Networking Monitoring News – May 2016

Threat Report

“Most organizations today rely on the walls and moats of yesteryear, thinking they are defending against catapults and cannons, while the attackers are instead using drones and highly targeted stealth technology.” HPE 2016 Cyber Risk Report is spot on. Firewalls and Antivirus are old technology. They just cannot do the job by themselves any longer. Unfortunately, this is all many of us have as far as network security is concerned.

The US Secret Service states in their report this year that 86% of organizations currently lack adequate network security capabilities. On average it took 146 days to discover there was a compromised computer/device on the network. Attacks will happen, this is the new norm. An attacker can take a few days to a week to gain access. If we now know attackers will get in, we must be able to detect it as fast as possible. A ClearNetwork monitoring device is a must.

As executives, we must gain insight as to which assets are most critical and valuable to an attacker. Knowing the enemy and what they will be looking to steal is a huge offensive advantage against cyber-crime. Find these assets and make sure they are protected and monitored.

Brute Force Remote Desktops

Attackers are using brute force attacks against your remote desktop servers to gain access to your network for reconnaissance. Once they gain access, they find where the data is and encrypt it. Since they have knowledge of your network now, they have a much stronger position at the negotiation table and will demand a much higher price to unencrypt your data. Best practice is to not put these servers directly on the internet. Tell users they need to VPN into the network first, then connect to their desktops.

Updates

If you haven’t already updated Flash Player and Microsoft Silverlight, you should do so as soon as possible. You will “significantly” minimize your risk of getting hit by the latest in ransomware threats once patches are applied.