Defending Your Enterprise While Working from Home

Defending Your Enterprise While Working from Home

With the proper tools and techniques in place, it’s possible to continue to defend your enterprise while your staff is working from home. Here are some good points to remember and share about securing mobile devices.

defend your enterprise

Now More Than Ever: Hackers Want Endpoints

Hackers understand the global pandemic we are currently experiencing. They also know that whatever you are NOT focused on defending, and they will flow like water to get to it.

Where are you not focused as a defender? That’s where the hacker will go.

Since working remotely has been mandated to slow the spread of COVID-19, focus on your users’ endpoints.

According to the 2019 Data Breach Investigations Report, 94% of all attacks start with email. Be aware that even more users will click on malicious links when they are using their mobile devices.

Mobile Devices Users are More Vulnerable to Phishing Attacks

According to a recent mobile phishing report, there is an 85% increase annually on the rate at which people are falling for phishing attacks on mobile.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination.

As a result, mobile users are three times more likely to fall for phishing scams, according to IBM.

Finally, the huge amount of personal and corporate data on mobile devices is making these devices the preferred target for phishing attacks.
In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases the attack was thwarted by Lookout.

Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data.

Source

Hackers’ Capabilities

It’s difficult for users to keep up with the hacker’s capabilities. As a corporation, you could potentially have a team of security experts on hand that are able to research those capabilities and be able to help you put a defense strategy in place. Attackers are using the following tools to breach your mobile devices:

Remote Access Trojans (RAT)

A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. Source

Web Shells

A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal to the network, where the web shell is used to pivot further to internal hosts.

A web shell can be written in any language that the target web server supports. The most commonly observed web shells are written in languages that are widely supported, such as PHP and ASP. Perl, Ruby, Python, and Unix shell scripts are also used. Source

Mimikatz

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets. Other useful attacks it enables are pass-the-hash, pass-the-ticket or building Golden Kerberos tickets. This makes post-exploitation lateral movement within a network easy for attackers. Source

Powershell Empire

PowerShell Empire is a unique attack framework in that its capabilities and behaviors closely resemble those used by current nation-state advanced persistent threat actors.

Nation-state hacking groups were using PowerShell to create fileless malware that runs in a computer’s memory, without leaving any traces on disk, and using PowerShell scripts as a post-exploitation vector for moving through networks and inside workstations without triggering any security alerts.

Because PowerShell is installed by default on all Windows 7 and later versions, at the time, the app was trusted by all security products, many of which did not detect Powershell-based attacks.

Empire’s use among cybercriminals has grown so much in the past few years that in late 2018, the UK’s National Cyber Security Center included Empire on its shortlist of the five most dangerous publicly available hacking tools — together with JBiFrost, Mimikatz, China Chopper, and HTran. Source

C2 Obfuscation Tools

Attackers will often want to disguise their location when compromising a target. To do this, they may use generic privacy tools (e.g., Tor) or more specific tools to obfuscate their location.

HUC Packet Transmitter (HTran) is a proxy tool used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker’s communications with victim networks. The tool has been freely available on the internet since at least 2009.

HTran facilitates TCP connections between the victim and a hop point controlled by a threat actor. Malicious threat actors can use this technique to redirect their packets through multiple compromised hosts running HTran to gain greater access to hosts in a network. Source

How to Protect Mobile Devices for Remote Workers

For a comprehensive mobile device protection strategy, you need a tool or service for endpoints that can offer a form of antivirus, an EDR-type tool that can record and log instances for future forensics, as well as vulnerability management for mobile.

Your mobile device security strategy should provide phishing protection for:
– Email
– SMS
– Social Media
– Messaging Apps

You should also consider Mobile Threat Defense that defends against:
– Application Threats
– Device Threats
– Network Threats

Managed Detection and Remediation (MDR) for Endpoint Security

Not only does MDR from Cybriant help reduce the time between breach and detection, we can also help stop the threat before it can fully execute.

Our experts utilize a static AI engine to provide pre-threat execution protection. The static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity.

By tracking all processes, our team is able to detect malicious activities, and use behavioral AI technology to respond at top speed. We can detect and stop file-based malware, scripts, weaponized documents, lateral movement, file-less malware, and even zero-days.

With MDR from Cybriant, our security analysts monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat.

