Support • (786) 621-8600 Contact us

Recent Posts

Tales from the Trenches – S01E01

The Value of Checking Your Work

Cast your mind back to your school days. Do you remember being told to check your work? I do and the story I’ll share with you here is a great illustration of the value of checking your work or alternatively, having your work checked. We’re humans and not infallible. Mistakes will be made. The important thing is to learn from the mistakes and not repeat them.

For many years I was a security instructor. I would typically fly to an island and teach class for a week and then fly home. Sounds glamorous right? It was rewarding and the personal and professional connections I made are still with me to this day. It was also quite tiring and the funny stories of traveling and working while exhausted will have to wait for another time. Anyway, the classes were run on labs using local virtual systems running on student supplied hardware. Many times, I taught using course ware and labs of my own design but often I needed to use the official curriculum. In order provide a relevant context to the lessons, I encouraged students to follow along using their own systems. I would also provide a complimentary health-check of their environments. That is, I would take a quick look at their security management dashboards and reports and see if I could identify any issues or make recommendations for improvement.

This story takes place during one of these classes, when a student, let’s call him S, asked me for a health check. For reference this class covered the installation and use of the central management and endpoint security applications. S shows me his management console and the first thing I notice is there are zero threat events. Not a low number of events but none! For 200+ systems, even a perfectly tuned environment is going to show something, unless they’re discarding data. S proudly says to me that they don’t have any security issues or events, just look at the dashboards! I challenge him on this asking if he allows direct Internet access, email, email attachments, and removable device usage in the organization. He does so I challenge him that there just has to be something happening. I even went so far as to say that I would give him $100 out of my own pocket if the information was truly accurate!

I roll up my proverbial sleeves and dive in. The first thing I noticed was that the Windows system on which the central management server was installed did not have any endpoint security software installed. He questioned why that mattered. The management software was just for management and the system still needed the security software. So I manually installed the endpoint security software as per their standards when we notice some stability and performance issues. We, of course, had backups of their policies and other key files. A bit of digging revealed that they were using an old build of the endpoint security software. By old, I mean a version that released well before the version of Windows server in use. We applied the necessary patch and rebooted the system. I pointed out that they needed to keep their security software up to date along with everything else in the organization.

Guess what the dashboards looked like after the reboot? If you guessed that it lit up like a Christmas tree, you would be right! It turns out that the management software had lost connectivity with the SQL database over three months earlier. Rebooting the server enabled the re-connection and all endpoints began reporting their events. Thankfully, the deployed endpoint security software was resilient enough to detect and mitigate the various threats as well as update signature files in the absence of a functional central management system. You’re probably wondering what kinds of threats they were seeing. There was plenty of spyware and adware as well as removable media-based Trojans. After the understandable surprise, we worked together to ensure that they were deploying the latest appropriate version of the endpoint security software and demonstrated how to test the systems to prove that the systems were operational.

Lessons learned:

  • Check your own work. If you manage to reach a point with policy tuning where things are very quiet, run some test files or activities through your systems. Ensure that you receive the alerts and that the events show up in your scheduled reports. You are scheduling reports, aren’t you?
  • Have your worked checked by someone knowledgeable in the technology in question, not just an auditor who asks you to show your work.
  • Your security tools need to be updated just like your operating systems and business applications.
  • Don’t be afraid to ask for help. No one has dealt with everything or seen every possible situation. Develop a peer group and collaborate. As a group, you’ll be better off than trying to go it alone.
by Guest Blogger Sean Slattery

About the Author:

Sean Slattery is founder and CTO of Caribbean Solutions Lab, a boutique cybersecurity firm and longtime partner of Digital Era Group. A 25 year veteran of the IT industry and former security instructor, Sean oversees their managed cybersecurity services.

DigitalEra Recognized on CRN’s 2019 Solution Provider 500 List

MIAMI, FL. – June 3, 2019 – DigitalEra, a premier IT security solution provider of network and cybersecurity products and services, announced today that CRN®, a brand of The Channel Company, has named DigitalEra to its 2019 Solution Provider 500 list. This annual list ranks the largest North American IT channel partner organizations by revenue. The Solution Provider 500 is the industry standard for recognizing the highest performing technology integrators, strategic service providers and IT consultants. It is the industry’s predominant channel partner list, serving as a valuable resource for technology vendors looking to partner with top solution providers.

“We are honored to be named a top CRN channel partner and appreciate this recognition which confirms our commitment and reputation as an experienced security technology provider of quality products and services, strong vendor and partner relationship and unparalleled customer service,” said Patrick Dyer, President and Chief Executive Officer of DigitalEra. “We are extremely proud to continue advancing and growing our mission to deliver the best in-class security solutions for business, education and governmental agencies, so their security teams can focus on what matters most.”

DigitalEra’s team is focused in the execution of end-to-end cybersecurity solutions with organizations to plan, build and run successful cybersecurity programs. They go beyond other security firms that only examine technical infrastructure, by also analyzing organizational structure, policies, procedures, readiness, and training. The team provides a wide range of cyber security expertise, cyber threat intelligence and purpose-built technologies to prepare for and respond to cyber incidents.

