Cloud 9 Advisers - News #endpoint protection

Always-On Endpoint Management

Tue, 14 Nov 2023 13:06:11 -0500

Always-on endpoint management is a must-have

Always-on endpoint management is a must-have for enterprises today.

In a world where employees are increasingly working from anywhere and on any device, it's more important than ever to have a solution in place that can manage and protect all endpoints at all times.

Here are just a few of the benefits of always-on endpoint management:

Improved security: Always-on endpoint management can help to protect your organization from cyber threats by providing real-time visibility and control over all endpoints.
Reduced downtime: By proactively monitoring and managing endpoints, always-on endpoint management can help to reduce downtime and keep your employees productive.
Increased compliance: Always-on endpoint management can help you to comply with industry regulations by ensuring that all endpoints are configured and patched correctly.

If you're not already using an always-on endpoint management solution, here are a few things to consider when choosing one:

Comprehensive endpoint visibility: Make sure that the solution you choose provides comprehensive visibility into all endpoints, including laptops, desktops, mobile devices, and IoT devices.
Real-time monitoring and control: The solution should also be able to monitor and control endpoints in real time, so that you can quickly respond to threats and incidents.
Security automation: The solution should be able to automate many common security tasks, such as patch management and vulnerability scanning.
Compliance reporting: The solution should also be able to generate reports that can help you to comply with industry regulations.

Cyber Readiness

Click the button below to schedule your appointment and learn more about our Cybersecurity Readiness Report - custom tailored recommendations and roadmap for your business and your needs

Book now

Technology Sourcing

Cybersecurity can be complex, but getting the right strategy and solutions in place doesn’t have to be. Cloud 9 Advisers will provide you clarity so you can make quick and confident IT buying decisions. We help decision-makers make smart IT investments.

Get Started Now

EDR, XDR, and MDR

Tue, 17 Oct 2023 17:49:19 -0500

EDR, XDR, and MDR: What are they and why are they important?

As one piece to a larger cybersecurity puzzle (strategy, plan, and ultimately, framework), EDR, XDR, and MDR are all cybersecurity solutions that help organizations detect and respond to threats. However, they have different features and capabilities.

Importance of EDR, XDR, and MDR

EDR, XDR, and MDR are all important cybersecurity solutions, but the best solution for an organization will depend on its specific needs and budget.

Organizations with limited resources may want to consider EDR. EDR solutions can be effective at detecting and responding to threats, and they are typically more affordable than XDR and MDR solutions.

Organizations with more complex needs may want to consider XDR or MDR. XDR solutions can provide a more complete view of threats and can automate threat detection and response. MDR solutions can provide organizations with 24/7 monitoring and threat response, which can be helpful for organizations with limited security resources.

What are they?

EDR (Endpoint Detection and Response) is a software solution that collects and analyzes endpoint data to detect and respond to threats. EDR solutions typically collect data from endpoints such as Windows Event Logs, Sysmon logs, and file system changes. They use this data to identify suspicious activity, such as malware infections, unauthorized access, and data exfiltration. EDR solutions can also be used to block threats and remediate incidents.

XDR (Extended Detection and Response) is a more comprehensive approach to EDR that collects data from a wider range of sources, including endpoints, networks, cloud, and user behavior. This allows XDR solutions to provide a more complete view of threats and to respond more effectively. XDR solutions typically integrate with other security tools, such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response), to automate threat detection and response.

MDR (Managed Detection and Response) is a service that provides organizations with 24/7 monitoring and threat response for their endpoints. MDR providers typically use EDR or XDR solutions to collect and analyze endpoint data. They then use this data to identify and respond to threats on behalf of their customers. MDR providers can also provide additional services, such as threat hunting, incident response, and compliance reporting.

