No one industry has done more harm to our business than Hollywood. Movies about cybercriminals are entertaining, but hackers are usually portrayed as digital hitmen – get in, get data, get out.
This has created the perception for a majority of people, and thus a majority of companies, that a data breach is an event – something to be dealt with when and if it happens. Our community knows better. Hackers don’t treat infiltrated networks like a consumer in Best Buy on Black Friday. They are patient, spending weeks or months inside a network, moving within the system, to progressively steal data undetected. These kinds of behaviors require on-going awareness to protect against, and unfortunately, it’s these kinds of activities that RMM and anti-virus tools are not designed to catch. MSPs currently do a good job of protecting their clients from external cyber threats with help from state-of-the-art firewalls and endpoint protection software. However, the rise of attacks and the kinds of attacks simply makes it difficult to catch everything.
In a lot of cases the activity that happens to make data truly vulnerable occurs once a hacker has already gotten past a network’s perimeter defenses. For instance, hackers regularly use IP and port scanners to find “open and vulnerable” IP ports from inside the network. A few common “red flags” that are hard to catch are new admin behavior, aka the creation of a new network administrator, the elevation of a non-critical employee, and anomalous /failed log-in behavior. These kinds of “low and slow” actions are likely to occur off-hours to avoid discovery, when people aren’t likely to notice the change. This is where tools like Cyber Hawk, which is built to detect and alert on these behaviors, can literally save a company millions in data loss.
Here’s a list of top insider threats that most conventional IT security tools can’t catch:
- Unauthorized access to computers with confidential information
- Unauthorized user login to IT Infrastructure (servers, etc.)
- Unauthorized access to systems in the Cardholder Data Environment
- Unauthorized devices added to restricted networks
- Unauthorized new users added to the Domain
- Unauthorized addition of new local computer administrators
- Anomalous and suspicious logons to computers
- Unusual log-in hours for day-time workers
- Unexpected changes made to locked down computers
- Restricted computers with direct access to/from Internet
- Systems with uninstalled critical patches longer than 30 Days
- Systems inside the network with exploitable vulnerabilities
- Unexpected changes to Internal or wireless networks
- Connections to unauthorized wireless networks
- Storage of Credit Cards, PII, ePHI and other sensitive information
Protecting your clients from these kinds of threats is tedious and time consuming without the right tools. Cyber Hawk identifies insider threats, and alerts the MSP via email or PSA ticket creation. The unlimited license allows MSPs to deploy as many Cyber Hawk software appliances as desired. Intelligent pre-configured services are built directly into the tool, as well as the ability to customize alert triggers based on each client’s security policies.
To learn more, visit RapidFireTools.com, write firstname.lastname@example.org or call 678-323-1300.