As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.

The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats.

Security Fundamentals for Working Remotely

Consider sharing this information from Infragard to all your remote workers. Stay up-to-date on Coronavirus scams here.

Cyber Risks/Criminals: The FBI reports scammers are leveraging the COVID-19 pandemic to steal your money and your personal information, or both. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information to receive money or other benefits.

The FBI advises you to be on the lookout for the following:

FAKE CDC EMAILS – Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.

PHISHING EMAILS – Look out for phishing emails asking you to verify your personal information to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information to send you money. Phishing emails may also claim to be related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits.

COUNTERFEIT TREATMENTS OR EQUIPMENT – Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. More information on unapproved or counterfeit PPE can be found at www.cdc.gov/niosh. You can also find information on the U.S. Food and Drug Administration website, www.fda.gov and the Environmental Protection Agency website, www.epa.gov. Report counterfeit products at www.ic3.gov and to the National Intellectual Property Rights Coordination website at iprcenter.gov

Best Practices for Companies: Attached is a one-page document, developed by InfraGard National Board Director Rusty Sailors and his company, listing best cyber practices for companies to adopt, to ensure their information is kept safe and secure at all times.

In addition to those recommendations, the FBI is reminding people to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:

  • Do not open attachments or click links within emails from senders you don’t recognize.
  • Do not provide your username, password, date or birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in “.com” instead

As the world is responding to the global response for remote work options, we’re here to provide guidance and stability during these trying times.

Whether provisioning corporate laptops or allowing employees to use personal devices, hastily extending a remote work option can leave your organization vulnerable in terms of security.

Here are a few items to consider:

Remote Basics
– A computer
– A secure internet connection
– Chat and conferencing applications
– A dedicated workspace
– A phone and a camera
– Self-motivation and discipline
– A strict routine

Require VPN access for internal networks
A VPN encrypts your corporate traffic to avoid man-in-the-middle attacks or eavesdroppers

Update Password Policies
Make sure your employees understand and comply with your password policies. This might be the best time to start with new strong passwords across the company.

Separate User Account
If your group in using their own devices, require a new user account to be set up for work use only. This separation will help both privacy and security.

Invest in full-featured endpoint security for home workers
Home systems are varied and more often than not, are not up to the job of protecting your company’s assets. The best options would still be business-class endpoint security that can be managed by your IT team that leverages a firewall, protection from malicious websites, and malware.

Require multi-factor authentication
Your best defense against cyber criminals that may utilize brute-force techniques or stolen credentials.

Require encryption
If employees are working on sensitive files or downloading files to their personal devices, provide an encryption solution while requiring separation of personal files.

Keep machines up to date
It is difficult to know how well employees keep their home machines up to date. Enable automated updates on all of their systems to be sure they are current with all security measures.

Employee Training
COVID-19 Scams are on the rise and are becoming more sophisticated. Remote workers’ habits and behaviors can become lax when it comes to clicking on links. Provide a refresher to help avoid the human element that cybercriminals attempt to exploit. Consider running a campaign and training course before employees begin working remotely or shortly thereafter.

Free Offer: MDR Access

COVID-19: Cybriant Offers Free MDR Service to Help Enterprises Secure Remote Workers and Stay Protected

24/7 Cyber Threat Detection Agency Helps Promote Business Continuity and Public Health by Enabling Secure Work-From-Home

Alpharetta, GA – March 24, 2020 – Cybriant, a leader in cybersecurity services, has announced free access to their 24/7 Managed Detection and Remediation (MDR) service.

Cybriant is working with SentinelOne, the autonomous cybersecurity platform company, to make Cybriant’s MDR Core service available free of charge for a limited time, enabling enterprises to secure remote work as the world combats COVID-19. This offering will be free for service implemented Monday, March 16 through Friday, May 15, 2020.  Cybriant’s 24/7 monitoring and remediation service will be free for 60 days after the initial installation of SentinelOne.

Many cybercrime groups are capitalizing on COVID-19 concerns to deliver new malware payloads and test new techniques.  “It is a sad reality that even at this time when most of the world is focused and united on containing and defeating COVID-19, cybercriminals are seeking advantage in the disruption” said Jeff Uhlich, CEO, Cybriant.   “At Cybriant we want to do our part to assist organizations through what we all hope is a short transitional period by better securing their businesses from vulnerabilities created by the move to a remote workforce.”

