How Do You KNOW That You Have Not Been Hacked?

by | Dec 5, 2018 | Security, Strategy

We had a client recently ask a good security question. I am paraphrasing, but it went something like: How do I know that someone is not hacked in to my network right now and able to get to my data? Sadly the answer was: You do not know. The reality is that with all of the standard security tools  and best practices being used by nearly all companies today (complex passwords, MFA, firewall, anti-virus, anti-spyware, spam filtering, Windows updates, etc.) you just do not know since these tools are for preventative measures and none of them are effective 100% of the time. Unfortunately, this leaves a proactive gap for most companies. Leveraging  an EDR (Endpoint Detection and Response) platform can go a long way to letting you KNOW if someone has hacked in and is stealing your data and STOPPING it in real-time.

There have been so many news stories about major security breaches where millions of records were stolen. Nearly all of the breaches happened months or even years before they were found and stopped. Crazy. I think several things led to this lack of security, but mainly it was the fact that the traditional thinking and tools where to blame. Internal IT was doing what they had always done (complex passwords, MFA, firewall, anti-virus, anti-spyware, spam filtering, Windows updates, etc.) and not doing a very good job at that. There were no proactive tools in place so bad things happened.

So what is EDR?  EDR is a proactive approach to security that monitors endpoints in real time and hunts threats that have infiltrated a company’s defenses. An agent monitors computer activity and looks for correlations; when it sees abnormal activity, it sends out an alert  with details so it can be investigated. 

EDR protects against file-less malware, malicious scripts, or stolen user credentials. It is designed to track the techniques, tactics, and procedures that an attacker uses. But then it goes even deeper. Not only does it learn how attackers break into your network, but it also detects their path of activity – how they learn about your network, move to other machines, and attempt to accomplish their goals in the attack.

You will still need to have the usual tools like a firewall, anti-virus, and the rest of the list mentioned earlier, but maybe it is time to look into EDR. It is a cost effective solution that can finally help you to stop worrying if a hacker has gotten into your data. Have any questions or want to discuss your security situation? Send me an email or give me a call and we can discuss in greater detail.

 

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Recovering from Cyber Risks in SMBs Using the NIST Framework

Recovering from Cyber Risks in SMBs Using the NIST Framework

A ransomware attack happens every 11 seconds. In 40% of companies that get hacked, the same organization is hit again within 9 months. I don't share that to scare you (Although, it should get your attention.) It happens because companies think they have addressed and...

Responding to Cyber Risks in SMBs Using the NIST Framework

Responding to Cyber Risks in SMBs Using the NIST Framework

Prudent business leaders and risk managers understand that identifying, protecting against, and detecting risks are necessary, albeit fallible, actions to mitigate a complex world full of risks. As we have seen from prior posts, cost, time, and resource tradeoffs...

Detecting Cyber Risks in SMBs Using the NIST Framework

Detecting Cyber Risks in SMBs Using the NIST Framework

You have been following the NIST framework and have successfully identified the areas of risk and implemented protections against them. We're now at the stage to ensure that we are able to detect any breaches that make it over the proverbial "wall." This is a CRITICAL...

Share This