Intrusion

Had a great time meeting with MSPs at The ChannelPro Network DEFEND event. Big shoutout to Gregory Akers, CCIE for taking the time to speak to other fellow MSPs about how you use Intrusion. We are thankful for you. When asked what the value of Intrusion was, he said we provide: ?? A great tool to quickly gain control of a difficult client cyber security environment. Including ones that are under active attack. ?? The best threat intel consolidation of any tool on the market. ?? A definitive last layer of a defense-in-depth protection?strategy. ?? A great place to start threat hunting in an environment. ?? A first step in engaging clients in meaningful protection dialogue, thus opening new avenues of engagement. That is awesome stuff. We look forward to meeting new people at the next DEFEND event in Boston. See ya then!

The secret to a healthy relationship? Paranoia. 1. Assume the worst intentions. In relationships, it's best to never fully trust anyone. Always assume negative intent. Listen to what they say, but always verify it with a third party. We're talking background checks, monitoring, etc. 2. Never let your guard down. Vulnerability will destroy a relationship. Never let someone get too close – they'll eventually exploit you. Keep your feelings locked down, and never show your true self. It's just safer that way. 3. Be around, always. Especially when you first meet. Constant surveillance is key to a healthy relationship. Know their every move, and always be one step ahead. Some may label it stalking, but it's really just information gathering. Looks like the rules of love and cybersecurity are the same. Who knew?

Baselining networks is a flawed pursuit. Can't you just determine what 'normal' traffic looks like on a network and flag everything else as suspicious? It's a great idea, in theory, but the problem is that a typical organization's traffic is incredibly diverse. Millions of domains and IPs are requested every month for everything from web browsing to APIs and vendor communications. To illustrate this, we logged network traffic (DNS requests and IP communications) in a medium-sized organization over the course of 3 months and took note of the overlap from month to month. On average, there were about 800,000 unique domain requests each month, but only 42% of these overlapped from month to month. And over a 3 month period, there was only a 30% overlap. We found the same to be true with IPs. We looked at unique destination server IPs and outbound TCP communications. Around 1-2 million distinct server IPs were observed per month, but only a 25% overlap from month to month. If you're not using a threat intelligence tool for domain and IP reputation, you should. IP and domain reputation intelligence can mistakingly be viewed as outdated or too basic to protect you from modern threats, but we've found the opposite to be true. The internet is a moving target. Blocking connections from unknown or untrusted IPs and domains can disrupt threat lifecycles and should be considered a critical component of your security strategy.

We're here at DEFEND ?? for the very first time! Looking forward to connecting and learning more about your challenges with cybersecurity. Our CEO Tony Scott will be on the main stage today at 11:45AM to talk about "The Unwatched Door" and how monitoring and controlling outbound traffic is key to NOT getting hacked. We've got a special offer for attendees, so be sure to stop by our booth and meet Andrew Wildrix + Suzanne Fulco! ?? Shout out to The ChannelPro Network for putting on an awesome event.

Darth's IT Support:

It's getting trickier to detect phishing emails. Even for email security tools. The most prolific phishing tactic in 2024 is....impersonation. These impersonation emails are looking real legit. And no one wants to be accused of not following up on something important or not doing their job. An Egress report shows signature-based email protection gateways and Microsoft 365 did not protect from obfuscation techniques used by attackers in nearly 17% of impersonation emails. What happens after someone clicks the link? Or opens the attachment? There are several measures that can be taken to prevent a successful attack. – Something that doesn't allow users to reach the unsafe link destination. – Something that doesn't allow the malware's outbound communication to its control and command server. – Something that doesn't allow incoming or outgoing communications from suspicious or known malicious IPs. Implementing a tool like Intrusion Shield can help protect your business even when impersonation emails slip through the cracks.

Relying solely on signature-based solutions is a huge security concern. ?? They don't protect against zero-day attacks Signature-based solutions can't detect unknown or newly released threats, leaving you vulnerable to zero-day attacks. This limitation allows new, unseen threats to bypass traditional security defenses. ?? They aren't effective against advanced threats Signature-based solutions struggle with sophisticated, targeted attacks, such as: - Polymorphic malware - Fileless malware - Social engineering - Advanced Persistent Threats (APTs) These threats often evade signature-based detection, requiring more advanced security measures. ?? They promote reactivity Signature-based solutions respond to known threats, not emerging ones. This reactive approach: - Relies on previous attacks to create signatures - Fails to anticipate new threats - Leaves you exposed to unknown threats Incorporating tools that are reputation-based, behavior-based, or use applied threat intelligence is necessary to protect your network from unknown threats.

The majority of the internet is grey. Meaning it has little to no reputation. The domains aren't necessarily bad, but they also shouldn't be considered trustworthy. These may be – newly registered domains – sites that have existed for a while but with no content – sites that seemingly have no legitimate purpose These often require manual review and investigation to determine their true intentions. Determining what action to take is less of a binary good/bad and more of a risk tolerance calculation. But who has time for that? Well, we do. We can help mitigate risk by filtering out the internet noise. The questionable stuff that can eat up a lot of your time. The threat adjacent stuff. The stuff we shouldn't be letting our networks communicate with but are because there's never been a great solution to manage it. If you're curious, reach out to us.

Shout out to our co-founder Joe – we're lucky to have one of the smartest (and hilarious) people in cyber ??

Those seemingly harmless IoT devices can, and often are, used as a gateway to gain access to your crown jewels. If you find that an IoT device is communicating to places it doesn't normally communicate with it may be a sign that someone is attempting to hack your network and should be looked into. Just another reason why monitoring outbound comms is highly critical. #IoT #cybersecurity