Posts

Winners and Losers from WannaCry

Prevention remains the goal, but detection and response capabilities are equally important. How did your cybersecurity services provider measure up?

Preventing the next big ransomware cyberattack is on everyone’s minds since WannaCry burst onto the scene on May 12, 2017.  But preventing isn’t the only thing CISOs should be focused on. Monitoring and responding to alerts are just as important as prevention. Ensuring that your cybersecurity services provider (MSSP) has state-of-the-art monitoring technologies and response capabilities is a winning approach in being able to thwart any oncoming cyberattack, like WannaCry.

How Does Monitoring Protect My Business Against the Next WannaCry?

Being able to detect any threat when it breaches your perimeter is key. And having comprehensive 24×7 monitoring and analysis is your first line of defense against any potential cyber threat. When researching cybersecurity services for your company, CISOs need to seek out service providers that can provide them with “around-the-clock” monitoring, alerting and response services, not just prevention, in order to be fully protected.

The threat landscape is increasingly complex and hackers are exploiting vulnerabilities across all resources, including your people, processes and technologies. Unlike the visible incursions of the past, new attacks employ both slow and low-profile strategies and rapid moving machine driven attacks designed to pass enterprise security control architectures. Attackers are often able to systematically pinpoint security weaknesses and then cover all traces of their presence as they laterally propagate to compromise other critical IT assets. Employees, contractors, and other insiders are increasingly, and often unknowingly, a source of data breaches.

Accurate monitoring allows your cybersecurity services provider to be proactive with their threat defense techniques in identifying the early stages of attacks and suspicious insider behavior before breaches result in the loss your data. In terms of WannaCry, implementing monitoring techniques that looked at Lateral Movements and User and Entity Behavior Analytics on multiple devices allowed for the detection of malicious movement and thwarted the attack from continuing on. Utilizing multi-vector event correlation techniques, asset modeling, user profiling, and threat intelligence are among the advanced technologies used to identify threats and help prevent security exploits through cybersecurity monitoring and automated response services.

How Quickly Can Your Service Provider Respond to Potential Cyberattacks?

Most breaches take 15 minutes or less to compromise a system. Attackers and malicious code move very fast. On occasions when prevention does not work, your MSSP needs to take fast action, either automated or manually, to block active attacks, contain compromises, and prevent breaches. Accurate detection and the ability to respond quickly is paramount.

When an attacker is scanning your network, a compromised device is communicating to a malicious external location, or malware is propagating laterally, a manual response is often not fast enough to contain the threat and prevent a breach or mitigate malicious activities. Most Security Operations Centers (SOCs) do not have the comprehensive visibility necessary to quickly make informed decisions that can immediately respond to these types of threats. Having an MSSP with Managed Detection and Response services coupled with Endpoint Detection and Response solutions can provide your company with unparalleled Incident Response services to detect and respond to threats on the endpoint, across the enterprise, or on your cloud applications.

The Takeaway

If you want to know if your MSSP is winning or losing in the fight against cyberattacks for your company, then you need to ask them a major question: Are they doing more than just prevention to protect your company from a breach?

There are many MSSPs out there that offer many different variations of cybersecurity services. In order for your company to be fully protected and have a winning strategy against cyberattacks, you need to ensure your MSSP not only focuses on prevention but also has accurate, 24×7 monitoring that detects lateral movements and user and entity behavior modeling along with automated detection and response capabilities to fully protect your company against the next potential ransomware attack.

Contact us today to receive a cybersecurity assessment on your company’s security posture.