In a constantly connected world, free WiFi can seem like an oasis in the desert, allowing you to ration your data and safeguarding you from eye-watering overage fees.
Unfortunately, public WiFi is inherently less safe than personal, private networks such as your home internet or the office network.
Public WiFi Leaves You Vulnerable
Public WiFi is inherently risky: after all, you have no idea who else is on this network and what they are up to. While businesses such as stores and organizations like your municipality or public library may think they are offering a helpful public service or a valued customer perk, you can’t be sure that they take security as seriously as you do.
Man-in-the-Middle (MitM) attacks are one of the most common public WiFi cyberattacks and are, at their core, a form of digital eavesdropping. Essentially, when a device such as your phone, tablet, or laptop connects to the internet via a public WiFi network, data is sent between point A (your device) and point B (the website you are visiting or the server that hosts the app you are using). Man-in-the-Middle attacks allow cybercriminals to camp out between these two points and intercept your traffic, which they can then either read or manipulate.
Man-in-the-Middle attacks take a number of forms, including interfering with legitimate networks, creating fake networks that the attacker controls, or rerouting internet traffic to phishing or other malicious sites. Compromised traffic is stripped of any encryption protections, which allows the attacker to steal information or change the information you are transmitting.
Attackers don’t want you to realize they are manipulating your traffic, so it can be difficult to realize an attack has occurred until you discover your email address is being used to send spam, your bank account is empty, or you uncover other evidence of nefarious activity. As such, users must take steps to avoid falling victim to these attacks.
While using multi-factor authentication can make it more difficult for attackers to gain unauthorized access to your accounts, your username and password can still be compromised. As such, if you absolutely cannot wait to log in to your bank account or conduct other sensitive business, opting for a cellular connection or using your phone as a personal hotspot for your laptop is a better option.
Malware & Malicious Hotspots
While most developers do their best to ensure the programs they create are secure, sometimes mistakes happen, and programs, apps, and websites can inadvertently be left with security holes or other weaknesses. Attackers use these vulnerabilities to sneak malware (malicious software) onto your device.
Another common technique involves setting up fake hotspots full of malware and making them look like legitimate networks; an attack sometimes referred to as a honeypot. These networks usually adopt reputable names in order to trick victims into connecting.
For example, let’s say you decide to visit a coffee shop called Kim’s Cafe. You open your phone and, without thinking, select the “Kim’s Cafe” WiFi network. How do you know that network is actually owned by Kim’s Cafe? While some businesses that offer complementary public WiFi post the network name prominently (to help ensure visitors aren’t connecting to suspicious networks), not all businesses do. You can ask a staff member for the name and password for the guest network, but that doesn’t guarantee their network is secure. When in doubt, go without or use your cellular data, don’t just select a network that appears legitimate and hope for the best.
Tips for Staying Safe on Public WiFi
When it comes to public WiFi, caution is the name of the game. The best way to stay safe on a public WiFi network is to not use the public WiFi network. However, we also understand that this can be easier said than done.
If you do have to use public WiFi, you should start by asking yourself a single question: If someone was reading over my shoulder right now, how would I feel about it? If the thought of some stranger reading your screen makes you anxious or angry, you should probably hold off until you can connect to a secure network.
To help you get started, here are links to guides on how to manage your security settings on these commonly used web browsers:
If you need to use public WiFi, limit your activities as much as possible and avoid visiting any sites or using Apps that involve handing over your personally identifying information (PII), such as banking details, usernames, and passwords, or medical information. You wouldn’t carry a sign around with your personal information splashed all over it, so why would you risk revealing this highly sensitive data on a public WiFi network?
If you have to use a public network, stay clear of apps and websites that require you to log in. Some websites and apps require you to enter things like your full name, phone number, and other identifying information when you create an account, so even if you don’t remember providing that information when you registered, you may inadvertently be exposing that information if an attacker intercepts your internet traffic.
Consider a VPN
If you spend a lot of time away from your desk and absolutely need to stay connected (say you are traveling for work and don’t have unlimited data), you might want to consider a VPN. A VPN allows you to create a secure connection between your device and another network (such as your work network) over the internet, shielding your browsing activity and keeping you off of public WiFi networks.
