Darktrace – Protection from What You Don’t Know You Don’t Know

By | Security | No Comments

Protection From the Unknown

In the ongoing arms race of network security, threats can be broken down into three broad categories: the things you know, the things you know you don’t know, and the things you don’t know that you don’t know.

We know about things like ransomware, trojans, botnets, phishing emails, cryptomining hijacking, etc., and we have a pretty good idea of how to protect our networks against these threats – although we also know that no protection scheme is perfect, and we’re always vulnerable to a user clicking on the wrong thing.

We also know that we don’t know when the next ransomware variant will emerge, or what its primary delivery vector will be. Likewise, we know that there will be another zero-day vulnerability, but we don’t know when, or what it will look like. Still, we have some idea of what kind of protection measures to put in place.

Arguably, the most difficult threats to protect against are the things you don’t know you don’t know – those things that you don’t even know you should be concerned about: the personal laptop that someone brought in and connected to your network; the unauthorized – and unsecured – wireless access point that someone plugged in under their desk; and the rapidly proliferating Internet of Things. All kinds of IoT devices are being connected to our networks: security cameras, HVAC control systems, building entry systems, lighting systems, medical devices in healthcare institutions, and things that may have never even crossed your mind as potential threats. For many – if not most – of these devices, there is no way to install endpoint protection software, or even a SIEM monitoring agent, on the device.

Case in point #1: A water park, which will remain anonymous, installed some lockers for their guests to use to store their valuables while enjoying the park. These lockers were connected to the corporate network. They were also configured to “phone home” to the manufacturer via the public Internet to obtain software updates. This update function, by default, was unsecured and unencrypted. An attacker was able to use this update function to gain control of one of the lockers and use it to launch a “low and slow” attack on the network.

Case in point #2: A casino had a large fish tank, with automated sensors to monitor water temperature, salinity, oxygen content, feeding schedules, etc. These sensors connected to the network via Wi-Fi. Even though they attempted to isolate the tank on a separate VPN, an attacker was able to gain control of the fish tank and begin using it to exfiltrate data.

How are you supposed to protect against threats like these, when you probably had no idea such attacks were even possible?

The answer is Darktrace – and, fortunately, both the water park and the casino were Darktrace customers.

Last week, Darktrace and Xiologix held seminars in Seattle and Portland. Attendees from the local business communities learned how Darktrace was able to protect against these threats and many more.

Darktrace was founded in 2013 by mathematicians from the University of Cambridge and government cyber intelligence experts in the U.S. and the U.K. Today, it has grown to more than 30 offices globally, with more than 700 employees and more than 7,000 deployments in businesses of all sizes, including some of the largest and most prestigious companies in the world.

In it’s simplest configuration, Darktrace is a cloud-based service that uses an appliance – provided as part of the service – that is connected to your core network switch. Using the port mirroring function of the switch, the Darktrace appliance is able to see all of the traffic on your network. Over a period of a couple of weeks, using autonomous machine learning, Darktrace learns what normal behavior looks like for every single device and user on your network. Then, when abnormal behavior is detected, it can respond within seconds to surgically block the suspect traffic and isolate the threat, while still allowing normal traffic on your network to be unimpeded, thus buying precious time for your security team to respond to the detected threat.

In case #1, Darktrace detected the attempt of one locker to access server data that it had never tried to access before and that no other locker had tried to access. Darktrace blocked the connection attempt, and alerted IT staff to the threat…and probably saved the water park from joining the long list of companies who have made front-page news by losing large amounts of sensitive customer data. In case #2, it was not unusual for the fish tank to occasionally communicate with other computers on the corporate network, but it *was* unusual for it to be transferring data to an external location that turned out to be somewhere in Finland. Again, Darktrace was able to alert IT staff to the threat in time to prevent the potential loss of a large amount of data.

Darktrace can also protect against more typical threats, such as a user who suddenly tries to access or download an unusual amount of data that the user has not typically accessed in the past, or a workstation that unexpectedly begins transferring data to an external location, or the characteristic pattern of malware trying to move laterally across the network from an infected machine to infect other systems or encrypt network shares.

Darktrace’s protection can be extended to your cloud and SaaS applications as well, giving you unprecedented visibility of what’s happening across your enterprise. As one customer put it, “When we activated Darktrace Cloud, it was like flipping on a switch in a dark room.”

If this sounds interesting to you, we would be happy to set up a Proof of Value at no cost or obligation to you. We’ll arrange for a Darktrace appliance to be brought out and connected to your network. It takes about an hour to set it up, and a couple of weeks for it to learn enough about your environment to produce a report so you can see for yourself the value that Darktrace can bring to your organization. Just give us a call or send us an email, and we’ll take care of it.

Mobile AP Solution – Ruckus M510 AP

By | Networking, Wireless | No Comments

Read More

Fortinet earns TWO 2019 US SC Awards!

By | Security | No Comments

Fortinet earned the Best UTM Security Solution Trust Award AND the Best Security Company Excellence Award!

Fortinet has had a well-earned great week at #rsac2019! In addition to announcing the new FortiInsight UEBA solution, it was announced that Fortinet earned the Best UTM Security Solution Trust Award AND the Best Security Company Excellence Award! These are a few of the great honors that SC Media awards each year and an invaluable service they provide in highlighting cybersecurity brands making strides in protecting our organizations, customers and data. We are excited to see Fortinet and many of our other technology partners honored with these prestigious awards. Read More

Xiologix CTO Christopher Kusek Earns 2019 VMware vExpert Designation!

By | General | No Comments

Christopher Kusel Earns VMware vExpert Designation for 11th Consecutive year!

It is official – He is in! Christopher Kusek once again earns vExpert designation for the 11th consecutive year! VMware vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Congratulations Christopher!  

Read the Full Announcement Here.

Still Running Exchange 2010? Time to Plan Your Migration

By | Cloud, Security | No Comments

Benjamin Franklin famously stated, “…in this world nothing can be said to be certain, except death and taxes.” Of course, in Ben’s day, they didn’t have software lifecycles to deal with. These days, we can add another thing to the list of certainties: software upgrades. Time marches on, and so does software development. Eventually, the old versions just get too expensive and difficult to support. The latest to hit the warning list: Microsoft Exchange 2010.  Read More

If You’re Not Leveraging the Cloud for Backup and DR – Why Not?

By | Backup, Cloud, Disaster Recovery | No Comments

According to recent data, 64% of small & medium-sized businesses are already using some kind of cloud-based software. 88% of SMBs consume at least one cloud service, and 78% report that they are considering purchasing new cloud solutions in the next year or two. So chances are that you are already somewhere along the path in your journey to the cloud. So here’s a question: Are you leveraging the cloud for backup and disaster recovery? If not, why not?
Read More

Why You Need a Mobile Workspace

By | Security, Virtualization & Mobility | No Comments
Snowy driveway

This is the view down my driveway today. I realize that my friends in the Midwest are either laughing or shaking their heads (or both) at the relatively miniscule amount of snow – but I live in one of the suburbs of Seattle, where the only people whom you can trust to know how to drive in the snow are the ones with ski racks on their cars, and where a lot of people don’t realize that having a 4WD SUV may help you go better, but it doesn’t always make you stop (or steer around that right-angle corner at the bottom of the hill) better. And speaking of hills, we have a lot of them. And our local government agencies – particularly out in the ‘burbs and the unincorporated areas of the counties – are notoriously ill-prepared for significant snowfall, because how do you cost-justify a big investment in the necessary equipment when you only need it once every couple of years? Read More

Call Now Button