TruBlog

Critical Security Information For Security Conscious Companies

Email Us- 877.583.2841 -Request A Demo

Use This Form To Have A TruShield Team Member Contact You With More Information.

  • This field is for validation purposes and should be left unchanged.

Use This Form To Contact TruShield Inc Directly. Or you can call us at: 877.583.2841. We will respond back as quickly as possible!

How does TruShield identify an attack on a business?

We at TruShield are often asked about how TruShield identifies an attack on a business. One of the key aspects of TruShield’s CSM, or Continued Security Monitoring solution, is the fact that it monitors identity and access management at a very granular level. What that means is that TruShield can integrate information from businesses’ active directory infrastructure into the monitoring platform. If you’re a CEO looking to understand the strategies TruShield uses to identify attacks, this is for you.

TruShield does this for a couple of reasons. To start, it’s very useful for anyone looking at security at a high level to look at more than just signature-based threats, but to also be looking for interesting or abnormal behaviors. That’s what TruShield is doing with its identity access management monitoring. It’s looking for potential indicators of things that haven’t happened, things like privilege escalations or administrative accounts being locked. One of the things businesses often see during a chain of attacks is an attacker gaining access to an environment. This is done through a drive-by download. They are going to immediately try to maintain access.

Maintaining access usually hinges upon a privilege escalation. This means that they are going to escalate the privileges of the account they’ve compromised from a low-level account to something along the lines of an administrator account. Perhaps they are going to add a new account to a protected security group. That’s a very dangerous thing when it happens. In those situations, the bad guys basically gain access to the keys to the kingdom. TruShield’s perspective is that if you are not monitoring where permissions, privileges, and policies are managed then you are really missing a sizable portion of the picture.

One of the things often seen when TruShield monitors an organization that’s under attack is a lot of failed logins for administrative accounts; several failed logins with an error code, stating that the wrong username has been entered. Usually, one or two bad usernames is not a big deal, maybe somebody has just fat-fingered their actual username. But, if you see many of those, what’s usually happening is a bad guy is trying to guess a valid username. What is often identified in a chain of attacks is a valid login followed by a bunch of failed logins for bad passwords. What that really means to us when we start to peel back the onion there is that somebody has guessed a correct username and is trying to compromise the password for that guest username.

If you’re not looking for the kind of activity and environment that TruShield is providing, you’re just going to be relying upon things like antivirus or IP reputations to give you information that you need. You’re going to miss a key component of it. For information on further managed security services and devices, click here.

Why should a business use TruShield’s MSSP system?

When an organization is thinking about trying to solve a problem with threat detection, they have a couple of options in front of them. TruShield’s process, however, provides the most cost-effective and efficient system. If you are a CEO interested in using an MSSP, Managed Security Service Provider, like TruShield, this is for you. First off,… Continue Reading

Making the Most of Your SIEM Security From the Beginning

Making the Most of Your SIEM Security From the Beginning As the complexity of your company’s digital network grows, Security Information and Event  Management, or rather SIEM technology, can significantly help support your IT team with the viewpoint they need to ensure compliance and operations support for the successful continuation of the business. Unfortunately, with… Continue Reading

Reasons Why Cybersecurity is an Ongoing Project

Set it and forget it! While this sounds like something from an infomercial, unfortunately, this is often the mindset that many organizations have when developing their cybersecurity strategy. Fundamentally flawed, stupendously short-sighted and remarkably reckless, here are three common mistakes which highlight why cybersecurity is (wrongly) viewed as a one-time-deal rather an ongoing project. Continue Reading

You Were Warned About NotPetya Ransomware

On June 27th, organizations across the globe discovered a new ransomware danger now pegged as NotPetya. This variant of new ransomware was initially thought to be a repackaged version of the Petya ransomware variant discovered about two months ago but has since been found to only borrow code from that variant, with modifications to increase its impact.  At… Continue Reading

Cybercriminals are Targeting Law Firms

It’s no secret that the legal industry is now recognized as one of the biggest targets for cybercriminals today. Clients trust you with their private information and believe that you will keep it safe. In a PwC report entitled, Safeguarding Your Firm From Cyber Attacks, they note, “Privacy and confidentiality are bedrock qualities for law firms. The theft… Continue Reading

Brace Yourself for Another Ransomware Sh*tstorm

As the world sifts through the ashes left from the cybersecurity firestorm brought down on it over the weekend by a ransomware strain known as WannaCry, a new menace is growing from its shadows. This new ransomware comes from similar origins, an NSA exploit dump by Shadow Brokers.  While WannaCry used a weaponized exploit called… Continue Reading

Copyright © 2017