To help safeguard sensitive company data and other digital assets, many employers provide their employees with VPNs to ensure they are always using a secure connection while accessing company data. After all, you have no idea if your employee’s home network, local cafe WiFi, or complimentary hotel network meet your security standards.
No VPN? Look for the Lock
If you don’t have a VPN, there are still steps you can take to help safeguard your data while using public WiFi. SSL connections add a layer of encryption to your network traffic, which can help keep you safe on public WiFi. When using the internet, make sure you enable the “Always Use HTTPS” option on your browser or any websites you frequently visit that require you to enter any credentials and never enter credentials into unsecured websites.
Disable AirDrop & File Sharing
If you absolutely have to use a public WiFi network, you should turn off any features on your device that enable frictionless file sharing.
Learn how to manage your file-sharing settings on Windows 10 and on a Mac.
Leave WiFi & Bluetooth Turned Off
Leaving your WiFi and Bluetooth settings turned off when not in use can help prevent your device from connecting to unknown networks or other devices without your explicit consent.
Actually Read the Terms & Conditions
We know that no one actually likes wading through pages of dry technical text, but before you connect to any public WiFi network, make sure you know what you are signing up for. Look for information on what data the network collects, how it is used, and how it is stored, and keep an eye out for any red flags before you click the Accept button.
Avoid Nosey Networks
Be wary of any public WiFi networks that require you to enter personal information, such as your email address or phone number. If you absolutely have to connect to a network that requires a lot of personal information, make sure you trust the organization that owns the network and consider creating a separate email account specifically for situations like this.
Find Out if Your Cable or Cell Phone Company Offers Complimentary Public WiFi
Some cell phone providers and cable companies manage complimentary WiFi hotspots for their customers, so if you spend a lot of time searching for free WiFi you may want to see if your service provider offers this perk. If you are connecting to free public WiFi through a service you are already signed up for, then you don’t have to hand over any more personal information than you already have.
Log Out When You Are Finished (Even At Home)
Logging out of all your accounts when you are done may seem like a pain, but it can help safeguard your personal data when your device leaves your home or office. By logging out when you are finished, you can rest assured that you aren’t inadvertently exposing your sensitive data when you grab a coffee or head to the mall.
Look for Password Protected Networks
When it comes to public WiFi networks, passwords are your friend. While adding a password won’t guarantee airtight security, it does help limit who has access to the network and for how long (assuming the organization that owns the network rotates their password frequently). This bare minimum level of security does help, but you should still avoid visiting websites or using apps that contain sensitive information such as PII or private work files.
Invest in an Unlimited Data Plan
At the end of the day, the best way to stay safe on public WiFi is simply to avoid connecting to public WiFi networks in the first place. If you anticipate having to do a lot of browsing away from your home or work network, you may want to consider investing in an unlimited data plan.
Though the best course of action is to avoid public WiFi networks altogether, there are steps you can take to safeguard your device and personal data if you need to connect. For more information on keeping yourself, your business, or your remote employees safe, please contact our team today.
WiFi 6 offers a lot of benefits over its predecessors, but uptake remains sluggish. In this article, we will explore the factors in the current technical environment that are impacting this revolutionary new approach to WiFi’s slow uptake.
The Risk of Being an Early Adopter
WiFi 6 was first announced in 2018 by the WiFi Alliance, making it still relatively new. As such, many organizations aren’t yet ready to make the switch. There also aren’t a whole lot of WiFi 6 clients out there yet, limiting choice and making it more difficult for organizations to find equipment that they know will meet their needs. Though some individuals and organizations pride themselves on being early adopters, most are more inclined to wait until any bugs or potential issues have been addressed before taking the plunge.
Companies in particular, who would need to invest large sums of money upgrading their entire networks to ensure compatibility, risk investing in unreliable equipment that may offer a poor UX experience or suffer from incompatibility issues. When you buy and deploy too soon, you might not be able to upgrade without re-purchasing everything again, dramatically increasing deployment costs. While larger enterprise-sized companies may be able to absorb the cost of re-purchasing equipment should they discover a compatibility issue or other problem, SMBs tend to have fairly limited IT budgets, which make re-purchasing a hard expense to handle.
