Solid Foundations

Solid Foundations

Confidence in IT Security frees business rather than restricts.
Let us empower you to do more.

From Challenge to Transformation

From Challenge to Transformation

We work with the most daunting requirements from the largest organisations and exceed expectations on delivery

Security without Limits

Security without Limits

Solid security empowers and liberates business to be more creative, rather than restricting innovation

Disaster Resolution

Disaster Resolution

If you need help with a security incident, or you need expert remedial help immediately, call us.

Lithify:

/ˈlɪθɪfʌɪ/ : to change to stone : petrify; especially : to convert (unconsolidated sediment) into solid rock.
intransitive verb: to become changed into stone.
IT Security: to cut through the mire of conflicting advice and provide a solid foundation for business.

Security is our Sole Focus 

IT security shouldn't restrict, it should empower:
By providing a solid foundation, we enable business to be more innovative, more creative, more productive. 

Lithify is a specialist security reseller. We provide complex IT Security solutions to the largest companies in the UK and worldwide.
Our solutions are market-leading, delivered by experts with international reputations for excellence in their chosen fields.

We work with our clients on an ongoing basis to ensure that the investment made in IT security is utilised to the full and grows as the organisation evolves. 

We work in the most challenging environments to make security work for the business it serves. Our reputation for troubleshooting and problem resolution is unparalleled. 

Talk to us today about how we can help you reach your goals. 

 

One of the oldest breaches in the book is back and the consequences (which have always been bad) are now worse than ever.

Account takeover has existed for a long time. It used to rely on poor password policies and exploited those users who used the same username and password combination for everything. Stolen email addresses and passwords (normally obtained by the thousand by hackers stealing a database of customer details) could then be used across multiple accounts because the details were all the same -obtaining access to an online shopping account meant also being able to use the same credentials for a user's corporate login, their Tesco clubcard, their personal banking and social media such as Facebook - obtaining one meant obtaining all! Pretty scary stuff but at least limited to individuals. 

Account takeover is now far more sophisticated and goes far further. 

The difference now is that whilst basic password hygiene is still an issue, use of served (SaaS) applications gives access to a wider range of corporate systems than ever before.

Once through the login screen for Office 365 or Salesforce, the entire corporate instance is available. That has far reaching consequences.

Here's how it works

Can you blame an employee who clicks through an email like this one?

 

The effects if such a mistake can be far reaching. Once rogue agents have login credentials, they're free to access your account as if it were their own - this can cause significant damage to corporate systems. 

Is it the employees fault? Probably not. Certainly, no loyal employee clicks this kind of link maliciously and a rogue employee will likely have other strategies. 

We're all human and we all click things when we're busy which we would usually avoid like the plague if we had the time to assess it properly, and by the time we stop to think it can often be too late. 

It's time we offered some protection against threats such as this. 

 

What is account takeover and why is it important?

Account takeover often starts with a message such as the one above - it could be delivered by email to a company desktop, or to a user's smartphone. Text messages such as the one above are now the number one vulnerability on smartphones - we call this SMS Phishing (or smishing), but they could equally be delivered via email. 

The premise is simple - a third party sends a message to the users phone purporting to be from a reputable company - it could be a bank, your network administrator or a trusted application provider. It's common, as with the example above, for there to be some urgency and consequences for lack of action: "do it now or else....." 

Panicked, the user clicks through the link, lands at a plausible (often extremely plausible) webpage and enters their credentials.

Everything looks fine, but those credentials have just been harvested by a third party who now has your access details and can use and abuse them as they wish. There's no further access controls which means the account, and everything that it touches is now wide open. Office 365 and other browser-based applications all present a risk in this regard.

 

What do the Application Providers Offer?

Traditionally Microsoft have been great at protecting "inside the bubble" and their latest versions are no different.

Their document dissemination and version controls have advanced considerably but these only address 11% of breaches. None of the SaaS providers have a great strategy for preventing account takeover. Once you're in, you're in!

If you want to insulate your network from such threats there are additional steps to take.

 

How do we protect against such threats?

Preventing take over requires 2 things:

1. Security on the device which is up to the minute and linked to an AI engine which can scan text or email or email and indentify "rogue" messages.

2. Awareness between the user and the application which looks at device & user behavior and which is able to allow or deny access based on the pre-set parameters.

This is a whole different layer of security than that we have seen to this point, but one which needs focus as more of our networks move beyond our own walls. We're starting to see the first high profile hacks by this method, and almost all companies have some exposure.

There are great tools available to prevent such breaches. Let's work together to avoid them. 

 

04 Jul 2019

Lithify Sponsors "Summer Spin" for UK Homes For Heroes

Team members from Lithify recently organised a fundraising rally in order to generate funds for the UK Homes For Heroes charity, which is a front line helping ex forces living on the streets. The...

28 May 2019

Vendor Flip Flopping Serves No-One But Unscrupulous Resellers

  If your organisation has changed vendors more than twice in the last 8 years, it might be time to re-think your approach.  We all know large enterprises which seem to have run the gamut of every...

20 May 2019

Security Still Centred on Perimeter Firewalls? Let's Think Bigger!

Still hanging your security on perimeter firewalls? Its time to broaden your scope Who reading this thinks that perimeter firewalls are the main game in security? Many people still do. We've...

26 Feb 2019

Account Takeover - Why Now?

One of the oldest breaches in the book is back and the consequences (which have always been bad) are now worse than ever. Account takeover has existed for a long time. It used to rely on poor...

19 Feb 2019

Thinking Of Downsizing Your Firewalls?

I'm constantly talking to both existing & prospective clients and a new phenomenon is catching my eye. Downsizing, simplification and cost cutting are becoming a trend. I can see why. Firewalls...

How to Engage Us

Lithify is available for short or long term engagements, to help with a problem, to implement a specific project or as your preferred partner in IT Security. 

Contact us, book an initial (free of charge) consultation or request an urgent call back

Contact Us