If there is one thing we can learn from the virus pandemic, cybersecurity can never be put on the back burner. The crisis taught businesses a valuable lesson … organizations had to act with a faster level of speed and capability than ever before. And that rate of acceleration for security transformation isn’t about to slow down in preparing for future unexpected disruption.
The virus crisis was unprecedented … it created the perfect storm.
On one hand, countless companies across the country entered uncharted territory implementing a fully remote workforce where thousands of workers were using their computers, tablets or mobile phones to access company networks outside the safety of secure office environments. At the same time, cybercriminals were ratcheting their attacks on work-from-home workers because they knew endpoints are easy entry points to infiltrate a network. Today’s attackers are using fileless malware, zero-day exploits and advanced persistent threats in their attacks. Many organizations quickly discovered their traditional anti-virus and prevention protection measures were no match against these sophisticated attacks.
Endpoint Protection for Remote Workers
Working with thousands of customers, Magna5 knows what’s keeping IT leaders up at night. Lack of visibility into endpoint devices, poor detection capabilities to respond to cyber threats quickly and lack of IT staff time to regularly update patches are leaving many organizations unprepared to protect their networks. We asked Matt Kimpel, Director of Cybersecurity Engineering, to give us some insight into the dilemma many companies are facing.
“Most companies still only have anti-virus protection on their endpoints, but they don’t have adequate visibility into their networks to know what’s happening,” said Matt Kimpel, Director of Cybersecurity Engineering. “With the increase need of a work-from-home workforce, Magna5 uses a multi-layered defense approach combining prevention, detection and response, and wraps it with managed monitoring services to complement the stack.
“Magna5’s Endpoint Security monitors your workstations and servers for sophisticated malware and evolving cyber-attacks. It provides visibility into your endpoint activity to quickly detect and mitigate advanced threats before they reach and jeopardize data across your organization. No matter where your employees are working, endpoint security can safeguard your network infrastructure with real-time detection and response.”
Matt gives us an example where real-time response and detection can make a difference.
A transportation customer had suffered a sophisticated phishing attack where a cleverly crafted email asked readers for their credentials to access an external portal. The link took them to a fake Office 365 landing page where the attacker could obtain the users’ credentials. Using a PowerShell fileless malware, once the attacker had their username and password from one machine, the path was set to compromise other machines. The attacker used the credentials to access the victim’s email remotely and signed into the company’s remote client VPN, both of which did not have multi-factor authentication.
Once the attacker obtained a domain administrator credential set found on the patient zero, the attacker launched an attack on the entire network, including the VPN users working from home. Ultimately, the customer suffered a major disruption on more than 200 workstations and servers, with a trojan horse designed to exfil data before deploying ransomware to encrypt the machines. The ransomware kept their environment offline for over a week while remote users were unable to work. As a result, the company endured data loss, revenue loss and reputation damage.
While the company had network firewalls, anti-virus and email protection, the issues were caused by prevention failure, no capabilities to detect intrusion and no access authentication in place.
Acting as a virtual CISO, Magna5 applied a multi-layered approach to safeguard their network. To address their email protection failure, Magna5 implemented managed email protection proven to stop phishing attempts. To resolve the anti-virus shortcomings, Magna5 implemented its Endpoint Security bundles to address missing patches and replaced their anti-virus with an endpoint detection and response tool. This allowed proactive detection of attacks, such as fileless malware, with additional capabilities to rollback a machine state after malware has been detected and auto-quarantine an infected machine off the network.
They also implemented a threat hunting tool on all endpoints that allowed Magna5 to detect activity that can be missed by prevention tools. This will identity future persistent threats within a patient zero’s registry. In addition, Magna5 implemented several features around credentials and password polices while setting geographical blocking rules within their Office 365 environment and on-premise firewalls. Magna5 is now monitoring their endpoints 24×7, no matter where they are located.
“In today’s cyber war, you have to be proactive to stay ahead,” said Matt. “Our team of security experts take care of organizations by watching their networks around the clock. Centralized visibility and monitoring alerts us to what is exposed on company networks so we can actively detect and respond to incidents before they impact an organization’s operations.”
Wondering how you can better protect your endpoints to stop cyber risks? Download our free Endpoint Security mini-booklet to learn more.
Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.