Not All Devices on the Market Support WiFi 6
WiFi 5 remains the default when it comes to devices, so even if you upgrade your WiFi network, chances are most BYOD employees, customers, and visitors won’t likely notice the difference. WiFi 5 devices can work on WiFi 6 networks, but because they can’t broadcast in the 6GHz band, they will be limited to WiFi 5 speeds.
Samsung has already announced compatible products, and Intel has begun manufacturing WiFi 6E compatible devices (though they have done so without any fanfare or even a press release or announcement of any kind). However, Apple remains a holdout and has yet to announce a WiFi 6 compatible device.One source speculates that once Apple gets on board, we will see a noticeable increase in interest.
Once more WiFi 6 compatible devices (including smartphones, desktops, laptops, and tablets) begin to emerge, companies and individuals alike may become more inclined to make the switch so they can enjoy all the benefits WiFi 6 offers.
WiFi 5 is Still Going Strong
If it isn’t broken, why fix it? For many organizations, their WiFi 5 network and devices are still in good condition and continue to meet their needs. While upgrading to WiFi 6 will offer some benefits (assuming they invest in WiFi 6 compatible devices as well), many organizations are more inclined to stick with what works than invest in new equipment prematurely.
WiFi 6 Equipment is Still Quite Expensive
Because it is still relatively new, WiFi 6 compatible equipment and devices are still relatively expensive compared to their perfectly functional, tried-and-true WiFi 5 counterparts.
Most organizations can’t risk investing large sums of money in equipment that may present issues (such as the compatibility issues we will discuss later in this article) or be unable to meet their needs and are therefore more likely to upgrade with extreme caution.
Not Every Organization is Ready to Upgrade
Upgrading your entire network, or even just your employee’s work devices, is a large expense. As such, many SMBs need to plan their upgrade cycle’s carefully and do their best to get the most out of their current equipment before investing in an upgrade. Many WiFi 5 routers and other WiFi 5 devices and equipment are still in excellent condition, so it may not make sense to invest in a whole new network right now when your current solution continues to meet your needs.
Depending on where an organization is in their upgrade cycle, it may be a few years until a new networking solution is needed and everyone is due for new work phones and laptops. And even if organizations are ready to upgrade now, they may opt to stick with what they know and wait to adopt WiFi 6 on their next upgrade cycle once more devices, APs, routers, and other equipment options are available and have a proven track record.
Upgrading Your Whole Network is Inherently Disruptive
Upgrading is also disruptive, impacting productivity while the network is offline and potentially presenting a learning curve as workers familiarize themselves with new devices and equipment. As such, many organizations try to minimize the number of times they upgrade or may time their upgrades for periods of downtime when business is likely to be slow, and the impact of the disruption can be minimized.
Your WiFi Network & Devices are Just One Piece of the Enterprise Network Puzzle
When most companies think of WiFi, they think of the devices that rely on the network and the visible equipment, such as APs, that support them. However, upgrading your WiFi network, laptops, tablets, smartphones, and desktops is only the beginning.
To fully enjoy the benefits WiFi 6 offers, organizations will need to upgrade their entire network infrastructure, which can be costly and highly disruptive. Only upgrading your WiFi can present compatibility issues with the rest of your IT infrastructure, so you will need to conduct a holistic review of your existing IT ecosystem before committing to WiFi 6.
Compatibility issues can wreak havoc on your network, preventing your workers from completing tasks and bringing productivity to a grinding halt. As such, it is critical that you do your research before you commit to upgrading and consider consulting the experts to ensure you’ve covered all your bases.
Whether you choose to upgrade now or continue to wait, it is vital that your equipment is correctly installed and configured to ensure your network remains secure. For more information about WiFi 6, or to begin planning your network upgrade, please contact our team today.
Over the last year, there has been a lot of chatter surrounding WiFi 6 (also referred to by its IEEE standard name 802.11ax). But what exactly is WiFi 6? In this educational article, we will discuss what makes WiFi 6 different from its predecessors, WiFi 4 and WiFi 5, so you can get the information you need to make informed decisions about upgrading your WiFi network.
