The White House has warned about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. To prepare, we recommend all organizations implement the following cybersecurity practices as soon as possible.

Improve Network Monitoring at Your Perimeter

Ensure you have visibility for incoming and outgoing traffic with appropriate safeguards.

• Monitor and consider blocking high-risk outbound network traffic:
• SSH (TCP 22)
• MSRPC (TCP 135)
• SMB (TCP 139, 445)
• Unsecured LDAP (TCP 389)
• Secured LDAP (TCP 636)
• MSSQL (TCP 1433)
• RDP (TCP/UDP 3389)
• WinRM (TCP 5985, 5986)

• Review your WAF configuration and set to blocking mode to mitigate zero-day attacks.
• Log, correlate, and review events. Focus on threat intelligence, lower alerting thresholds if possible, and be aware of risk patterns associated with Russian actor tactics, techniques, and procedures (TTPs).

Create Contingency Plans to Disconnect High Risk External Connections

Preparedness, control, and proactiveness are key in a successful defense.

• Inventory any unfiltered VPNs and other vendor/contractor connections. Make sure you have monitoring in place and understand access risks.
• Limit traffic destinations for high-risk protocols wherever possible (see column to the left).
• Watch for collateral damage and propagation via automation. NotPetya showed us that poorly monitored and unpatched interconnected systems provide reliable attack surfaces.
• Perform tabletop exercises to ensure readiness during any disruptive event and at least annually. Ensure all your key resources have current contact information and can support business continuity on short notice.
• Validate your backup and recovery processes.

Bolster Your Security Awareness Program

Educating end users will lower your risk from malware and social attack vectors.

• Implement or execute a simulated phishing campaign. These attacks are usually carried out via email but now are frequently delivered via SMS, phone calls, and social
• media. Ensure your employees are vigilant.
• Reassess your password standard. Encourage pass phrases and strong passwords: easy to remember, hard to guess. Use a secure password manager to reduce call
• center events due to users who use complex, hard-to-guess passwords.
• Implement MFA on any external ingress points. Consider expanding scope to those that don’t store or transmit sensitive information. If they pose a risk by being able to pivot to other systems if compromised, assume the worst.
• Timely and effective communication is paramount. Consider the human factor: most people are scared during conflicts. You’ll receive the best outcome by keeping your communications simple, actionable, and direct while delivering with calmness.

Improve Your Rigor Around Patching and Update Consistently

Poorly monitored, unpatched assets create additional risk.

• Ensure your assets are patched and up to date (computer systems, mobile devices, applications, etc.). Automatic updates are strongly encouraged.
• Ensure your endpoint detection and response agents are active, receiving threat intelligence feeds, and set to protect/block risks.
• Enable an allow-listing policy on your EDR solution (which files can execute). Recent attacks have showed Russian actors have misused legitimate drivers from trusted vendors, such as EaseUS (Partition Master), to weaponize wiper attacks and in some cases bypass poorly configured or mismanaged EDR/MDR.
• Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored TTPs. Table 1 from CISA’s Alert (AA22-011A) lists commonly observed TTPs.

Businesses face various security threats, including ransomware, phishing attacks, computer viruses, and more. With these security threats increasing, managed security services are no longer a luxury—they’re a necessity.

Before business owners and executives can fully understand the advantages of managed security, they need to understand some basic IT security terms. Here’s our glossary of basic cybersecurity terms executives should know:

Business Cybersecurity Basics

• Cybersecurity – the protection of computers, networks, and infrastructures from digital threats and risks.
• BYOD – “Bring Your Own Device,” a business policy that allows or requires employees to use their own devices instead of company-provided ones, that can impact cybersecurity.
• Infrastructure – the physical and organizational assets and framework comprising an entity. In IT, infrastructure includes hardware and equipment like monitors and servers; software; and organizational processes.
• Network – a group of computers that are digitally connected to enable communication, file sharing, and other data transmissions. Types of networks can include Local Area Networks (LAN), Wide Area Networks (WAN), and many others.
• Managed IT Services – IT services that provide continual support, generally on a monthly payment plan, to proactively manage IT reliability, infrastructure, and security.
• Managed Service Provider (MSP) – an IT provider that offers managed services.

Risks, Threats, & Vulnerabilities

• Threat – an individual or event that has the potential to negatively affect your systems.
• Vulnerability – a weakness in your security that can be exploited or penetrated.
• Risk – the probability that your IT will be compromised due to threats, vulnerabilities, etc.
• Cyber Attack – a deliberate attempt by an individual or group to breach an organization’s network or infrastructure to steal or erase data, cause disruptions, or otherwise cause harm.
• Data Breach – when an unauthorized user gains access to restricted data. Data breaches are often caused by cyber attacks, but they may also be caused by vulnerabilities in systems or software which can then be exploited.

Types of Cyber Attacks

• Malware – any malicious software that is harmful to a network, system, or user.
• Ransomware – a type of malware that blocks access to a system or data until a ransom is paid.
• Phishing – a type of cyber attack, often in the form of an email, that attempts to manipulate a recipient into giving up personal or financial information.
• Spear Phishing – a targeted phishing attack where the attacker uses specific information about the victim, such as place of work, interests, or organizations they do business with, to manipulate the victim into giving up information.
• Virus – a malicious computer program that replicates itself to “infect” other programs after it is triggered by a bad actor.
• Worm – a piece of malware that self-replicates to infect other programs automatically once it gains access to a computer.
• Botnet – a network of computers that have been infected with malware and is controlled by a bad actor. A botnet can be used to send a large amount of traffic in a DDoS attack.
• DDoS Attack- a “Distributed Denial of Service” attack uses a botnet to bombard a website with a huge number of requests in order to to slow or crash the website.
• Trojan Horse – malware that exploits a “back door” to gain remote access to a computer.
• Spyware – malware that operates in the background to collect information such as keystrokes, login credentials, and other data, undetected by the user.

