27 Feb / 2023
As the security industry adapts to match the ever-evolving technology used by cyber-criminals, businesses must be quick to follow suit. Sophisticated attacks demand sophisticated protection. Reactive security solutions can no longer protect you.
By using separate protection solutions for individual problems, you leave unprotected areas of your business wide open to attack. Without unlimited resources and overhead, it’s near impossible to have the capacity to catch everything in-house. That’s where an MDR service provides the advantage.
Businesses without an MDR solution took an average of 74 days longer to respond to and contain data breaches in 2022. With dwell time at an all-time low, those days could be the difference between dissolution and restoration, as well as millions of dollars in financial penalties.
The following examples are real-life situations we have seen with customers. In each situation, the business involved thought they were protected, but their existing security protection controls ultimately let them down.
1. Compromised mailbox
A Secure Email Gateway (SEG) is an effective protective control to stop phishing attacks however there are examples when they fail. We discovered a user had erroneously released a malicious email from their email quarantine, and then entered their account details into the phishing landing page. In this scenario the SEG did its job and stopped the initial attack although it was unable to stop the user from entering their credentials which ultimately lead to business email compromise.
Fortunately, this client had MDR and we instantly detected multiple, concurrent logins from the same compromised user account which originated from separate, geographic locations. Based on this attacker behaviour we immediately locked the user account, commenced incident response which stopped the threat attacker from taking any further action. If not for MDR this client would have suffered a serious breach.
Our true MDR service leverages technology along with a lead security analyst who works in partnership with your team. Together, you define the playbooks to respond appropriately to every incident, every time.
2. Malware bypassing your endpoint protection
We have encountered increasingly sophisticated attacks while onboarding new clients. This includes those with next-generation endpoint protection. Siloed protection is not effective, modern malware can bypass endpoint security controls.
An MDR service can detect unusual behaviour across your entire network, even if it has bypassed traditional security systems. Using a human-led approach, analysts reverse engineer system vulnerabilities and malware to continuously test and improve their understanding of your hackers’ intent.
Most security protection technology alone does not have the capacity to detect threats until they have already proven your system’s weakness. The combination of best-in-class AI, security monitoring technology and expert interpretations allows a comprehensive MDR service to accurately predict malicious activity before it occurs.
3. Malicious activity on unpatched servers
Before attacking, some cybercriminals carry out enumeration on a remote staging site. Hackers create these sites to study your network and operations. If successful for long enough, ransomware teams use these to scope out high-value files and plan highly strategic attacks.
By exploiting system vulnerabilities, these teams can easily go undetected by traditional security software. If left to monitoring technology alone, your business’ confidential documents may be ransomed before you even detect a threat.
A true MDR service can isolate and remediate before an attack because there are real humans armed with the data. Bespoke methods such as the deployment of specialised alert canaries bait out malicious intruders and protect your confidentiality.
Cythera’s human-led MDR service is powered by Rapid7’s InsightIDR, InsightConnect and Threat Command. Cutting-edge AI paired with Australia’s sharpest technology engineers offers the most proactive protection against cybercrime.
Tech and human intelligence work symbiotically to detect threats faster and respond to them more accurately. This includes minimising false positives, automating common incident responses and optimising responses to more complicated incidents.
Using Rapid7’s advanced monitoring and automated response capabilities, your single point of contact – an Australian-based senior analyst from Cythera – has a wide view across your entire organisation and can detect over 1000 forms of attacker behaviour in log intelligence files. Cythera defines your playbook and discovers exactly how to respond, every time.
Rapid7 believes in simplifying the complex through shared visibility, analytics, and automation that unite your teams around challenges and successes of cybersecurity. Their technical vision perfectly underpins our human-led approach to deliver unparalleled protection against cyber-security threats.
Cythera offers a range of flexible commercial options to provide cost-effective, comprehensive security solutions to help you get the most out of your technology investments, while providing 24/7 security protection. A quick chat is all it takes to start your journey towards faster and more effective incident response.
The greatest security toolset you may not be using : Visibility
The Cythera security operations team has detected and responded to several security incidents with our clients over the last few weeks and a com…Read More
Fortiguard Firewall heap-based buffer overflow Vulnerability
Fortiguard Firewall heap-based buffer overflow Vulnerability CVE: CVE-2022-42475What is Vulnerable: FortiOS version 7.2.0 through 7.2.2 Forti…Read More
Top cyber-attacks of 2022.
2022 has been a year like no other for Australian businesses experiencing cyber attacks. With high-profile cases such as Optus on the rise, it i…Read More