This is critical as the number of devices in each home and business continues to rise. The days of a single device per employee and a shared household computer are long gone; according to Statista, the average American household was home to 10.37 connected devices in 2020, and that number is likely only going to continue to increase. Many employees are now equipped with a laptop and a company phone, and with the continued rise of IoT devices in both homes and workplaces, the demand for bandwidth will only increase.
What are the Benefits of WiFi 6?
WiFi 6 offers a wide range of benefits, including:
WiFi 6 promises speeds up to 30% faster than WiFi 5, which means your employees can spend more time working and less time waiting for web pages and internet-based programs to load.
Increased Range
In situations when you are relying on a single router, WiFi 5 and WiFi 6 offer approximately the same range because WiFi range is dictated by the radio frequencies the APs can access (5GHz and 2.4GHz). However, if you switch to a WiFi 6 mesh system, you can increase coverage by placing the APs farther apart and use WiFi 6’s faster speeds to make up for the increased distances. Being able to place APs farther apart can be incredibly beneficial in situations where physical cabling is either inconvenient or impossible to lay.
Though the increased distance between the APs will cause a small decrease in network speed and performance, this decrease is so minuscule you and your team likely won’t notice a difference.
Reduced Latency
Latency (the amount of time it takes for something to load) remains a large problem for many WiFi users. How fast and reliable your WiFi is depends on a variety of factors, including the signal strength of your connection and how many other devices are on the network. By expanding bandwidth access, your network will now be able to support more devices than before, allowing all WiFi traffic to move faster and increasing network reliability.
WiFi 6 achieves this using OFDMA (Orthogonal Frequency Division Multiple Access), which is an extension of OFDM (Orthogonal Frequency Division Multiplexing) architecture (which is used by WiFi 4 and wiFi 5). While OFDM relies on a single-queue style system, which requires each device to patiently wait its turn to receive data, OFDMA allows the router to transmit data to more than one device at a time, dramatically reducing or even eliminating the need to queue.
It does this by splitting traffic into smaller packets, so each device can receive a small amount of the data it is waiting for and pass that information on to the end-user while it is waiting for the rest of its packets. This functionality is great for high-traffic environments such as stadiums, conference centers, and large retail environments where employees, visitors, and customers are going to need WiFi access.
Increased Power
Connecting to a WiFi network requires a proportionally significant amount of power, particularly if a device is moving in and out of WiFi range. Wider ranges, and the ability to comfortably support more devices, means that devices will need to expend less energy maintaining a reliable WiFi connection, which means your devices will be able to go for longer between charges.
WiFi 6 accomplishes this using target wake times (TWTs, also called wake time targets), which allow the APs to communicate with devices and let them know how long they will be left waiting between transmissions. By providing devices with this information, the devices can “sleep” between transmissions, only waking up when the device needs to connect again. These short bursts of downtime significantly reduce how much power the battery needs to expend to maintain a WiFi connection, which can extend the battery life of laptops, smartphones, tablets, and other WiFi-connected devices on your network.
Better Throughput & Reduced Congestion
When there are more devices on your WiFi network than the network can comfortably serve, WiFi performance suffers, and some devices may lose connection entirely. Because WiFi 6 uses OFDMA, it has better MIMO (multiple in/multiple out).
Using multiple antennas, each AP is able to talk to several devices simultaneously, while WiFi 5 networks can only respond to one device at a time, creating bottlenecks and slowing down the connection of every device on the network. Being able to respond to multiple devices at once reduces the amount of time each device needs to wait for its turn, increasing speeds for everyone.
Another advantage of WiFi 6 over its predecessors is BSS (basic service set) “colors”. These colors, labeled 0 through 7, are incredibly useful when multiple APs near one another are transmitting on the same channel. While older WiFi deployments typically assigned multiple APs to the same transmission channels (a necessary approach given the limited amount of bandwidth available), causing traffic jams and slowing down everyone’s connections. To make matters worse, devices weren’t able to effectively communicate or negotiate with each other to maximize channel resources, increasing congestion further.