As part of this free offering, Cybriant will provide:

  • SentinelOne Core: licensing of AI-powered prevention, detection, and automated response in a single, autonomous lightweight agent; legacy antivirus replacement across Windows, Mac, and Linux operating systems with no connectivity or network dependency
  • Cybriant Deployment Services: remote deployment assistance to ensure rapid installation 
  • Cybriant 24/7 Monitoring and Remediation Services – When a credible threat is detected, our team will retrieve the process history and analyze the chain of events in real-time to determine the validity of the threat. Once identified, the malicious activity is immediately stopped in its tracks and our team ensures remediation.

Working together the world can defeat COVID-19, and Cybriant would like to do its part to help businesses safely conduct operations during this unprecedented time.

Visit https://cybriant.com/covid-19-free-mdr/ to enroll and for further details on this offer.

About Cybriant

Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, operation, and monitoring of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and managed cybersecurity services. These services include Risk Assessments, vCISO, 24/7 Managed SIEM with LIVE Monitoring and Analysis, 24/7 MDR, 24/7 Vulnerability Scanning with Patch Management. We make enterprise-grade cyber security strategies and tactics accessible to businesses of all sizes. Find out more at https://www.cybriant.com.

About SentinelOne

SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

Free MDR Offer

5 Reasons You Need a Mobile Security Risk Assessment

5 Reasons You Need a Mobile Security Risk Assessment

Here are 5 reasons to consider a mobile security risk assessment. Consider today’s most specific and hazardous security threat – our smartphones. These multi-purpose and ever-present devices should be included in your strategic cybersecurity plan including assessments and threat detection.

mobile security risk assessment It is possible to tailor a security risk assessment that is specifically for smartphones or mobile devices.

A mobile security risk assessment identifies smartphone assets and provides an in-depth list of specific applicable threats. This includes both third party and enterprise web services used by the application as well as other connected resources that might have an impact on the security of the system.

Here are 5 reasons that you should consider the mobile security risk assessment for your organization:

Reason 1: Suspicious Applications

With any BYOD policy, it’s difficult to limit application use for users. Users can easily visit Google Play or the App Store and download any app. With each app they download, this invites an inventory of permission before people can download them. These permissions generally require some quiet access to files or folders on your mobile device. The majority just skim or skip the list of permissions and agree without reviewing them in great detail. This lack of security leaves devices susceptible to mobile security risk.

Although the application works the way it’s alleged to, it still has the potential to mine corporate data and send it to a third-party sort of a competitor and expose sensitive products and business information.

A Mobile Security Risk Assessment will help you have a better idea of which apps are in use that could expose your organization’s sensitive data.

Reason 2: Access to Data

Mobile devices present a treasure trove of opportunities for leaked data. This could happen through user error, malicious intent, phishing attempts, social hacking, etc.

In most of the cases sending files through cloud storage, accessing confidential information from the unauthorized gadgets or devices, reading spam or irrelevant email and accessing the obnoxious links from it. This kind of negligence can be risky for the health departments, school data and an economic based or banking firm.

Cybriant’s Mobile Security Risk Assessment will help you understand where your data is being shared and how to stop it if necessary.

Reason 3: Public Wi-fi

Our mobile devices are completely useless without an internet connection. It is so easy to find free access to the internet in a public area, while for many that public Wi-Fi is a necessity, your users should understand the risk associated with Public Wi-Fi. Connecting your phone with an insecure internet connection can be harmful for the device and for your data too. Most of the time we travel, visit public places and got the ‘free internet’ connection but without knowing the fact how good or bad it will be.

It’s possible with a BYOD policy to limit Public Wi-Fi usage, and a mobile security risk assessment will help you determine if you are users are adhering to that policy.

Reason 4: Outdated Devices

Mobile security was not a big issue in previous years – when we were using the simple phones and having slow internet connections without the fear of data leakages or third-party intrusions. These devices are still in use somewhere and connected with the new and fast internet connections though they are not updated or qualify for the data and mobile security.

Apple supports its smartphones for about five years after a model is released, giving the devices the latest versions of iOS and the latest patches to known vulnerabilities.