“The companies on this year’s list represent an incredible combined revenue of $320 billion, a sum that attests to their success in staying ahead of rapidly changing market demands,” said Bob Skelley, CEO of The Channel Company. “Congratulations to the solution provider organizations leading the way in digital transformation and the latest technology services.”

The complete 2019 Solution Provider 500 list is available online at and a sample from the list will be featured in the June issue of CRN Magazine.

About DigitalEra

DigitalEra is a leading solution provider of network and cybersecurity products and services, serving major business, education and governmental agencies throughout the US. In addition to access to the most sophisticated and effective security products, DigitalEra provides expert guidance on use as well as ongoing security council and insights that help their clients prevent security breaches and mitigate threats. For more information,

Follow DigitalEra Group: Twitter, LinkedIn and Facebook.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace.


Digital Logistix and Kenna Security Partner to Bring Industry-Leading Risk-based Vulnerability Management to Latin American & Caribbean Markets


MIAMI, FL. – April 30, 2019 – Digital Logistix a premier IT security technology distributor and managed services provider and Kenna Security, a leader in predictive cyber risk, announced today a partnership to bring risk-based vulnerability management to customers and partners in Latin America and the Caribbean.

“Organizations need a better way to prioritize vulnerabilities based on risk so they can drive the greatest security effectiveness and get ahead of cyber threats.” said Rick Kramer, Vice President, Worldwide Channel Sales and Alliances at Kenna Security. “We are excited to expand our presence in Latin America and the Caribbean and this partnership will enable Digital Logistix customers to identify and understand which vulnerabilities are the most dangerous, optimizing remediation and drastically reducing risk.”

The Kenna Security Platform uses patented machine learning algorithms and data science to correlate an organization’s disparate internal asset data with more than 15 sources of external threat intelligence to prioritize and predict the threats that matter most, based on the risk they pose. It has been deployed by hundreds of organizations across nearly every major industry to more effectively manage cybersecurity resources and lower overall risk. The Kenna Security Platform easily integrates with all major vulnerability scanners, and can be applied to IT infrastructure assets, applications, and more.

“As an experienced security technology distributor in the region, we’re acutely aware of the need for risk-based cybersecurity applications,” said Patrick Dyer, president and chief executive officer of Digital Logistix. “We’re excited to offer our customers a platform that leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, so their security teams can focus on what matters most.

ABOUT DIGITAL LOGISTIX Digital Logistix, a wholly owned subsidiary of DigitalEra Group, LLC, is a leading distributor of network and cybersecurity products and services, serving major business, education and governmental agencies throughout the Caribbean and Latin America. In addition to access to the most sophisticated and effective security products, DigitalLogistix provides expert guidance on use as well as ongoing security council and insights that help their clients prevent security breaches and mitigate threats. For more information, visit:

ABOUT KENNA SECURITY Kenna Security is a leader in predictive cyber risk. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security teams on what matters most. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.

Choosing the Right Cyber Security Partner for your Business


A glimpse through Digital Logistix journey searching for a Digital Risk Protection Solution

With more than 20 years of experience as a leading distributor of cybersecurity products and services for Latin America and the Caribbean, Digital Logistix takes it very seriously when it comes to choosing which industry vendors we partner with. We evaluate all market players, what they have to offer, their current and historical reputation as a solution provider, their expertise, scale and reach.

At Digital Logistix we understand the current threat landscape in Latin America and the Caribbean, and how to succeed in this market today, organizations are under pressure to innovate and adapt to new digital practices, faster than ever before. We understand no single partner can offer all the security capabilities an organization needs, as fast as they need them. So as a trusted security advisor, we strive to partner with the best-in-class security vendors to help our customers protect their most valuable assets.

Our recent journey searching within the emerging market of digital risk protection for a vendor who would be the best fit for our customers in the region, was truly exciting. We couldn’t have ended with a better vendor to partner with: Digital Shadows, a top leader in the market due to its robust digital risk data and ability to deliver on an aggressive product road map.

During our extensive research, we weighed risk analytics and automated remediation as the most important key differentiating features needed for a solution to effectively detect and resolve. We were looking for a solution able to provide the broadest breadth of coverage and the deepest level of analysis of threats in the open, deep and dark web.

Digital Shadow’s great traction and reputation, within the market was evident and clearly indicated they should be our solution of choice. Just the very fact that Digital Shadows was named a “Leader” in the July Forrester New Wave™: Digital Risk Protection report and awarded the highest rating possible was a ‘clincher’ for us. We were also very impressed by its analyst team’s existing Spanish language expertise, a key qualification needed to operate in such market.

We’re very excited to be the first partner in Latin America and the Caribbean to join the Digital Shadows Channel REV program. This partnership now allows us to offer the tools our business partners need to quickly build their own professional services around SearchLight®, the industry leading digital risk protections solution from Digital Shadows that was recently awarded a maximum 5-star rating by US publication CRN.