In summary, the key differences between EDR, XDR, and MDR are:

Scope: EDR focuses on endpoints, while XDR collects data from a wider range of sources. MDR is a service that provides 24/7 monitoring and threat response for endpoints and other key components of the network.
Capabilities: EDR can detect and respond to threats, but XDR has more comprehensive capabilities, such as threat hunting and incident response. MDR providers can also provide additional services, such as threat hunting and compliance reporting.
Pricing: EDR solutions are typically priced per endpoint, while XDR and MDR solutions are typically priced per organization.

The best solution for an organization will depend on its specific needs and budget. Organizations with limited resources may want to consider EDR. Organizations with more complex needs may want to consider XDR or MDR.

Here is a table that summarizes the key differences between EDR, XDR, and MDR

Feature	EDR	XDR	MDR
Scope	Endpoints	Endpoints, networks, cloud, user behavior	Endpoints
Capabilities	Detect and respond to threats	Detect, respond, and hunt for threats	Detect, respond, hunt for threats, and provide 24/7 monitoring
Pricing	Per endpoint	Per organization	Per organization

Why should every company have either one, two, or all three solutions in place?

No matter what size or industry, every company should have well-thought-out cybersecurity solutions in place to protect against threats. Back in "the old days" the name of the cybersecurity game was prevention (only) - if you had a strong perimeter, then you're good! That thought process has shifted rather dramatically, because we know they'll get it regardless. Today, to protect yourself, you must first be able to detect those threats first in order to respond. EDR, XDR, and MDR can all help companies to detect and respond to threats effectively.

EDR is a great foundation for any cybersecurity strategy. Many will argue that EDR should be the first step. It can help to detect and respond to threats on endpoints, which are often the first target of attackers - especially considering so many remote/hybrid staff with access to company data.

XDR can provide a more complete view of threats and can automate threat detection and response. This can be helpful for companies with complex IT environments.

MDR can provide companies with 24/7 monitoring and threat response, which can be helpful for companies with limited security resources.

A typical company should have one, two, or all three of these solutions in place depending on its specific needs and budget. For example, a small company with limited resources may only need EDR. A large company with a complex IT environment may want to have all three solutions in place.

Company type	Best solution
Small company with limited resources	EDR
Medium-sized company with moderate resources	EDR and/or XDR
Large company with complex IT environment	EDR + XDR and/or MDR

It is important to note that this is just a general guide. The best way to determine which solution is right for your company is to consult with a vendor-neutral, unbiased cybersecurity expert.

Remember: if your company can only afford one cybersecurity solution, make it EDR

Readiness Report

Schedule a security interview with one of our experts, then in a few days, we'll generate a custom, 50 to 100 page Cybersecurity Readiness Report you can use as a playbook for your security strategy.

You can even use the report as ammunition for your case to get your security budget passed.

Book now

Security Experts

About Cloud 9

Cloud 9 Advisers, LLC was formed as a client-facing, business-to-business agency/firm in 2017 with the goal of forever changing the way businesses buy AI, cybersecurity, contact center, and other important IT-related services and solutions: faster, better, less formal, and with the high-quality due diligence and integrity that all companies expect.

Technology Sourcing Experts

Supplier Spotlight: Vigilant Technology Solutions

Wed, 19 Feb 2020 12:13:14 -0500

Malware Found on Patient Medical Monitoring Devices

by: Vigilant Technologies and David Dickmeyer

Cloud 9 Supplier Spotlight: Vigilant Technology Solutions

Vigilant helps you avoid catastrophe by giving you full network visibility to see threats 98-days sooner than the industry average!

Why, does it seem that companies are falling victim to hackers left and right? To add insult to injury, these are not ordinary companies we are talking about. They are companies ranging from Fortune 500s and major retailers to banking institutions, all with very large security budgets intended to maintain the security of their customer’s data. These incidents lead organizations to ask themselves three important questions

If all of these companies are compliant with industry regulations, how is it they are still so successfully attacked?
With security budgets of giant companies in the millions, how will I ever be able to afford protecting myself?
If Firewalls, logging, and AV are getting better all the time, how do these attacks go undetected?

