<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2815180&amp;fmt=gif">

Managed Detection & Response Tip: Don’t Ignore These 4 Cyber Threats

Managed detection and response (MDR) works very well to catch hacks and attacks before small issues turn into big problems.

But the vast amount of data to monitor is overwhelming, complex, and confusing. It can feel like you’re swimming against the current trying to find the real threats amongst the rest. 

Don’t make the MDR process harder than it needs to be. By cutting down on the number of potential cyber threats coming your way, you’ll make it much easier to protect your private data. To do that, don’t ignore these four cyber threats.

1. Close Common Entry Points

Inbound and outbound suspicious traffic infiltrates networks through various protocols hackers can use to their advantage. Closing off some of their most sought-after entry points will cut down on the amount of activity you need to monitor.

Here are some entry points that need to be closed right away:

RDP (Remote Desktop Protocol): While good for fixing common computer issues, hackers can use RDP to gain access to your sysadmin passwords. That’s how they install ransomware. Additionally, hackers will also sell your stolen credentials to other hackers who will use them for weeks or even months. 

To prevent this from happening, keep up-to-date with RDP’s security patching and always be on the lookout for unauthorized network traffic.

MSSQL (Microsoft SQL Server): Some organizations leave MSSQL ports open on firewalls to allow database access for vendors, but this leaves those entry points exposed. Hackers scan ports looking for availability, with the main TCP port being the most widely accessible.

Don’t give access to anyone who doesn’t need it. And use network traffic analysis to track who is accessing ports and alert you of any dubious external activity. 

Telnet: This old-school client-server protocol is still sometimes used for a virtual terminal connection but is very simple to hack and attack. Why? Because it’s not encrypted and sends information in plain text. 

Immediately replace Telnet with SSH (Secure Shell Protocol) to operate secure network services over an unsecured network.

SMB (Server Message Block): This is a sure pathway for hackers to enter your network where they have access to files, printers, and serial ports.

If you use SMBs, configure them properly or, better yet, switch to AFP or NFS.

2. Strengthen Encryption Protocols

If you want to be a target. Don’t rely on SSL, TLS 1.1, or TLS 1.2 to keep hackers away. 

Only TLS 1.3 is reliable enough to keep hackers out of your system. 

3. Stop Network Misuse

Employees are always a significant security soft spot, and your organization is no different. Are employees using apps or participating in illegal activities? If so, they’re opening your organization up to cyber threats. 

All employee network use must be monitored for out-of-policy and illegal activity.

4. Protect Yourself from Malware

There were 677.66 million worldwide cumulative detections of newly-developed malware applications in 2020. And that was in March, up 16.5 million from January. Seven of the most common cyber threats include:

    • 5G-based swarm attack
    • Adware and spyware
    • Computer virus
    • DOS and DDOS attack
    • Fileless attack
    • MiTM Attack
    • Phishing

Use MDR’s threat identification and remediation services to investigate, contain, or eliminate the damaging fallout of these cyber threats. 

Castra’s Glassbox Managed Detection & Response Approach

Typical managed detection and response providers work within a ‘mystery box’. They keep your data close to their chest and refuse to allow you visibility even if you change providers. This leaves you in the dark about the information they’ve gathered, putting you back at square one with any other provider who will have to start from scratch. The mystery box method exists to keep you tied to one provider for your needs. 

Castra operates within a ‘glass box’ where we do everything transparently. All your information is yours. You have access to it anytime. If you leave, you take it all with you. 

Our Top 5 MDR Tools

Castra uses industry-leading MDR tools to form a solid defense against cyberattacks and keep your data safe. 

  1. Exabeam
  2. USM Anywhere
  3. Anomali ThreatStream
  4. Palo Alto Cortex
  5. Wazuh

We don’t rely on technology alone to protect our clients. Our expert security analysts have over 20 years’ experience making conclusive decisions that will secure your organization. Technology is only good as a practitioner. You don’t need a tool but a complete service with a partner who will take your security to the next level. 

Schedule a meeting, request a quote, or contact Castra now.