Detection Layer Strategy and Cyber Threat Intelligence

End User Training

The fact is someone is going to click on something they shouldn’t have, of no fault of their own, we hope, or be redirected to a malware laden website. Threats change daily! Even a secure website (https://) could be a malware infested site. The only way to try and prevent this from happening in the first place is by phishing training and testing. Yes, training. Annual or monthly 5-minute talks during lunch is not training.

Detection

Remember 91% of data breaches start with phishing! The benefits of providing ongoing training to the user will always outweigh the cost of a breach which is why cyber security is critical factor and solid network security tools. The user will gain the knowledge they need to be cyber secure at home (working from home), cyber secure in transit (working at a café) and cyber secure at work. This will help mitigate this form of attack and is your first line of defense. Fact is, with a training program in place you can take the probability of malware getting in from 50% down to 10%! Now that’s better odds I am sure you will agree. 


Dark Web Monitoring

First things first you need to know whether or not your email addresses and passwords have not already been compromised. P3 TekSolutions Dark Web ID Monitoring provides continuous searching, monitoring and reporting on the presence of your organization’s credentials on the Dark Web. Coupled with a layered approach to security, Dark Web ID Monitoring can help your organization to reduce the likelihood and impact of compromised credentials, meet compliance and ensure that you’re not the next organization suffering a breach.

NextGen Endpoint Security

Antiviruses are all the same? Definitely not! Your outdated static one dimensional, signature-based antivirus solution is no match for today’s advanced cyber threats. The lack of integration with incident response tools, leaves a gap between detection and remediation during which organizations are still highly vulnerable. SentinelOne and their Endpoint Protection Platform (EPP) unifies endpoint threat prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation.

Network and Security Scans

You need to have a network and security scan done monthly and at the very least quarterly to know what is actually going on in your network. The scan will look at your hardware, software, configurations, accessibility, security risks and do penetration testing. The result of the scans will give you a complete diagnostic of your network that you can then use to fix what vulnerabilities were found. This is another must and should be one of the first things you do to baseline your network. Scans should be done monthly and at the very least quarterly. 

Cyber Threat Intelligence

Cyber Threat Intelligence (CTI) is a collection or grouping of information that is gathered from sources both human, electronic, internal and external to the organization. This information is processed through our model for evaluation to verify its validity and is used to provide context about conditions necessary for a threat to exploit a vulnerability and if the threat is actively being used by threat actors. Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets.”  In short, we proactively monitor inside your network for suspicious activity, using the above tools, and externally monitor ongoing activity of bad actors. This allows us to proactively patch or configure your network to thwart known and poised attacks.