In general, an Android phone won’t get any more security updates if it’s more than three years old, and that’s provided it can even get all the updates before then. After three years, you’re better off getting a new phone. Source

Reason 5: Lack of End-to-End Encryption

While many apps on certain phones offer end-to-end encryption, the vast majority of apps – especially social networking – do not offer end-to-end encryption.

This is shocking considering the quantity of data uploaded to applications counting on the platforms’ employees use to access corporate data on their phones. A scarcity of mobile application security doesn’t bode well for you. It is just a one-step verification to encrypt your chat, document or any other data you share though a trustful application. By this you are saved from the supervision or data hacking from service providers.

How to Address Enterprise Mobile Security

Risk Assessment Strategy:

Mobile security begins with a mobile security risk assessment. This permits the association to name the risks that they are confronted with and the results if significant information and data are lost through malware infection, a framework crash or burglary.

Other potential threats that can be related to a risk assessment incorporate physical threats like vindictive harm, burglary, power blackout and additionally fire. Human errors like unintended information removal, input mistakes or mixed up data handling is additionally recognized.

Moreover, abuse from different vindictive exercises, for example, corporate undercover work is distinguished. The angles that ought to be considered are the people who have access to the information; people who utilize the web and email frameworks; the firewalls and hostile to malware arrangements; and appropriately staff preparing just as implementing mobile security.

Employee Education:

The best security against robbery or abuse includes the mix of an all-around educated staff, physical security and technical security. Characterized approaches ought to be executed into the framework and adequately introduced to the staff.

Consider these tips from a recent article, Tips to Secure Corporate Data with Remote Workers

  • Lock your device when they are not in use – even at home
  • Don’t leave company property unattended – Take your laptop with you to pick up your order at Starbucks.
  • Always be on the lookout – even a house guest could potentially make themselves at home on your company laptop.
  • Use privacy screens – Don’t let your work pique the interest of your neighbor.
  • Employees are responsible and accountable for company property – Treat it like it’s yours and protect your devices. Report any devices that are lost or stolen immediately.

Mobile Data Security System

Laptop PCs and hand-held gadgets are mainstream in today’s digitally-driven business world.  Yet, these mobile gadgets present more risks to the association since they are inclined to damage and theft. In this manner, for mobile data security, powerful safeguards should be put in place to prevent cybersecurity attacks.

Consider PREtect for your organizations’ cybersecurity easy button. With three security technologies in place and a team of security experts monitoring your systems, you’ll be able to significantly reduce your threat landscape.

Conclusion

With a large workforce and more and more of the workers become mobile, it’s vital to understand where you stand with mobile security. Start with a mobile security assessment. With Cybriant’s Mobile Security Risk Assessment, Our experienced assessment experts will help distinguish between ensuring corporate data is secure and respecting employee privacy. Each environment also brings with it unique use cases. Political and cultural considerations must be confronted to properly establish an effective policy.

Interested in Mobile Threat Defense Options?

Tips to Secure Corporate Data with Remote Workers

Tips to Secure Corporate Data with Remote Workers

In an unprecedented time in our lives, more and more workers are being asked to work from home because of COVID-19 or the Coronavirus. 

It’s important for everyone to take an abundance of precautions during this time. However, if your corporate cybersecurity policy is not in place, this could cause security concerns that could be detrimental to your business. 

secure corporate data

Take a look at the following suggestions to secure your corporate data with remote workers. 

Understand Remote Workers Needs

Remote workers will likely need to access your corporate network – do you have a process in place for them to do so? Do you require that your employees utilize a VPN to access your network, or are you focused on cloud technologies? What sort of internet capabilities do your employees have at home? Do you allow employees to use public WiFi? 

You can improve your company’s work from a home policy with the following: 

  • Make it easy to safely access your company network. By keeping it simple, your IT support team will be able to focus on more pressing issues.
  • Make support easy – password recovery, VPN access, etc. – ensure that your employees have access to quick answers for their security issues. 
  • Backups are vital. This is a great time to review your business continuity plan. 

In general, the higher you can move up the stack in remote access, the more secure you are going to be. 

Enforce Corporate Security Policies on Company-Owned Devices

While you should have basic IT controls in place, there are a few extra items to consider. Whatever your organization decides to enforce, be sure that it is simple – or your employees will skip it. If your security requires employees to take 50 steps, be aware that 47 of those will be skipped. 

