Cyber Incident Response Starts Before Hackers Have a Chance to Spread
From advanced persistent threats (APTs), to sophisticated phishing attacks and attempts to breach the perimeter of the network, attackers are constantly looking for ways to get your users and systems to run their malware in order to gain unfettered access to your data. Detecting these incidents before they happen is the only way to effectively protect your information, your brand and your organization.
Unfortunately, detecting the fingerprints of these dangerous technologies can be difficult, making incident response efforts slow and ineffectual. Today’s malware is very stealthy, and detecting it requires a broad set of capabilities: not just detecting new files on systems, but also interrogation of the registry and other system configuration data, as well as conducting mathematical hashing and reputation analysis of existing files to ensure that trojans and other malicious code are not hiding deep inside your IT assets.
5 common security mistakes that impact incident response
1. Inadequate patching
Hackers are constantly trying to find ways to sneak in the back door, so to speak, and if you’ve not properly dealt with weaknesses within your systems and infrastructure, then you’re leaving yourself wide open to become a target. Software patches are a common area of weakness that left unfinished and incomplete results in areas of potential infiltration.
2. Weak Password Policies
Having a strong password policy is an essential component of a security policy that supports requirements that make it impossible to use simple (i.e. easy to hack) passwords. It should also require that all users change their passwords on a quarterly basis (at min) to further prevent a possible breach. Domains should use separate administrative accounts and different passwords to prevent site wide admin level access.
3: Shadow IT Running Amok
We live in an increasingly mobile and app driven society, which means any number of your employees and colleagues could be installing and accessing the web utilizing various applications and services to perform their job duties. Unfortunately, the convenience of many of these apps presents a higher risk of breach because of these unmanaged solutions often are not updated or known to be in use and provide both infiltration and exfiltration paths that hackers can leverage.
4: Not Leveraging All Resources
You may think your infrastructure is secure because you have a quality AV endpoint protection solution in place. The problem is, just because AV is installed it may not be running, and just because its running doesn’t mean it’s actually protecting your endpoints from all threats. You have other threat intelligence sources to leverage that should be operationalized to better protect you.
5. Thinking it Could Never Happen to You
Thinking you can hide in the numbers of other companies like you or that you are too small to be hit by an attacker will not protect you. Proactive detection with automated determination and detonation with 3rd party malware engines is the new normal.
Promisec Enterprise Manager provides complete endpoint visibility and remediation of advanced threats
Promisec is the right choice for endpoint threat detection & response. Our software can provide a complete interrogation of an endpoint including OS details and patch versioning, program files, processes, services, registry settings, startup programs, network connections, global and local user policies that could allow change to occur as well as indicate deviations from a known good configuration. Additionally, native file integrity monitoring and file reputation provide global consensus on whether new or modified files represent a threat to your endpoints, users and data.
Promisec provides querying to every endpoint in your environment and gets answers back within seconds per machine. This ability to gather data rapidly is essential in today’s world when an organization is confronted with outages, viruses, or zero-day vulnerabilities.
Promisec delivers file integrity monitoring with an integrated file reputation service that provides global consensus on whether files are malware, trojans or other known bad actors – with the ability to automatically push suspicious files to a 3rd party detection and analytics service such as products provided by BlueCoat, FireEye and Palo Alto.
Promisec provides simple and powerful actions so incident responders and IT operation teams can make changes across an entire network within seconds to remove a program, reset a group policy, push out a patch or even to quarantine infiltrated systems.