The changing face of IT security buying

Buying IT security can be a complicated process.

Today, there are literally thousands of security vendors who all claim to have the latest and most secure security product on the planet to help defend your businesses from cyber-attack. But which ones do you pick?

Businesses must work with technology partners, vendors and industry peers to make the best security technology decisions, but this takes time, money and plenty of people from all areas of your business.  To compound this problem businesses are confronted with countless industry terms, buzzwords and acronyms to make decision making even more complicated. Do you need a SIEM, EDR, MDR, EPP, NGAV, CASB, SOC, DLP or maybe even UBA?  What’s more, the security solutions can often be in search of a problem which may not exist in your business but because of slick, fear based selling tactics businesses can make poor security technology investments which don’t solve the most critical problems.

Businesses also face confusing information from technology partners and vendors who can claim they work in unison with other technology vendors under consideration. However, when you scratch the surface they don’t work in unison or can’t easily be integrated into a single cohesive solution.

Finally, businesses are now regularly seeking consumption-based procurement options for security technology. Options include per user pricing, monthly payment plans and annuity-based cloud licensing which avoids infrastructure obsolescence. Many of these options have been available for years with other IT solutions but for some reason security has lagged. As such, businesses are stuck with large, up-front capital investments which are infrastructure heavy and may struggle to defend against new and emerging threats for the duration of the designated investment period.

To help address these problems, the team from Cythera developed the Cythera Security Platform - Protection Bundles. The bundles utilise a combination of class-leading managed security technology to defend against common and advanced security threats. The bundles are cloud delivered, easy to set up and billed on a monthly basis, per user.  No longer do businesses need to complete complex, time consuming market assessments, technology testing and procurement processes. Cythera has already scoured the market for the best security technology, rigorously tested it in a production environment and developed an easy-to-consume, subscription based commercial model with low upfront costs.

Cythera has developed a platform which helps business save time, money and important resources while improving the security posture for the life of the subscription service.

For more information or pricing visit https://www.cythera.com.au/protection-bundles

Compromised business partners : How hackers catch you asleep at the wheel.

This week while on-boarding a new customer, before we could even start we needed to help them recover from a compromise they had received before coming to us.

A user had suffered a phishing attack and had their Office365 email credentials stolen. Email phishing is the act of sending emails purporting to be an entity (such as Google) or an individual (such as your CEO), often using a crafted email with graphics and text from legitimate emails included to fool users into entering login information or opening an attachment. The attacker can then use the stolen credentials to gain access to your organisation, or use malware the user clicks on to gain a control channel into your environment.

In this case, the malicious actor had utilised a common method to compromise a business; They had taken control of the email account of a trusted business partner, and had then sent our client an email with a Dropbox link purporting to contain a legitimate looking business proposal.

This method is highly successful because when we receive an email from a known or trusted user, we tend to bypass our usual scepticism and control when it comes to clicking links or opening files. In this case, our client actually replied to the email and asked if it was legitimate. He got a reply ‘Yes it is, I need you to respond to it urgently’. As the business partners email had been compromised, the hacker could reply themselves in an attempt to validate the email. The client then opened the file which prompted him to login to Office365 to access to file, and his credentials were then stolen.

So how can we better protect ourselves from these sorts of problems? Email filtering won’t always help here as the emails actually coming from a seemingly legitimate user. But secure DNS and web filtering (such as what we deliver with our DNSProtect and WebProtect portions of our protect platform), would have helped prevent the user from inputing their details into a phishing site by blocking the phishing page from displaying in the clients browser. Not reusing passwords across accounts is another good practice to limit your exposure to any compromise should it take place. Additionally if the Dropbox link had instead contained malware, ransomware or a remote access tool (commonly called a RAT to security operators), an endpoint protection agent such as MalwareProtect and EndpointProtect would keep you safe.