  • Multi-Factor Authentication is key – Consider adding 2FA or MFA and make it mandatory on company-owned devices. 
  • Use cloud technologies – Cloud Technologies or SaaS products have evolved their security as more and more organizations have moved to the cloud. With a cloud data security policy in place, you can ensure that data protection even more. 
  • Implement robust password policies – Whether you decide to require a password manager or make sure employees change their passwords often, be sure they understand the importance of using different passwords for corporate instances compared to their personal needs. 

Physical Security of Company-Owned Devices

While it recommended that we stay in our homes during this time of social distancing, some employees may prefer a restaurant, coffee shop, or library to complete our work. Even if your employees are working from home, consider telling them to act as if they are still in their office environment. 

  • Lock your device when they are not in use – even at home
  • Don’t leave company property unattended – Take your laptop with you to pick up your order at Starbucks. 
  • Always be on the lookout – even a house guest could potentially make themselves at home on your company laptop. 
  • Use privacy screens – Don’t let your work pique the interest of your neighbor. 
  • Employees are responsible and accountable for company property – Treat it like it’s yours and protect your devices. Report any devices that are lost or stolen immediately. 
  • Don’t mix work and personal usage on company-owned devices. It’s tempting to let your kids use your company laptop or to send an email to your personal email from your work email. Your work machine should not be used for a family computer. While you may need to occasionally check personal email, this is an exception. If you forward a work email to your personal issue, you are opening yourself up to litigation issues that could open all your emails up to investigation.
  • No USBs – USBs are poor means of sharing data. CISOs should make sure you are able to share and collaborate data without using USBs. Restrict and monitor USB usage – there really is no need to use them. 

It will be easy for your employees to get lax on these policies, be sure to find a way to remind them of the importance of safeguarding their corporate data. All it takes is just one employee doing one wrong thing that could expose an entire company’s data. 

Beware of the Increase of Phishing Campaigns

The world is watching this unprecedented virus outbreak, and that means hackers are trying even harder to get your data. 

“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting,” according to Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration

Source 

Education should be a priority to ensure your employees are aware of the increase of potential phishing emails. Here are a few important items to consider: 

  • Be realistic – Your CEO probably isn’t going to email you from their Gmail account to request a large money transfer. 
  • Beware third-party supplier emails – Always verify that the requested information is from the actual source and isn’t a scam. Ensure that you have confirmed the requested information from other sources rather than clicking on the potential phishing email. 
  • Do not fall for a sense of urgency in potential phishing emails. 
  • Teach your employees how to inspect a link before clicking. 
  • Avoid opening email attachments that will open a macro – Consider the Ukraine Electric Grid attack.  Like most targeted attacks, the Ukraine power grid attack began with a phishing email containing a malware-rigged attachment. Read more
  • Don’t allow working remotely to reduce your communication – consider using Slack or Microsoft Teams to be able to chat with your coworkers quickly and easily. 

When you receive an email from an unusual source, always verify and then trust. Stop, think, don’t click that link. 

Protect Endpoints from Malware

Our main recommendation is to make sure your users have endpoint protection on their company-owned devices. Don’t let your users have a false sense of security – Not all computers are installed with endpoint security. No matter which endpoint protection solution you have, make sure it’s up to date and monitored consistently. 

When your workforce is sent to work from home, they have to work with what they have. Imagine having the potential of utilizing AI or artificial intelligence to be able to detect any potential cyber threats and your team has the ability to stop malware in its tracks – before it can do any damage. 

Consider Managed Detection and Remediation

Our expert security analysts monitor and record all the events that occur on your endpoints. Our team focuses on relevant threats that attempt data exfiltration or modification.

When files attempt to execute these suspicious processes an alert is triggered and the attack is halted in real-time. When a credible threat is detected, our system will retrieve the process history and our team will analyze the chain of events in real-time and determine the validity of the threat.

You’ll receive the alerts when threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat. Once identified, the malicious activity is immediately stopped in its tracks and our team guides you through the remediation. This remediation process provides astonishing insight into the data of the threat.

You’ll be able to help your organization reduce their attack surface by learning how you’ve been compromised. Learn more about MDR here. 

Conclusion

Review your policies and keep it simple – remember employees still need to be productive while working from home. Make sure your corporate systems are easy to use. When routines are upset, security is often an early casualty. 