Using the color-coded system, APs can assess signals from each color and determine whether they can use the spectrum at the same time as another device without causing interference by selecting a color that isn’t currently in use.
It’s like if a grocery store had seven checkout lanes open instead of one: The old WiFi standards required all shoppers to cram into a single checkout lane, but the shoppers can talk to one another, so sometimes two or more shoppers will try to purchase their items at the same time, causing a traffic jam while the cashier sorts everything out. The color-coded system allows each shopper to assess which of the seven checkout lanes has the shortest line (or ideally no line at all) and line up there, improving efficiency and getting everyone out of the store faster.
WiFi 6 offers a wide range of benefits from both a security and usability perspective. Are you considering upgrading to WiFi 6? Our experts have experience with a wide range of technologies, verticals, and industries and work with organizations of all sizes to support their IT and networking needs.
For more information about WiFi 6, or to get started planning your upgrade, please contact our team.
Cybersecurity is more important than ever before: According to Government Technology, though 2020 saw an overall decline in the number of breach events, the number of breached records grew dramatically, and the number of ransomware attacks doubled between 2019 and 2020.
These troubling trends demonstrate why a robust yet adaptable cybersecurity stance is critical for all organizations, regardless of size or vertical. But how do you know if your organization has experienced a breach? In this article, we will discuss common types of cybersecurity breaches, and red flags you should look for that may indicate a breach has occurred.
A security breach is like a break-in, but instead of breaking into your house or business, they break into your digital systems to steal personal information or sensitive documents or damage your network. However, there are steps you can take to best safeguard your digital assets, which include:
Creating a cybersecurity incident response plan, reviewing it regularly, and updating it as necessary. Having a plan in place is critical because it allows you to respond quickly and lays out, in advance, who needs to do what should an incident occur.
Investing in employee cybersecurity training. Even the best cybersecurity incident response plan is effectively useless if your team doesn’t understand why security is important, what role they play in it, and how to respond should an incident occur. All new hires should undergo training, and all employees from the CEO down should receive regular refresher training.
Regularly monitoring your network for suspicious activities. These suspicious activities, called IOCs or indicators of compromise, will be discussed in depth later in this article.
Breaches Have Wide Reaching Consequences
Breaches cause more than headaches: to address the situation, you will likely need to pull critical personnel from other projects, hindering productivity and severely impacting your daily business activities. Depending on what data is stolen or what systems are compromised, you may also suffer financial damages in the form of regulatory fines or even lawsuits.
A poorly handled breach can cause permanent damage to your organization’s reputation, damaging consumer trust.
Many cybercriminals rely on malware (malicious software) to infiltrate protected networks. The malware is often delivered via email or by tricking unsuspecting employees into downloading corrupted files from compromised or malicious websites.
For example, an employee receives an email with an attachment, which infects your network when the attached file is opened or visits a compromised site and downloads the file directly. Once one computer is infected, the malware will likely spread to other areas of your network, sending sensitive data back to the attacker, laying the groundwork for a larger attack, or damaging your digital infrastructure.
Phishing Attacks
Phishing attacks are designed to trick potential victims into believing they are talking with someone they trust (such as a colleague, their bank, or another trusted individual or institution) in order to hand over sensitive information (such as credit card numbers, usernames, passwords, etc.), grant the sender access to restricted areas of the network, or trick the target into downloading malware.
For example, an employee might receive an email from someone pretending to work in your IT department asking them to reset their username and password, or from “their boss” requesting confidential files, or from “your company’s bank” warning that they have detected suspicious activity on a company credit card or in a company bank account, and requesting the recipient click on a link in the email to login and review the flagged transactions.
In all three scenarios, criminals are acting as trusted individuals or individuals working on behalf of trusted institutions in order to trick unsuspecting email recipients.
DDoS attacks are designed to crash websites, preventing legitimate users from visiting them. Attackers do this by flooding websites with traffic, either by working with other attackers or by programming bots (software programs programmed to perform repetitive tasks) to hammer the server hosting the website with requests.
