Contact Us:

sales@sadasystems.com
+1 818 927-3660


security blog picture

Consider These Cyber Security Insights Before It Is Too Late

security blog picture

Protect. Detect. Respond. Before it’s too late.

As National Cyber Security Awareness Month is coming close to an end, I wanted to provide some tips and best practices around security in the hopes of helping to raise awareness, reiterate, remind and prevent.

With so many widespread breaches and attacks in the cybersecurity world, it is very clear that security is no longer just an IT issue but a CEO issue. Consumers and organizations as a whole have become so vulnerable to exposed information that the gravity of the situation is oftentimes, overlooked.

Let’s take a look at the Equifax attack, for example. It took a while for the company to even realize that the intrusion was widespread. Then it took an additional six weeks from when the breach was discovered for them to inform the public, according to leading news sources. Moreover, it’s highly likely that it took even longer for them to see any suspicious activity in their environment. Experts report that on average attackers reside within a victim’s network 200 + days before being detected.

It’s not a matter of “IF” but “WHEN”

With growing concerns around cybersecurity, organizations have an immense need for more comprehensive solutions to fight against different threat vectors.

Here are some frequently asked questions that security operations professionals across industries are asking.  

  • How do I provide a comprehensive approach for combating compromised accounts?
  • I don’t have any way to provide intelligence and automatic enforcement. What do I do?
  • How can I provide an auto-remediation (automatic action) mechanism against unknown attacks (new attacks)?
  • How do I overcome continuous false negatives or false positives so that my solution doesn’t become just another overlooked asset in the organization?
  • How do I reduce the time between Detection and Response, and how do I detect it before it actually causes damage? Or, how do I prevent it altogether?
  • How do I get industry and profile specific insights for added protection, as well as have visibility into global trends and threat vectors that other organizations similar to mine are seeing?
  • How do I manage multiple solutions without my admins getting overwhelmed? I need a holistic solution for a continuous remediation cycle.

Look at what is taking place with some of the largest industries out there. Organizations just can’t afford to wait anymore. With such large-scale breaches shaking the nation,  hackers are gaining access to consumers’ sensitive personal information, now more than ever before. Scammers are continuously looking for ways to compromise corporate accounts and gain access to company assets. Whether it’s using large corporations like Equifax as an avenue to trick people with phishing attacks or, unfortunate natural disasters and mass attacks to solicit faulty donations for victims. In a study of 905 phishing attacks, the vast majority—91 percent—were after user credentials. Why? Because credentials are the best way to get at the heart of any organization. 63% of the confirmed data breaches in 2015 involved leveraging stolen passwords.¹ The ultimate goal of credential access is for financial gains.

What to do?

When considering different security solutions in the market and the growing pains specifically around exploited credentials, it is important to take a more holistic and comprehensive approach to fighting attacks. There are so many security solutions that help address one problem at a time, or otherwise are perimeter-focused, but they don’t necessarily encompass a holistic and integrated security posture. This leaves room for significant gaps. With more and more companies moving towards the cloud, the mindset of “integrate where possible and where it makes sense” is very important in addressing top growing concerns for C-level executives. It’s imperative to approach security issues with this mindset to ensure a successful security implementation.

Who can help?

As CEO of Microsoft, Satya Nadella noted, “Microsoft is the biggest security company you’ve never heard of – and the breadth and strength of our security platform is proof. As a company, Microsoft spends over $1B each year on security R&D and integrating new breakthroughs into the products and services customers rely on every single day.”

 

At SADA Systems I have been working with Microsoft solutions for almost a decade and had the opportunity to see Microsoft’s cloud services evolve and grow. Their breakthrough solutions span across:

Platform – This includes Identity, Devices, Apps, Data, and Infrastructure. Beyond the platform and endpoints, these solutions are empowered by intelligence.
Intelligence – This is where Microsoft has a unique advantage. Leveraging the rich set of all the signals that Microsoft sees across endpoints, enormous mail flow traffic, authentication requests to Azure Active Directory (~450B authentication requests each month), and Windows devices, Microsoft is able to extend the platform capabilities with an Intelligent Security Graph and partner broadly with the industry. With recent advancements in the Microsoft 365 stack, there are significant security and compliance capabilities that empower every organization and provide visibility into some of the most sophisticated attacks out there.

Holistic. Innovative. Intelligent.

  • Microsoft’s Identity-Driven Security
    • Protect your resources by enforcing Multi-Factor Authentication and Conditional Access control capabilities.
      • Extend Conditional Access capabilities with Risk-based Conditional Access by assessing the session Sign-In Risk (High, Medium, or Low)
      • The Sign-In Risk is the likelihood that a sign-in attempt was not performed by the legitimate owner of a user account.
    • Conditional Access protects against suspicious logins and compromised credentials using machine-learning based identity protection
    • Powered by Azure Active Directory Premium and Azure Identity Protection provides security reporting and monitoring (access & usage)
    • Automatically elevates access requirements/challenge layers based on incoming session risks
  • Office 365 Advanced Threat Protection
    • Protect your environment when users click malicious links
    • Get rich reporting and track links in messages
    • Protect against unsafe attachments (zero-day protection)
    • Attachment and Link content detonation
    • Heuristic clustering
    • Safe Links deeper integration with Windows 10
    • Safe Attachments integration with Windows Defender AV and Windows Defender ATP
    • Office 2016 integration with Safe Links
    • Protection against malicious links in documents
  • Microsoft Intune
    • Prevent data leakage from mobile devices with DLP functionality for Office 365 Apps and help auto-identify suspicious or compromised endpoints
    • Block and quarantine suspicious devices ensuring that confidential information stays secure
  • Azure Information Protection (AIP)
    • Guard data against users error by creating granular-level policies and tracking file usage and change permissions
  • Cloud App Security (CAS)
    • Driven by vast amounts of Microsoft threat intelligence and security research data detects any deviations from baseline, policies, or behavior, and notifies any attempts of unauthorized data access
    • Aids in deploying new controls and blocks risky applications, and tags applications as sanctioned or unsanctioned
    • Along with Azure Information Protection, Intune CAS provides capabilities of revoking unauthorized access to documents or performing selective device data wipe
  • Microsoft Advanced Threat Analytics (ATA)
    • Identifies attackers in an organization using innovative behavioral analytics and anomaly detection technologies for an on-premise environment
  • Windows Defender Exploit Guard
    • Windows Defender Exploit Guard utilizes the capabilities of the Microsoft Intelligent Security Graph (ISG) and the world-class security research team at Microsoft to identify active exploits and common behaviors to stop these types of attacks at various stages of the kill chain.
    • With the recent acquisition of Hexadite, Microsoft is strengthening its Windows Advanced Threat Protection offering by adding artificial intelligence-based automatic investigation and remediation capabilities, making a response and remediation faster and more effective. With Hexadite, WDATP will include endpoint security automated remediation, while continuing the incredible growth in activations of WDATP, which now protects almost 2 million devices.

Interested in learning more about how to best assess your security pain points? Chat with one of our cloud security experts during a complimentary Security Assessment.

"[Get“/>

* Certain eligibility requirements must be met.

References:
1) Verizon’s 2016 Data Breach Investigations Report

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

×

×

×

×

×

×

×

×

×

×

×

×

×

×

×

×

×