Computer and Server Behavioral Monitoring Software and Remediation – “Managed Detection and Response – MDR”. An MDR system is the latest layer of technology tools available to help limit and reduce cyber-attack damage, network intrusions, data theft and ransom events. This 24/7/365 monitored system is a requirement more and more insurance companies are requiring for coverage. This system is monitored by Network and Cyber Security Analysts 24/7/365 who have the ability to take a compromised system/s off line to prevent the threat from spreading across your whole Organization’s network. They then notify us to continue the remediation process. For situations where an intrusion takes place, it provides investigative logs and information to help track where the intrusion came from and what systems were affected. This then helps save time and money in rebuilding one or two computers or server versus a whole company network.
Today’s Ransomware events are not just about encrypting your data and making you pay a ransom to get it back, Hackers are also stealing your data which includes accounting files, personal and personnel files, and company documents which would include customer and client data, user passwords and access points, then charging you a ransom. Then if that ransom is not paid, they will release all of that information onto the internet.
First scenario: It’s 8:00 pm on a Friday night on the start of a Labor Day weekend, or it’s 8:00am on Christmas morning, or just about to strike mid-night on New Year’s Eve, everyone is enjoying their down time, spending time with family and friends, or celebrating a holiday. You go to check your email, or remote into your office to get caught up on some work, and nothing is working. Worse yet, the whole staff comes into work after that weekend or long holiday and all your systems are down with a ransom event. A Zero-Hour exploit/Virus was engaged and is now attacking a vulnerability in the Microsoft operating system that is running your Organization’s network, and your systems are all locked.
You come into work and find that if your Organization does not pay a $250,000.00 ransom in bitcoin within 72 hours, your files will be forever encrypted.
What is a Zero-hour exploit or Zero-hour Virus? COVID-19 was a Zero-Hour Virus, we knew nothing about it and it came at us from left field. With COVID-19, we didn’t have any vaccines, and we didn’t have any treatments. We didn’t see this virus coming, we didn’t know what it was, and we didn’t know the damage it could do. This is the same for Technology, unknown hardware and software bugs and coding can create doorways that hackers exploit to gain access, or use to create a virus that can utilize that exploit. These exploits are known as Zero-Hour attacks/viruses and allow hackers to gain access to your system. When they exploit those bugs and doorways, they can take over your systems, steal your company data, and many times, bypass all your security systems in place.
Second scenario: It’s 11:00am and you just opened an email that contained a PDF or spreadsheet you were expecting. You open the document, and it’s not what you expected and simply discard it. 20 minutes later, people start having trouble accessing the accounting system and network files. Unbeknownst to you, you just unleashed a newly released and cleverly designed malware to your Organization’s network that is now encrypting your system.
An Icon pops up on all the Organization’s computer screens saying if a $325,000.00 bitcoin ransom isn’t received within 48 hours, your files will be encrypted forever.
Third scenario: You are a Healthcare Provider storing Patient PHI, a Financial Institution holding Client’s account numbers, dates of birth, and financial net worth, a manufacturing company storing pricing, customer lists and propriety Client information , or Government contractor trusted with National Defense information. You are storing all of these items on your company cloud and on-premise servers.
A message pops up on your screen saying if you do not pay a $250,000 ransom in bitcoin in 24 hours, your data will be released on the internet for public review.
These three scenarios are not just a movie or TV show scenario, a bad dream, or something you heard that happened to someone else, these are all situations that play out today in real time, every day and are some of the biggest fears we face today.
MDR Systems are a subscription-based system that installs on every workstation and server on your network. The MDR system then integrates into your existing Network and Cyber security systems such as your: Workstation and Server agents, Anti-Virus, Anti-Malware, Network Switches and Firewall. MDR systems also integrate into both your Cloud based and On-Premise Servers, as well as your Cloud based Microsoft Email systems to help protect those highly attacked resources as well as your connections to your on-premise systems.
The MDR system monitors for suspicious activities and then alerts a high-level Security Analyst who then investigates the behavior. If it’s determined there’s a threat to your Organizational technology, they can take steps to remediate that threat as well as removing and isolating that system or server from the network to help lessen the impact on the Organization. These systems are becoming another mandated security level addition for insurance coverage.
Call Cycrest for pricing and additional information at 509-747-9275