Eleanor Barlow, Author at Cyber Secure Forum | Forum Events Ltd
Posts By :

Eleanor Barlow

What is Red Team Assessment and how can it benefit business?

960 640 Eleanor Barlow

By Eleanor Barlow, SecurityHQ

Red Team Assessment as a service used to simulate real-life attacks, to know that the right security controls are implemented and working within a business, and to highlight the security gaps that would otherwise go undetected.

A key part of Red Team Assessment is where a simulation is used to mimic the behaviour of an internal employee in the company being tested. For this, the red team will have the same devices and privileges and try to gain unauthorised access to sensitive IT systems, active directory, business sensitive application/database and to see what data is accessible. The goal of this assessment is to learn which machines, servers and data can be reached, and if an attack can be made on the machine to move laterally throughout the organisation.

Obviously, in this attack there is no malicious intent, the purpose is to highlight if someone with malicious intent could indeed infiltrate and gain access to sensitive data/company information and the people and processes involved.

The Challenges Red Team Assessment as a Service Solves

The challenge with most organisations is that the majority, around the world, are now working remotely. The issue with this is that businesses do not know how secure their corporate devices are. In a Red Team Assessment, specific users/employees are targeted, to see if security solutions can be bypassed, and controls to elevate higher privileges and create backdoors into the target’s endpoint, can be made. This provides a clear understanding of vulnerabilities and the weaknesses in a company’s infrastructure especially while teams work remotely.

What Next?

‘Security Awareness is not just for those interested in cyber security. It is a crucial element that all employees must be aware of. The issue is that few organisations have a dedicated cyber security team, which means that few are educated on the necessary processes that should be conveyed to all employees in separate departments. With this lack of awareness, systems, processes, data, and people are left vulnerable. But once employees are cyber security aware, have a checklist in place, are able to recognise cyber threats, the impact of a cyber-attack, and know the steps to prevent cyber threats from attacking and infiltrating their systems, businesses improve their security posture significantly.’ – Tips to Educate and Protect Your Staff from Security Threats

For a comprehensive view of the features and benefits available with Red Team Assessment, download the data sheet here.

Or, to speak with an expert, contact a member of our team here.

About The Author

Eleanor Barlow

Based in London, Eleanor specialises in researching and reporting on the latest in cyber security intelligence, developing trends and security insights. As a skilled Content Manager and experienced named author and ghost writer, she is responsible for SecurityHQ’s content strategy. This includes generating content for the latest articles, press releases, whitepapers, case studies, website copy, socials, newsletters, threat intelligence and more. Eleanor holds a first-class degree in English Literature, and an MA from the University of Bristol. She has strong experience writing in B2B environments, as well as for wider technology-based research projects.

About SecurityHQ

SecurityHQ is a Global MSSP, that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.

Facebook: https://www.facebook.com/Sechq

Twitter: https://twitter.com/security_hq

LinkedIn: https://www.linkedin.com/company/securityhq/

Website: https://www.securityhq.com/

Supply chain attacks of 2022 on the rise

960 640 Eleanor Barlow

According to Microsoft, the goal of a supply chain attack is to ‘source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.’ Supply chain attacks ‘begin with an advanced persistent threat that determines a member of the supply network with the weakest cyber security in order to affect the target organization.’ (CERT-UK report ‘Cyber-security risks in the supply chain’).

Advanced persistent threats (APT’S) are ‘a multiphase, and long-term network attack in which unauthorized users gain access to, and harvest, valuable enterprise data.’ (IBM)

Most often, smaller businesses are the initial targets of these attacks. But these smaller business often provide products and/or services to larger corporations, which then become infected. So, while a small technology company with less than 30 employees may be the initial gateway, anything up to a Fortune 500 business can be impacted.

Take aviation giant, British Airways, for instance. In August 2018, malicious code on the BA website and app was placed to extract customer credit card details and other personal data of over 400,000 customers. While BA was the target, it is likely that third-party suppliers were the original issue here, as ‘third parties may supply code to run payment authorisation, present ads or allow users to log into external services.’ reported the BBC shortly after the attack. The company was fined £20m by the Information Commissioner’s Office (ICO), and new measures with regards to authentication and third-party protocols were put in place.

This incident is one of many. ‘In terms of scale and sophistication, the attack against SolarWinds, in which the highest levels of government were compromised, was unlike an attack seen before. The far-reaching impacts are still being identified today. It is the unpredictability of the attack that was/is the greatest cause for concern, and how attacks like this will influence business and infrastructure in the future. That is why it is important to prepare and safeguard systems as much as possible now, before the damage is done.’- Eleanor Barlow, SecurityHQ

How to Mitigate a Supply Chain Attack

To reduce the chance of becoming a victim of a supply chain attack, implement the right services to detect and respond rapidly, now.