A dose of prevention is always worth a pound of cure. Consider Managed Detection and Remediation and secure your remote workers today.

Learn More About MDR

Coronavirus Concerns + Increased Remote Workers | Secure Your Enterprise Webinar

Coronavirus Concerns + Increased Remote Workers | Secure Your Enterprise Webinar

COVID-19 is changing the way we work. With more work happening from home than ever in the history of planet earth, Cybriant has partnered with SentinelOne through our MDR service to ensure work anywhere is secure – in the office and at home.

Join our experts this Thursday, March 12th and learn how to keep your enterprise running without being affected by the cybersecurity consequences of workforce transition. We will outline the challenges and best practices for remote work, including:

1. Physical Security of Company Devices
2. Access To Company Networks
3. Authorizing Financial Transactions
4. Susceptibility to Phishing Campaigns
5. Protecting Endpoints From Malware

Register Today!

Webinar
March 12, 2020
10:00 AM Eastern Time (US and Canada)

Morgan Right

Morgan is the Chief Security Advisor for SentinelOne and a Senior Fellow at the Center for Digital Government. He has testified before Congress multiple times about the security of large government systems and is currently the chief technology analyst for Fox News Channel and Fox Business Network covering cybersecurity.

Chris Bates

Chris Bates is CISO and VP Security Strategy at SentinelOne. A 25 year cybersecurity veteran, Chris has led cyber programs in public and private enterprises. His philosophy is to manage risk while supporting rapid innovation and business scale.

Hosted by Yotam Guttman

Director of Marketing at SentinelOne

Outsourcing Your AlienVault USM Anywhere

Outsourcing Your AlienVault USM Anywhere

Many organizations use AlienVault USM Anywhere because it’s no longer a matter of IF, but WHEN you will be attacked. While this is a great tool, what if you want to outsource the monitoring of your AlienVault USM Anywhere? Find out how Cybriant can help.

What is AlienVault USM Anywhere?

If you have not heard about AlienVault USM Anywhere, “it is a cloud-based security monitoring platform, it combines the necessary security capabilities needed for effective threat detection, compliance management and incident response. USM Anywhere monitors cloud, on-premises environment and a hybrid cloud all from one pane of glass. People can sign on and start detecting security threats in just minutes, because it is delivered as a service.”

AlienVault® has introduced this comprehensive security management approach with Unified Security Management ™, the first USM product known as the USM Appliance™. USM Appliance become effective threat detection and response to the companies of all sizes, specifically for those with limited resources like time, budget, or staff.

Is AlienVault a SIEM?

AlienVault USM Anywhere is more than a single-purpose SIEM. Single-purpose SIEM software solutions and log management tools provide valuable security information, but often require expensive and time-consuming integration efforts to bring in log files from disparate sources such as asset inventory, vulnerability assessment, endpoint agents, and IDS products.

Once you have the data, you then must research and write correlation rules to identify threats in your environment. These challenges multiply as you migrate workloads and services from on-premises infrastructure to public cloud environments.

For today’s resource-strapped IT teams, the time and expense required to deploy a SIEM seriously delays their time to threat detection, and thus, return on investment.

Monitoring Cloud Environments with USM Anywhere

We have seen a number of tectonic shifts happening in the IT world, and these changes helped us to build a new product. Firstly, our consumers were moving their infrastructure to cloud, which was a trend in the past years.

Cloud providers such as Amazon Web Services and Microsoft Azure go far beyond the experimental phase. In early cloud infrastructure, early adopters were developers who wanted to bypass IT and build applications quickly, without being constrained by IT rules. Of course, when developers succeeded and started providing apps to the cloud, these experiments became a production environment that suddenly required all of their IT rules.

IT professionals who have inherited these cloud infrastructure environments have begun to seek solutions that monitor the cloud environment. Finding security tools that were truly designed to monitor threats in the cloud environment was difficult for them. You can monitor servers running in the cloud, but you don’t really “know” that you are in the cloud and monitor all new elements of the cloud environment that weren’t in the traditional cloud environment I cannot do it. Data center. In addition, it often does not work in cloud and on-premises environments. With this disconnect, IT security professionals need to implement two sailed security systems.

