Fortunately, at the time of writing, we cannot yet speak of war in our country. Or can we? That depends on your definition of “war.” Even within our region, companies are under constant attack. Hackers from all over the world have free access to not only our public IP addresses, but they can also send mail to any of us. You don’t even have to distinguish between personal or business related mails.
The intention of these hackers is usually to make money, but sometimes there is also a political motive behind it. It is very difficult to find this out, let alone prove it. The type of company and the consequences can raise some suspicions though.
Regardless of what they have in mind, the consequences are rarely minuscule.
That is why we have all kinds of shields set up such as firewalls, email security and endpoint protection. The weakness of humans is exploited to gain themselves an access to the computer – with the network connected to it – through a backdoor. If you can’t count on the alertness of that user, how can you count on him or her to report his or her mis-click?
What we are looking for is a kind of camera system that detects and records every movement in the network. By making correlations between different actions, suspicious patterns can be recognized.
Something more technical…
Mitre Att@ck is an American organization that closely monitors and maps the actions of hackers. An attack technique is a combination of various – in itself seemingly harmless – commands, most of which are also used by sysadmins.
Before encrypting an entire network, hackers search their way around a network, map out where the backups are, which servers are important and so on. Between the initial contact and the effective encryption, days, weeks and sometimes months go by. The key is to detect the hacker before the encryption happens but also before he had a chance to upload data.
The detection of these techniques, usually takes place in an EDR or XDR product. (Endpoint/eXtended Detection and Response) This piece of software that is sometimes an extension of an existing endpoint protection or sometimes an entirely separate product, acts as a kind of probe that stores every activity in an on-computer and/or cloud based database. The latter is usually called datalake. Depending on the product, you can immediately and automatically assign actions to certain triggers or you can program queries to generate alarms.
When comparing these products you will see that some AI based endpoint protection software can block multiple actions even before EDR has had to catch them. When we talk about the term XDR, we see that the interpretation can also be different.
Suppose the system makes a detection that is almost certainly related to the presence of a hacker, then the desire is to remove this hacker from the network. The EDR tools will block the activity whether or not the hacker logs off, however, that does not guarantee that the hacker has not already installed loopholes. The hacker might have realized he was caught and accelerated the encryption process. Consequently, quick action in defense is appropriate. It is not obvious for everyone to free up the necessary resources at any time of the day or on weekends.
The technical teams of the involved vendors are trained for this and are ready 24×7 to carry out the effective countermeasures. We speak here of MDR, Guard or whatever the vendor wishes to use as a name for the service.
In 2015, Surfright – the company behind Hitman Pro – was acquired by Sophos. Soon Sophos emerged as one of the most progressive players in the endpoint protection market and excels in Gartner’s leaders quadrant. With the addition of XDR, you can start a scavenger hunt through the history of movements in the network. No hacker can stay under the radar. With the addition of MDR (Managed Detection and Response) Sophos keeps an eye on your network 24 x 7.3
Threat Hunting for detecting cyber threats with your cyber security team can be offered with Barracuda XDR. This platform is in MSP form with integrations for endpoint, email, network and server security.
For threat hunting and threat responding, Barracuda Managed XDR is an open extended detection and response (XDR) solution that combines advanced technologies with a team of security analysts in our Security Operations Center (SOC).
Kappa data supports resellers and customers with extensive technical knowledge, training and guidance. Our certified technical and presales teams are always there for you!
At Kappa Data, you will enjoy a particularly personal and professional approach, from quick quotes to demos and customer-friendly service with your regular contacts. We are there for you.
Kappa Data is a value-added distributor that thinks along with you in a solution-oriented manner. We always ensure a good relationship between all parties and mediate where necessary in case of conflicts.
A trusted partner for over 20 years
Snijders Compuservice, Jef Snijders