CyberDNA is a managed network security monitoring service from Vigilant LLC. and successfully reduces the overall cyber risk to an organization by proactively monitoring the customer’s network for signs of anomalous activity that could be indicative of an active compromise, misconfigurations, or other notable security risks. To allow customers to see the added value of CyberDNA over and above industry leaders, Vigilant offers a proof-of-value, free trial period, which produces a detailed threat report of our findings. This written report contains the findings from that free trial and highlights the value of having a fully managed continuous network security monitoring service.

Why your Network Loves Ebola

The headline might seem a bit dramatic, but there really is a correlation between diseases, how (and when) they are treated, and how your network and company data are protected – specifically, how antivirus works.

Modern medicine is amazing. It seems like every other week another news story comes out about some major breakthrough, some miracle treatment for a disease once thought to be incurable. It has become so commonplace, in fact, that we often find ourselves scratching our heads, impatiently wondering why all disease can’t simply be cured.

We’ve become so accustomed to miraculous breakthroughs that it takes something extraordinary – a disease of incomparable fear - to make us take notice. In the 1940s and 50s, it was Polio. In the 1980s, it was HIV and AIDS. Today’s scariest threat is Ebola.

More recently, we’ve observed the spread of Ebola throughout sub-Saharan Africa. What started as a couple isolated cases quickly spread to dozens, dozens begat hundreds, and hundreds were quickly morphed into thousands.

But this is the where the cold, hard truth of modern medicine comes into play. While seemingly miraculous to the yet uninfected, the discovery and synthesis of treatments for some of our most troublesome and problematic medical disorders comes at the ultimate sacrifice of those unlucky enough to have been exposed before us. How many thousands died of HIV and AIDs before a cocktail of drugs was identified to control its symptoms? How many children were left stricken with Polio before Jonas Saulk synthesized his vaccine?

Ebola is no different. In order for people to be protected from Ebola, other people, unfortunately, need to get sick and often times die from it. It’s in this critical mass of early sufferers that treatment will be found. As more people get sick, more opportunities for study arise – more opportunities for testing treatments.

This phenomenon is the same with most modern-day “cyber-diseases". And the “cures”, like antivirus, next-generation firewalls, or intrusion detection and prevention solutions, all come from a method called signature-based detection. Signature-based detection at its core is the data security equivalent of antibiotics and vaccines. It is a treatment for an illness that has already infected many others – hopefully before you. But, like many vaccines, it isn’t necessarily responsive. Other networks had to be infected with the disease first before any of the technologies had the ability to detect it. Therefore, widespread detection capabilities are merely reactive. They are only designed to discover known threats and if it doesn’t know about them, it can’t detect them.

Our largest challenge as defenders and cybersecurity professionals is that threats are constantly changing. Hackers are targeting companies with specific tactics – tactics designed for exploiting an individual system, organization, or end user – not just widespread threats. It’s like a disease designed specifically to make you and only you sick. There’s no way to benefit from others prior illness. Signature based detection, which gives many network administrators a sense of security, is certainly good to have, but it’s only one layer of security – and not a terribly effective one on targeted attacks.

Targeted tactics are why hackers can infiltrate and remain inside organizations undetected for up to 215 days on average and why big organizations are struggling to defend against them.

Protecting your network and data today requires multiple layers of security and the ability to identify any abnormality – often the symptoms before a diagnosis. Network visibility is the essential prerequisite to effective security.

Case Study: Malware Found on Patient Medical Monitoring Devices

Vigilant was engaged by a Healthcare Provider who was experiencing a sudden and extreme drop in bandwidth within their infrastructure. Their IT staff had been working on the problem for two weeks without any detection or artifacts of the problem visible in their existing IDS/IPS or logs. Something was eating up their bandwidth and bringing them to a grinding halt. Upon starting the engagement, Vigilant installed its CyberDNA sensors that would give the best ability to collect all traffic traversing the customer network.