For full visibility of threats targeting you, ensure that you have Managed Extended Detection & Response (XDR) in place.

If you are concerned about the impact of a breach, contact a security expert for advice.

Or, if you think you have been breached, report an incident here.

How to combat cyber organised crime with XDR

960 640 Eleanor Barlow

According to Verizon’s latest ‘2021 Data Breach Investigations Report (DBIR)’, in the past few years, financially motivated attacks continue to be the most common forms of attacks, with organized crime groups representing around 80% of these attacks.

In fact, in a threat assessment delivered by Europol, a warning was released stating the frightful impact that criminal syndicates are having on the economy. The assessment highlighted that ‘Virtually all criminal activities now feature some online components, such as digital solutions facilitating criminal communications’, and that ‘The availability and accessibility of secure online channels has resulted in a diversification of the platforms used for illegal online trade.’

The Dark Web for Criminal Communication

The Surface Web and the Dark Web is a breeding ground for organised crime groups. ‘There are organised crime groups such as drug dealers, arms dealers, and other general criminal activities. There are also hacking groups, trading information, selling ransomware, credit cards and so forth. But, apart from acting as a marketplace, the Dark Web also acts as a communication for said parties. When you couple it with the anonymous payment of cryptocurrency, such as Bitcoin, you’re in business. You have the means to communicate with likeminded individuals, you have customers ready to buy, and a payment mechanism. Which is the dream scenario for anyone wanting to stay below the radar.’ – Eleanor Barlow, SecurityHQ

Cybercrime delivered as a service is also highly sought after and provides those with lesser skills to be able to commit illegal actions, including DDoS attacks, ransomware, and fraud. Tools can be purchased using a percentage of the criminal profits, and there are multiple manuals and how-to guides available for wannabe threat actors to start attacks.

XDR to Combat and Mitigate against Cyber Organised Crime

To keep up with growing organised crime threats, businesses now require different combinations of detection and response capabilities. SecurityHQ offers Extended Detection & Response (XDR) with multiple feature options, to ensure an enhanced security posture. By combining Network Detection and Response, Endpoint Detection and Response, SIEM, User Behaviour Analytics, and 24/7 SOC capabilities for real-time Detection and Active Response, receive 360-degree visibility that is constantly evolving and adapting to your hybrid, multi-cloud, IT environment, across your logs, Endpoint, and network, to increase speed of detection and remediation of both known and unknown threats.

For more information on how to mitigate against cyber organised crime, talk to a SecurityHQ expert.

XDR Service Essentials – Everything you need to know…

960 640 Eleanor Barlow

By SecurityHQ

To keep up with new threats, businesses now require different combinations of detection and response capabilities. XDR is one of the latest security services being promoted by Managed Security Service Providers (MSSP’s) around the globe. The term stands for Extended Detection and Response (XDR) and claims to be the latest in detection, investigation, and response.

What Should XDR Include?

At SecurityHQ, we get vendors asking about XDR daily. For SecurityHQ, XDR is a service that combines multiple feature options, to ensure an enhanced security posture specific to the user/company. Every company is different, and every industry requires different security needs. Which is why our XDR combines Managed Detection & Response (MDR) with a combination of some, or all the following elements, depending on your service needs. These elements include MDR, UBA, Network Flow Analytics, EDR, Threat Containment and Dark Web Monitoring” – Eleanor Barlow, Content Manager, SecurityHQ

User Behaviour Analytics: Identify patterns of usage that indicate malicious or anomalous user behaviour. From launched apps, file access, to network activity, monitor who touched what, when and where an element was accessed, how it was made, and how often.

Network Flow Analytics: View and gain a comprehensive view of your entire network infrastructure, by examining sources, target ports, IP addresses and more.

Endpoint Detection & Response: Continually monitor endpoints, gain full visibility of your whole IT environment, detect incidents, mediate alerts, stop breaches, and receive instant advice.

System X Threat Containment: IR Security Orchestration Automation and Response (SOAR) for accelerated enrichement, playbooks and threat containment.

Dark Web Monitoring: Monitor the dark, deep, and visible web to detect risks and alert, investigate and take down offending content.

Bring Your own License: Whatever features work best for you, either apply SecurityHQ’s own SentinelOne turnkey solution, or bring your own license and merge the package you want.

Core Benefits of XDR

  • Essential Cyber-Solutions and Improved SIEM Experience, Combined for Multi-Layer Protection.
  • Advanced Threat Prevention & Detection with Comprehensive View of Risks via Real-Time Monitoring and Alerting.
  • Compliance Standards Supported.
  • 24/7 Incident Response Supported by GCIH Certified Incident Handlers
  • Cost Saving – No Need to Build Internal SOC Capabilities or Maintain the Required Tools.

To learn more about XDR, the features, and benefits, download the SecurityHQ data sheet here. Or, if you want would like to speak with a security expert, contact our team.