DDoS attacks are considered security breaches because they can overwhelm your organization’s security defenses and severely curtail your ability to conduct business. Common targets include financial institutions or government bodies, and motivations range from activism to revenge to extortion.
IOCs are pieces of forensic data, such as system log entries or files, that identify potentially malicious activity on a network or system. Like suspicious ink-stained fingers or an errant muddy footprint in a Sherlock Holmes book, IOCs are clues that help security and IT professionals detect data breaches, malware infections, or other suspicious activities.
By looking for IOCs regularly, organizations can detect breaches as soon as possible and respond swiftly, limiting or even preventing damages by stopping attacks during their earliest stages.
However, IOCs are not always obvious or easy to detect: they can be as obvious as an unexpected login or as complex as snippets of malicious code. Cybersecurity and IT analysts often look at a range of IOCs when trying to determine if a breach occurred, looking at how different IOCs fit together to reveal the whole picture.
IOCs vs IOAs
IOAs (indicators of attack) are similar to IOCS, but instead of focusing on the forensic analysis side of a compromise that has already occurred, these clues aim to identify attacker activity while the breach is in progress.
A proactive approach to security relies on both IOCs and IOAs to uncover threats or potential threats in as close to real-time as possible.
Common IOCs and IOAs
There are many IOCs and IOAs that IT and security analysts look for, but some of the most common include:
Unusual outbound network traffic. This could indicate someone is moving sensitive files off the network.
Anomalies in privileged user access accounts. A common tactic used by attackers is to either escalate privileges on accounts they have already compromised or use compromised accounts as gateways to more privileged accounts. By monitoring accounts with access to sensitive areas of your network, analysts can look out for signs of insider attacks or account takeover attacks.
Geographic irregularities. If an employee logs out of their account from an IP address in Chicago, then immediately logs back in from New York, that is a huge red flag. Analysts also look for traffic between countries that your organization doesn’t have business dealings with.
General login irregularities. Multiple failed login attempts or failed login attempts for accounts that don’t exist are both huge red flags. Analysts also look for irregular login patterns, such as employees logging in well after work hours and attempting to access files they don’t have authorization for, which likely indicate the account credentials have been compromised.
Unusually high database read volume traffic. If an employee is attempting to download and read your entire personnel or credit card database, that likely means an attacker is attempting to access those sensitive files.
A large number of requests for the same file. Breaches rely on trial and error a lot, so a large number of repeated requests for the same file (such as the credit card database we mentioned earlier) may indicate an attacker is testing out a variety of strategies in an attempt to gain access.
Suspicious configuration changes. Changing configurations on files, servers, and devices may indicate an attacker is attempting to set up a network backdoor or adding vulnerabilities to aid a later malware attack.
Flooding a specific site or location with traffic. Many attackers rely on bots for a variety of tasks and may recruit compromised devices on your network to do their dirty work. A high level of traffic from a number of devices targeting a specific IP address may indicate those devices have been compromised.
Suspiciously timed web traffic. Even the fastest typers can only type so fast, so if logs indicate that someone is trying thousands of password and username combinations a second, chances are an attacker is attempting to break into your network using a brute force attack.
These are just some of the most common IOAs and IOCs that security and IT analysts use to look for signs of suspicious activity.
To learn more about how our experienced security analysts use IOCs, or to get started improving your security posture, please contact our team today.
Recommended Reading
Identifying IOCs is just one small aspect of cybersecurity. To learn more about cybersecurity, why it’s important, and what steps your organization should be taking, please consider reviewing the educational articles listed below.
No matter how large or small your organization is, investing in your cybersecurity posture is vital for safeguarding your digital assets, your business, and your customers. To improve your cybersecurity posture, you need to get inside the mind of a cybercriminal and figure out how to stay one step ahead in this endless game of cat and mouse.
What are TTPs?
TTPs refers to the tactics (or tools), techniques, and procedures used by a specific threat actor (the bad guy) or threat actors. Essentially, TTPs refer to distinct patterns of activities or behaviors associated with a particular person or group of people and describe how threat actors orchestrate, execute, and manage their cyber attacks.
