a username and password, they are essentially an insider. While hiding behind legitimate credentials, they can masquerade around your organization as a known trusted employee, taking whatever information they can. What makes this type of insider threat so hard to combat is that they are pretending to be someone that is a known and trusted entity within the organization. 

Creating A Strategy

Every organization should be concerned by insider threats. Not only can you lose valuable data, but the financial implications of an insider security breach can be detrimental. According to the Ponemon Institute, accidental insiders have cost on average $4.5 million, malicious insiders over $4 million, and credential thieves about $2.7 million. With these numbers on the rise, it is essential that organizations are concerned and focused on reducing the risk of damage caused by insider threats.

So, how can organizations address the challenge of insider threats? How can organizations identify what is good versus bad behavior? How should your security posture compare with similar organizations? How can teams create an environment where employees don’t feel as if they’re not trusted? How can you explain the potential impact of the insider threat to other executives who drive some of that investment and strategic outlook? What tasks should be prioritized in the near term to address these? And most importantly, how do you achieve that cyber situation awareness and keep breaches at bay?

When it seems like the adversary is someone who could potentially be inside your environment, the task may seem improbable to address. What organizations need to leverage are the pillars of IT security: People, Processes, and Technology. An approach combining these three elements is needed to address the human risk challenge.

People Strategies for Combatting Insider Threats

First, the organization must create and prioritize a culture of security. Education is key here, with investments in security awareness training, phish testing, etc. People need to understand what they should and should not be doing within the environment and how to practice good cyber hygiene. Since most ransomware attacks are largely done by social engineering attacks, phish testing is important to prepare and train your workforce for these types of attacks.

As a result, as employees become more familiar and prepared, they can become more vigilant and help report incidents. Similarly, organizations need to support incidence reporting by helping employees understand where to go with this information.

Read More from this Author

If you enjoyed this article, you'll probably like:

Scroll to Top