Digital Logistix is thrilled about its partnership with Digital Shadows to bring its digital risk protection and relevant threat intelligence to the region. Our expertise in the market is a key advantage in our partnership and we’re confident that working together, we guarantee our customers will experience quick deployments, reduced costs, greater protection and improved compliance.

This blog was written by Ricardo Martinez, Director of Business Development for Latin America at Digital Logistix.

ABOUT DIGITAL LOGISTIX Digital Logistix, a wholly owned subsidiary of DigitalEra Group, LLC, is a leading distributor of network and cybersecurity products and services, serving major business, education and governmental agencies throughout the Caribbean and Latin America. In addition to access to the most sophisticated and effective security products, DigitalLogistix provides expert guidance on use as well as ongoing security council and insights that help their clients prevent security breaches and mitigate threats. For more information, visit:

ABOUT DIGITAL SHADOWS Digital Shadows enables organizations to manage digital risk by identifying and eliminating threats to their business and brand. We monitor for digital risk across the widest range of data sources within the open, deep and dark web to deliver tailored threat intelligence, context and actionable remediation options that enable security teams to be more effective and efficient. Our clients can focus on growing their core business knowing that they are protected if their data is exposed, if employees or third parties put them at risk, or if their brand is being misused. To learn more, visit

General Data Protection Regulation, or GDPR, is coming May 25th. Are you Ready?

The European Union will begin enforcement of its General Data Protection Regulation (GDPR) on May 25. Is your organization ready?

What does this mean? How will it impact your organization – and how to prepare for it? Here’s what every company that does business in Europe needs to know about GDPR:

May 25th is coming up on us all very soon. Do you know why that date is important? It is the date when the new EU privacy regulations take effect for any data holder or processor of personal data of an EU member. This regulation is separate and more comprehensive than US standards for privacy and those directives hold quite the weight. Non-compliance will lead to stiff penalties of up to 4% of gross profits or 20 million Euros.

You have several considerations if you use a third party service provider and it gets breached because you are still liable for this together with the third party. Contracts will need to be amended in order to properly balance these responsibilities. Adherence for the first 2 years was optional but that timeline is quickly coming to an end as stated above. So what do we do right now? There are specific articles that indicate what you must be able to demonstrate you and any of your third parties are doing with any personal data, the scope of which includes digital identification, mobile numbers and equipment that can tie a person to that data. We will focus on the solutions we recommend to have in place below.

The ability to audit and report who has accessed and whether they were a data controller or processor is one of the main named abilities you need to have in order to ensure compliance. The main difference in this directive is who owns the data and who accesses it and for what purpose and times when those permissions get revoked. This requires you to have a named Data Protection Officer to perform these tasks and inform controllers and processors ensuring that they know what the corporate policy is and what GDPR requires of them as well as be the main point of contact for any supervisory authority wanting to discuss issues or audit.

Another point is the protections needed to do this. We recommend using a framework such as HIPPA, PCI or NIST 800-53. We also recommend Data Leakage Protection (DLP) and an Identity Access Management (IAM) solution. These 3 things will give you protections needed for the reporting piece of the puzzle. Both Data and Access would be easily controlled and reported on and your processes would be easily documented with a verified solution. As a caveat you should also have a vulnerability management program to compliment the reporting for this directive.

DLP should be a standard to ensure that you can report and potentially block any unauthorized access to personal data. With this directive personal data and it’s meaning has expanded. This is not just Personally Identifiable Information (PII) but also any electronic data or device information that can be linked with the personal data to a particular user. This means DLP rules will need to be customized to include fields outside of the norm and new regular expression (regex) patterns that can detect the location and access of the personal data.

Identity Access Management (IAM) is the other side of what is important with this GDPR directive. What it addresses is the easy reporting of authentication on sensitive systems containing the personal data. The reason this is important is that depending on your need to access this data access to personal data should be granted to process for the needed amount of time then revoked and documented forensically. This will give you the ability to review authentication, authorizations, administration, and audit of the identities or users that are accessing the personal data easily.

While time is short it is important to note that there is still time. Putting in these protections to discover what is there is the starting point. We aim to assist with any questions you may have from a security perspective, please contact us. Also below is a quick breakdown of the articles into sections where you can learn more.

GDPR Article Breakdown

  • Articles 1-22 discuss the data and other meanings for personal data and overall definitions of terms.
  • Articles 23-37 govern the persons involved and their roles and responsibilities.
  • Articles 38 and 39 show certification requirements. Articles 40-45 discuss the transfer of data to organizations.
  • Articles 46-53 discuss the role and a description of who can be a supervisory authority and their charge.
  • Articles 54-72 discuss interactions and the cooperation of the European Data Protection Board within the supervisory authority to investigate and certify adherence.
  • Articles 73-79 discuss the ramifications and penalties for a breach and not complying.
  • Articles 80-85 discuss provisions for special situations where data may be touched for purposes like employment or churches.
  • Article 86-87 discuss how delegation acts and implementation acts are handled by committee.
  • Articles 88-99 discuss the repeal of the old Directive 95/46/EC and this policies enforcement.