THE GAP BETWEEN YOUR PERIMETER & ENDPOINT DEFENCE THAT LEAVES YOU VULNERABLE
Why is Ransomware winning?
Why are so many organisations getting held to ransom by cybercriminals, even after spending money on conventional cyber-security, including firewalls and end-point protection, to defend their networks? How can you quickly close the gap between your endpoint & perimeter protection making you vulnerable to ransom attacks and insider threats? And uplift your network teams capability to defend against the new era of Industrialised Ransomware? Let's cover:
Ransomware Revolution
Key Elements of
Cyber Security
The Problem
of Visibility
Improving your defences
Ransomware Industrialisation
It’s well understood by cyber security professionals that if you have a network connected to the internet, you’re going to be attacked. What you may not know is that cyber-crime today is a highly corporatised, multi-trillion dollar industry with specialisation for every step: from gaining access into your network, through to distribution of your ransomware payment. There are four main types of criminals that are involved in these attacks:
Initial Access Provider
Gets and sells the access past your Endpoint & Perimeter defences.
Ransomware Partner
Scouts your network, sets up for, and then launches the attack.
Ransomware Developers
Provide the tools and ransomware software as a service.
Dark Financiers
Manage dark escrow payments to distribute the ransom proceeds.
Key Elements of Cyber Security
Let’s get an overview of cyber security to learn about the vulnerabilities these criminals are exploiting. There are three main elements to any cyber security defence: Humans, Email & Visibility.
Human
The people that use the network
The main channel of communication
Visibility
Seeing what is happening on your perimeter, on your devices and across your network
The Problem of Visibility
Visibility has three elements that are critical to your cyber defence: Endpoint, Network & Perimeter.
Endpoint
Network
Perimeter
Software installed on computers and phones to monitor them
Network Detection & Response (NDR) systems monitor devices that can’t be covered by Endpoint or Perimeter protection
The firewalls and switches which connect your network to the internet
Without NDR your door is wide open
The reason organisations are still getting ransomed despite good people training and protection over their email, endpoints and perimeter is often because they don’t have Active Network Detection & Response (NDR). Cyber-criminals are actively exploiting this missing piece of the network security puzzle to launch ransomware attacks. This is simply because there are devices on your network that your Endpoint & Perimeter protection can’t cover. Attackers could be roaming free across your network and you wouldn't know.
No NDR?
You have no visibility of devices & traffic that can’t be covered by your Endpoint & Perimeter protection
Endpoint & Perimeter protection themselves
BYOD Devices
Alternative OS or Servers
It’s important to note that today’s capable threats are able to do easily breach Endpoint & Perimeter defences. And they can’t tell you when they’ve been breached.
Without Active NDR your door is ajar
What is making this growing crime possible is the emerging trend of “Zero-day” attacks. Today’s attackers create brand new, never seen before malware for every attack - meaning that can bypass signature-based, threat-model driven defences that are found in most conventional Intrusion Detection System or Network Detection & Response tools. Without an Active NDR that uses Statistics & Explainable AI (XAI), your team can’t cut through noise of your network and focus of what matters.
Is my NDR Active or Passive?
Passive
Active
Baseline time Anomaly Detection Artificial Intelligence Insights/Context Actionable Results Self-Reporting
Price
30-60 days
Threat models
Deep-learning
No
Poor
No
$$$$
Within hours
Statistical Deviation
Explainable
Yes
Highly
Yes
$
How to deploy firebug
Firebug is flexible & interoperable. It can be deployed as a virtual instance on any server with standard specification that can provide an ingest of network traffic and is positioned near strategic network assets (eg. DMZ, Public WiFi, Data Centre). Each instance can give visibility of up to 1 Gb/s which can cover approximately 500 Endpoints on a typical network.
Virtual Instance
on standard server
Network Traffic Ingest
via Span Port or Port Mirror
Strategic Location
near key network assets eg. DMZ, Public WiFi, Data Centre.
Up to 1 Gb/s of Traffic
per instance which equates to approx 500 endpoints