ControlScan Blog

Posts Tagged: Active Monitoring



  1. Home
  2. ControlScan Blog
  3. Posts Tagged: Active Monitoring

DoppelPaymer: Not Your Average Ransomware

March 9, 2020Published by

A ransomware variant, DoppelPaymer is showing some interesting new features that have morphed it into what we call “extortionware.” It is infecting systems and performing not only data encryption for ransom, but also exfiltrating data back to the attackers to be potentially released to the public if payment for the ransom is not made.

  Read More   

Sophisticated Attackers Targeting Petroleum Marketers

February 17, 2020Published by

Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.

  Read More   

Security Patching: How Fast is Fast Enough?

October 3, 2019Published by

October is National Cyber Security Awareness Month (#NCSAM), and one of the topics I like to bring up is security patching. Just about every IT leader will tell you that timely security patching is a priority for their organization. So why did our latest ControlScan research find that 43% of IT teams are taking more than a week to implement even the most critical of security patches?

  Read More   

        Featured        

Tales from the SOC: Surprise! You’ve Got Active Malware.

June 28, 2019Published by

Late in the day on a recent Friday, a new customer began installation of the ControlScan Managed Detection and Response (MDR) service to their end user systems. This customer is an SMB (small to mid-sized business) that relies on personal computers to keep their business running. Sound familiar?A few hours after the customer’s implementation was complete—at 12:05 a.m. Saturday to be exact—our MDR service blocked an attempted execution of malware that was present on one of their remote office computers.As it turns out, this active malware had been on the remote office machine since October 2018. With each user login, the malware was executing and performing data harvesting, as well as making attempts at lateral movement and propagation.

  Read More   

SMB Data Monitoring: Yes, It’s a Thing.

January 29, 2019Published by

A lot of data runs through your business’s network. Data is coming and going, and moving rapidly, as systems and applications “talk” and pass along information to each other. Most SMBs pay no attention to these internal workings and conversations, unless there is a functional failure that requires someone’s review of the system logs to determine where the breakdown occurred. The rapid increase in malware, however, is causing many executives to choose a more active IT security strategy.

  Read More   

The Pros and Cons of Security Automation

November 15, 2018Published by

Security automation is a hot topic these days, mainly because it’s become humanly impossible to keep up with the sheer volume and variance of cyber threats hitting organizational IT networks at any given time. Even with the best security defenses in place, sooner or later an attacker is going to get through. The goal, of course, is to discover the attack and mitigate it as quickly as possible—and that’s where security automation can be extremely valuable.

  Read More   

        Featured        

SIEM and MDR: Dancing Through the Minefield

October 2, 2018Published by

There’s a lot of buzz in the marketplace these days around SIEM, which is Security Information and Event Management. I’ve had people tell me that their SIEM technology isn’t of much use, and others tell me that it’s critical to their business’s everyday security posture. The vast difference between those two is usually the same thing, which is how the related tools are deployed, and what the staff around them looks like.

  Read More   

Healthcare Data Security Requires Active Monitoring and Management

April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.

  Read More   




Back to Top