CyberDNA is agentless, meaning there is no software loaded on any customer devices, which also ensures that the attacker is not aware of the monitoring device/service. This further reduces the risk of any potential attacker’s countermeasures. We strategically placed our sensors in a manner that will not alert the attacker of our presence while still allowing full visibility. The remote attacker has to travel across the network at some point on their way out to the internet. This allows for an interesting vantage point of our detection and monitoring tools as no matter how the attacker tries to conceal themselves they still have to travel on the network and are detectable by the CyberDNA sensors and the Vigilant analyst team. Vigilant’s approach gives immediate visibility and can inform a customer in real-time about what is happening in the deepest parts of their network. It’s like turning on the lights late at night to see if there is a monster in the room, although you hope there isn’t one. If there is, however, now you know and can take appropriate actions. Within minutes of turning on Vigilant’s CyberDNA service, our analysts were able to detect that multiple heart monitor devices at one of the hospital’s remote locations were running an embedded operating system infected with a botnet known as Conficker. They may never have known what was going on or that they were on heart monitors hooked up to patients however the attackers were using these devices to attack other locations on the internet and brought down the hospital’s network in the crossfire. There were two problems here, first, the Conficker worm was bringing their network down, and second, the devices were running outdated and non-compliant operating systems that were connected to patients.

While the Conflicker worm, sometimes referred to as Downad, was first discovered over 12 years ago in November of 2008, many recent reports show that it is still highly active and is the worm that just won’t die. At its peak Conflicker managed to infect over 9 million systems worldwide, making it one of the most prolific malware of its day.

When using third-party software or devices like Point-of-Sale (POS) systems in retail, medical devices in healthcare, door-entry and other “smart” sensor systems in buildings, etc. businesses are at the mercy of the vendor’s level of security--or, the weakest link in the chain. If the vendor makes a mistake it can cost you. Vigilant CyberDNA gives you visibility into these devices without needing to have additional agents installed. By doing this we can show you all software and operating systems running on your network. We keep your vendors honest about security and greatly reduce your risk and exposure.

This attack was carried out by tactics that Vigilant detects every day. Without the visibility that Vigilant brings it would have likely gone undetected in this victimized organization because their other advanced detection tools simply couldn’t see it.

Summary:

The patient medical devices running an embedded operating system were first infected with Conficker behind the hospital firewall and were later activated.
The effects of the infected devices caused a sharp decrease in bandwidth across the hospital's network resulting in applications being rendered unusable.
All previously installed and active IDS/IPS and detection methods available within the hospital network did not see or know about the outdated operating system nor the Conficker infection.
CyberDNA was placed, agentless, within the environment and immediately detected both the non- compliant OS and that Conficker was the source of the bandwidth draw.
Vigilant’s analyst team notified the customer of the infected systems. The customer removed the systems from the patients, cleaned them and notified the manufacturer of the vulnerability.

About Vigilant

Vigilant Technology Solutions is a cybersecurity firm based out of Cincinnati, Ohio providing security detection and prevention solutions. Vigilant is strict in it methodology of separating threat detection from threat prevention, using two tools: CyberDNA and MEP (Managed Endpoint Protection). Remarkably affordable and extremely effective, we work with businesses of all sizes in all industries. Vigilant is particularly effective with businesses in heavily regulated industries like finance and healthcare and we actively work with numerous Fortune 500 companies around the world, Vigilant has been operating since 2009, is privately held (and will remain so) with no outside investment funding.

Vigilant helps you avoid catastrophe by giving you full network visibility to see threats 98-days sooner than the industry average.

Learn More

Contact Cloud 9 Advisers to see if Vigilant and their CyberDNA (detection) or MEP (protection) security solutions are right for your business. Cloud 9 Advisers is 100% vendor-agnostic. If Vigilant is not right for you we'll help steer you to the right company and solution from over 200 service providers in our curated Supplier Portfolio

Contact Cloud 9

Supplier Spotlight: Vigilant

Wed, 19 Feb 2020 12:11:15 -0500