As a result, when we started our journey on cloud security, we realized that we needed to build something from scratch to natively and centrally monitor both cloud security and on-premises security. That is USM Anywhere. Each sensor has some common features for communicating with the USM Anywhere Secure Cloud, but most often leverages specific knowledge of the infrastructure built to monitor. For example, USM Anywhere is “aware” of AWS CloudTrail. Simply allow access from the sensor and your AWS environment will start searching for threats. The same applies to Azure.

The Move from USM Appliance to USM Anywhere

With the early success of the USM appliance’s integrated security approach, customers knew they needed a single piece of glass to monitor all critical infrastructure, so they made a big decision on how to deliver USM Anywhere. Faced Here is another big change in IT. Not only is infrastructure moving to the cloud, but in fact almost everything is moving to the cloud. In practice, most applications are software-as-a-service (SaaS) solutions, as SaaS vendors can achieve a single application scale economy that eliminates even the best performing IT shops. If provided, it will be more cost effective. That calculation also applies to security vendors.

Customers say they love USM appliances because they solve security challenges. USM Anywhere can be deployed faster and it is easier to use. And it offers the same critical approach to integrated security to address today’s rapidly evolving security challenges. As a result, you can start detecting threats faster while significantly reducing your total cost of ownership.

AlienVault USM Anywhere Benefits

AlienVault manages the USM Anywhere Secure Cloud so you don’t have to worry about system upgrades, uptime, scalability, or the security of the system itself. We handle them all for you. For that purpose, simply drop the sensor into your environment and log in to your USM Anywhere account to start managing incident response and security analytics.

The USM platform stands up to the most sophisticated, expensive, enterprise-level SIEM product – but is fast, affordable and easy-to-use. Plus, you get automatic threat hunting with continuous threat intelligence that fuels early threat detection so you can focus on fast response. AlienVault USM has helped thousands of organizations get these key insights, starting on Day 1:

  • Identify vulnerabilities like unpatched software or insecure configurations
  • Discover all IP-enabled assets on your network
  • Detect network scans and malware like botnets, trojans & rootkits
  • Speed incident response with built-in remediation guidance for every alert
  • Generate accurate compliance reports for PCI DSS, HIPAA, ISO 27001, SOC 2 and more

AlienVault USM Anywhere Pricing

When we talk about the pricing of USM Anywhere, it offers the most affordable prices which may fit to any kind of budget. By working with a certified partner like Cybriant, you will receive the best pricing and benefits.

AlienVault USM Anywhere Outsourced Monitoring

USM Anywhere detects malicious activity by correlating threat indicators, including the latest breach indicators that have contributed to the Open Threat Exchange community. But, how do you handle all the alerts that you receive? Is your team able to respond to those threats in a timely manner? Does ever alert need a response?

Before you can effectively monitor your AlienVault USM Anywhere instance, your SIEM needs to be properly tuned. Once tuned, you are able to filter out all the false positive alerts so you can focus on critical alerts.

Do you have staff that can monitor those alerts around the clock? Cybriant security operations center monitors AlienVault USM Anywhere instances for hundreds of clients. Many clients prefer the price level of AlienVault USM Anywhere but are then overwhelmed by the management of their SIEM.

Our primary expertise is with AlienVault. If you have any questions, about how we can help, let’s talk soon.

Why Cybriant?

Our team is committed to helping companies improve their security posture with our 24/7 Managed SIEM. From SIEM deployment to log management to incident response to filling a skills gap on your security team, Cybriant has you covered.

Our Managed Security Services helps businesses gain visibility, meet compliance, and lower overall IT Security costs. If you are looking for more than Managed SIEM, consider PREtect that covers all your cybersecurity needs.

Our services include:

  • Managed SIEM
  • Managed Detection and Remediation (MDR)
  • Comprehensive Vulnerability Management
  • Mobile Threat Defense
  • Assessments
  • Mobile Security Risk Assessments
  • vCISO
  • Incident Response and Containment Services

“The resources I get from Cybriant are very knowledgeable and get my issues fixed. They have the experience to solve my immediate problem and can make recommendations on how to avoid similar issues in the future.” – Security Analyst, National Insurance Association

Getting started with Cybriant is simple!  Contact us to set up a conversation with a valued member of our team.

 

Learn More About Our AT&T Cybersecurity Partnership