When EDR Is Not Enough

15th July 2022


It seems a day does not go by without some headline of a successful cyberattack. I recently read about a medical center with the records of 1.2 million patients compromised. As reported, “the attack in question was perpetrated by an unauthorized third party who accessed certain systems containing personal information, removing data from the network between March 31 and April 24.” 

Let’s make a note of the term “network.”

Another recent headline was about a new ransomware attack called Black Basta (a new strain and gang). Also reported, Black Basta, “uses a double extortion scheme via VMWare running in Linux servers.” Black Basta has reportedly demanded as much as $2 million from some companies. Double extortion is the trade term for an attack that both steals and locks the data – extortion one – pay to unlock the data, and extortion two – pay to not have them sell the data. Black Basta penetrates a victim’s network and steals sensitive information by moving laterally through an organization.

There is that term “network” again.

My point is that attackers have proven ways to bypass even the best endpoint detection and response (EDR) tools; they can bypass them, hide from them, and trick them for just long enough to move laterally to an unprotected server or device. To do any of those, they must use your network. To complete any attack, they must use your network. To execute ransomware, they must use your network, and to exfiltrate data,  they must use your network.

Ladies and gentlemen, you MUST watch your network. The medical center above was not watching. If you fall victim to Black Basta – it is likely you are not watching.

Each day a new headline, a discussion about how the attacker made it into the network, and another company that forgot to monitor the network is burned.

Do I seem frustrated?

There are many really good network defense tools out there that can solve this problem. Network Detection and Response is not a new market; it is mature, with proven technology. Many vendors offer solutions ranging from super sophisticated for large enterprises to super automated and easy to operate for smaller teams. CyGlass provides a practical and very affordable solution for those small teams.

So when planning your next cybersecurity budget and projects, please do yourself a big favor and do not forget your network.

 

Bill Munroe

VP Marketing, CyGlass