Tactics
Tactics, generally speaking, refer to the vectors used by attackers. This could include accessing and using confidential information, gaining access to a website, or making lateral movements (moving sideways between devices and apps to better map your system and look for vulnerabilities in less protected areas that they can exploit).
Techniques
Techniques refer to the methods attackers use to achieve their goals. For example, if the immediate goal (the tactic) is to gain unauthorized access to your system, then the technique could be using social engineering (such as a phishing scam) to trick employees into sharing their login credentials. A single tactic can involve multiple techniques.
Techniques act like stepping stones towards the attacker’s overarching goal, which could include damaging your systems, infecting your network with ransomware, or stealing sensitive files.
Procedures
Procedures refer to specific, actionable, preconfigured steps used by cybercriminals to achieve their overarching goals. So, for example, if the goal is to use a phishing scam to gather login credentials from employees, the procedure could involve determining what the email should say and configuring the email to download malware when a user opens the attachment included with the email.
Why are TTPs Important for My Business?
Analyzing TTPs is vital for your cybersecurity posture since the clues threat actors leave behind can be used to help identify who is responsible for an attack or breach. By analyzing TTPs, your cybersecurity team or cybersecurity partner can:
Rapidly triage and contextualize the event taking place by comparing the TTPs of the current attack with TTPs of known threat actors or groups (such as hostile foreign governments, lone criminals, criminal groups, or rival corporations) who may have launched the attack. Based on who may be behind the attack, your cybersecurity experts can try to predict what may happen next and redeploy resources to better safeguard your most critical digital assets, such as your server.
Review probable paths for research and further exploration based on what TTPs were used in the attack. This allows your cybersecurity experts to potentially identify who was behind the attack so criminal charges can be laid.
Identify potential sources or vectors of the attack. This step involves identifying how the threat actors were able to gain unauthorized access to your systems so those vulnerabilities can be addressed as soon as possible so that other threat actors can’t exploit them in the future.
Identify and investigate all systems that may have been compromised. This step is part of your incident response process and is critical for preventing further damage and rooting out potential back doors left by the attackers.
Create threat modeling exercises and improve your cybersecurity training so that your team won’t be caught unaware again should a similar or related event occur in the future.
How Can VirtualArmour Help?
Security experts like the VirtualArmour team use TTPs to help identify potentially suspicious activities. When a company like VirtualArmour is monitoring your network 24/7/365, one of the things our experts look for are TTPs. TTPs act like fingerprints: Our experts know what sort of patterns to look for and use that vast wealth of knowledge to help sift out potentially suspicious network activity from ordinary, harmless network activity.
Should an incident occur, our experts can use TTPs to narrow down the list of suspects, potentially identify third parties that may be impacted (for example, if the phishing attack came from a Gmail email address that may mean Gmail has been compromised), and allow our team to trace the route of the attack back through your network, flagging potentially compromised systems for further investigation and identifying how the attacker was able to gain access. Once we have that information, we can work with you to address your security posture’s current shortcomings and help you update your cybersecurity training so your employees are better able to identify potentially suspicious activities such as phishing emails.
To help keep organizations like yours safe, we offer a variety of managed services and consulting services, including SOCaaS (security operations center as a service). Most SMBs don’t have the budget to maintain a full, in-house security team. Virtual Armour SOC as a service offers a cost-effective solution: Our full team of cybersecurity experts and analysts act like an extension of your existing security team or can be used to supplement staff in IT light environments, managing and monitoring your network, devices, and digital assets.
VirtualArmour’s SOCaaS premium includes:
Managed Detection & Response
Enforcing Sanctioned Enterprise Applications
Endpoint Security Policies
Firewall Rule Management
Firewall Configuration
Security Incident Investigations
Regular Cadence Reporting
Identification of Vulnerable
Software/Hardware
Configuration Auditing for Security Gaps
Data Enrichment and Context for Alert
For more information about TTPs and their importance, or to get started improving your cybersecurity posture, please contact our team today.
Further Reading
To learn more about cybersecurity and the steps your organization should be taking to improve your cybersecurity posture, please consider reading one of our other educational articles.