Security Tools, Services & Defenses

• VPN – a Virtual Private Network (VPN) creates a private network on a public internet connection by encrypting your data.
• Firewall – a network security tool that monitors traffic and prevents unauthorized access based on a set of instructions.
• Multi-Factor Authentication (MFA) – a password protection tool that requires two or more forms of authentication before allowing a user to log in.
• Cloud Computing – an umbrella term pertaining to services, products, and platforms hosted on a secure remote server.
• Security Framework – a set of standards that serves as a structure or guide for security, such as NIST.
• Threat Detection & Response – the process of monitoring systems to detect and respond to threats.
• Pen Testing – penetration testing evaluates an organization’s vulnerabilities, generally by attempting to “hack” their network to explore what weaknesses cyber criminals might be able to exploit.
• Endpoint Protection – security designed to protect endpoints in a network—devices such as computers and mobile devices where users can access the network. This becomes especially important in a remote network, where endpoints may be spread out rather than located in the same physical location.
• DNS Protection – Domain Name System protection can blacklist potentially dangerous websites, advertisements, and malware to prevent you from being exposed to risks.
• Managed Protection & Response – a managed security service that proactively searches for vulnerabilities, potential breaches, and suspicious activity and works to remediate them.
• SIEM – Security Information and Event Management combines security information management and security event management by analyzing security threats in real time.

Digitally Protecting Your Business

ISG Technology is proud to help businesses with their IT support needs by providing 24/7 network monitoring, real-time alerts and notifications, infrastructure maintenance, and more. We make security simple through our Managed Security offering, which mitigates business security risks by utilizing the most advanced cybersecurity tools and practices to protect your company.

Contact us today to protect your business from cyber threats and gain complete confidence in your security.

Business success today revolves around technology. From communicating with your team and clients to storing critical data, almost every operation within modern organizations depends on well-run IT.

With this digital dependency comes the need for businesses to continually enhance the protection of their  technological assets.  Cyberattacks have increased in size and scope over the years, leading experts to predict that worldwide cybersecurity spending will reach $170 billion by 2022. 

Because of the continually advancing nature of cyber threats, more robust cybersecurity methods are necessary to safeguard data. One of those methods is MDR, or Managed Detection & Response. 

Here’s what you need to know about MDR for your business and how it can protect you:

What Is MDR?

Managed Detection & Response (MDR) is an outsourced security service that utilizes both technology and human experts actively search for threats in an organization’s systems and immediately address them. MDR is accomplished using tactics such as continuous network monitoring, threat hunting, incident analysis, and remediation to protect against even highly sophisticated threats.

The Advantages of MDR

While there are many valuable cybersecurity solutions that businesses should invest in, MDR can enhance your protection beyond basic tools. As mentioned, cyber threats are continually advancing and becoming more common, and it is no longer enough for businesses to rely on a firewall or antivirus software alone to protect their systems.

Additionally, many businesses turn to MSSPs (Managed Security Service Providers) in an effort to achieve cybersecurity without understanding their shortcomings. MSSPs have a lesser scope than what is provided in MDR, meaning businesses don’t get the triage and response needed to eliminate false alarms. Instead, the business’s own internal team has to analyze information to determine which potential threats they were alerted for need to be addressed first.

Here are some of the main advantages of MDR as compared to basic tools or MSSP services: 

MDR Combines AI and Human Expertise

With Managed Detection & Response, you get the combined benefit of machine-driven 24/7 security monitoring and human expertise to ensure threats don’t slip through the cracks. This combination of advanced analytics and a human touch means you get fewer false alerts and more custom-tailored support when it comes to addressing potential threats.

In this way, you get the most proactive support. Your team of experts knows how to identify and prevent the latest types of cyberattacks as well as investigate them before taking action—rather than just alerting your IT team to the cybersecurity issue.

MDR Protects Your Business Financially

MDR is provided by outsourced security experts, allowing your business to benefit from a wide range of IT security experts at a more affordable cost. Considering that the average cost of a cybersecurity attack is now more than $1.67 million—and many of these attacks aren’t mitigated by basic security tools— investing in MDR is the clear choice when it comes to protecting your business financially.

MDR Provides Broader Visibility

MDR experts provide a holistic approach to security. Using data collected from threat feeds, OSINT data, and other tools, MDR security teams keep a watchful eye on internal and external networks, the cloud, and all endpoints to ensure maximum protection. They consider businesses’ unique compliance needs (HIPAA, PCI DSS, etc.) as well as the specific context of threats so they can provide long-term solutions that will improve a company’s cybersecurity posture. 

Take Your Security to the Next Level

Using a Managed Detection & Response service is a great way to take your cybersecurity plan to the next level. When you choose MDR, you gain access to a team of well-trained experts as well as the latest software that will carefully monitor any security threats and vulnerabilities within your system. 

Your MDR team can keep you updated on potential problems while also limiting unnecessary alerts and taking quick action when there’s a true threat to your business. And once the threat has been eliminated, the team will investigate the incident to determine how to prevent such attacks in the future.

If you’re interested in reducing the chance of cybersecurity attacks on your company—as well as minimizing the damage and recovery time if they do occur—you should consider using an MDR service to improve security for your business. Contact ISG Technology today to learn how we can help you through our Managed Detection & Response services.