Working in Cybersecurity is no easy feat – cybersecurity analysts must stay one step ahead, keeping up to date with the latest cyber threat landscape and any new trends in IT.
We take a look behind the scenes at what our Security team get up to and how organisations can keep their systems secure.
Our 24/7 security team are often busy responding to security events, triaged alerts and the latest vulnerabilities. They also work alongside the customer’s own security teams to deliver a resolution of security incidents.
We spoke to some of the team about how organisations can keep their systems secure, and one thing that was highlighted was the importance of Vulnerability Management.
Vulnerability management is a continuous, proactive, and often automated process that keeps your computer systems, networks, and enterprise applications safe from cyberattacks and data breaches. At Fordway, we use tools such as Defender, Sentinel and Nessus for this and is an ongoing day to day activity.
Here we take a look at some of the security situations faced in our 24/7 team, to give you a taster of what it’s like to be a security analyst…
One sticky situation faced by one of our clients was a Brute Force attack on a newly built server. A Brute Force attack can be pretty harmful in terms of cyber-attacks. It’s a hacking method that uses trial and error to reveal passwords, login credentials and encryption keys. This method is a simple and effective way of gaining unauthorised access to user accounts as well as the entire organisation’s computer systems and networks.
This was made easier by the customers’ developer team who built a new server with no security controls in place and was open to the internet. Fordway’s security monitoring tools identified the brut force attacks to this server. Luckily there wasn’t any successful logons identified in this instance – but continuous attempts which left the potential for a costly breach. Our security specialists quickly responded and managed to block malicious IP’s and created a rule to the Azure Network Security Group (NSG) to only allow connectivity to the server for listed IP addresses.
If you ever find yourself facing a Brute Force attack there are a number of remediation actions that can be applied, such as implementing 2FA, VPN, strong passwords, firewall rules and limiting logon attempts. In this scenario, Fordway’s security specialists recommend applying a VPN solution. A Managed Service Provider will be able to do this for you, as well as 24/7 security monitoring – so if you’re ever faced with a breach, you don’t need to worry.
Another example of a security incident (which might make you want to consider adding Sentinel to your toolkit), is when a suspicious DNS lookup was detected. Our team reacted quickly for our client when a security alert was received from Sentinel indicating a suspicious DNS connection to a potentially malicious IP address.
Investigations confirmed that the connection did take place and the server was isolated and removed from the domain. We then used advanced hunting to check logs on Sentinel for any further suspicious activity as well as running full AV scans on all servers on the domain – this allowed us to restore the server from backup and introduce back onto the domain for our client.
This is just one example of why Microsoft Sentinel can be a hugely valuable asset to your IT operations. If you’re unsure what Sentinel is, it’s a cloud-native security information and event management (SIEM) platform using built-in AI to allow large volumes of data to be analysed quickly and effectively. The powerhouse of AI and automation provides organisations with intelligent security analytics across the entire enterprise. It takes the strain off clients worrying about their security strategies, by centralising threat detection, detection, response and investigation efforts.
Data breaches, malware attacks and other types of cybercrime are becoming more common and can cause serious damage to any business. The amount of regulation governing how businesses protect their data is also expanding. This can make IT security an overwhelming concept for any organisation to keep up with the requirements whilst ensuring they have the latest tools to keep their data safe and secure.