Traditional security systems, such as firewalls and intrusion prevention systems are all point in time devices. They may see a threat that may enter or leave your network, at that time. If the threat, at the time, were deemed a non-threat, it would be allowed to pass. Today’s attacks can be polymorphic and multi-staged attacks, meaning the malware enters the system undetected as benign files only to morph into malware later that compromises the system. Multi-staged attacks could copy your data offsite without your knowledge as stage one, and then phase two will encrypt all the files. In most cases, the business is so busy dealing with the recovery of their data they do not even realise the bad actors stole or wiped the data first. (Cisco, 2018)
A seemingly small incident may be a precursor to an imminent attack. Our approach is to use the collective intelligence of the large cyber threat companies, such as Talos Intelligence, and their cloud scaled power to help identify and retrospectively alert us to ongoing threats.
Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. https://www.talosintelligence.com/about
The protection of client data and maintaining effective system security to protect client information is of paramount importance to ensure:
- Client information confidentiality, integrity and privacy
- Business information security
- Prevent interruption of services
- Firewalls both physical and virtual
- Multifactor / 2Factor authentication
- Email security appliances
- DNS / URL filtering
- Virtual Private Networks
- Secure remote file access
- Device encryption
- Application whitelisting (running a Standard Operating Environment, locked down to selected applications)
- Restricting removable storage device access
Mercury IT has worked with the industry leading Security Vendors to create a layered defence package containing 5 leading complimentary components to improve the defence posture of our customers.
We have called this package Active Cyber Defence (ACD) because that is what it does, actively protects your organisation from unauthorised access of your valuable data.
Mercury IT Active Cyber Defence
- Web browsing
Your users connect from many locations and devices. They no longer need the VPN to get work done — they use cloud services. What if you had a fast, easy way to protect users anywhere they access the internet?
Threats continue to increase in sophistication, but attackers often reuse the same infrastructure in multiple attacks — leaving cyber fingerprints. What if you could use those fingerprints to uncover attacks before they launch?
Cisco Umbrella is the solution.
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.
Cybercriminals are turning to email more than ever to deliver threat-centric content, using it to introduce malware into corporate systems, steal data, and extort money. With the growing adoption of cloud mailbox services like Office 365, blended attacks can target an organisation from more than one side.Although a variety of attack types continue to wage war on business email, three categories of attack are now causing the greatest concern.
- Ransomware. A particular kind of malware that blocks a target company’s access to its own data, ransomware caused losses of US$1 billion in 2016 (csoonline.com).
- Business email compromise (BEC). A real money-maker for cybercriminals and an even bigger threat than ransomware, BEC persuades high-value targets to send funds or sensitive information to malicious individuals. According to the Internet Crime Complaint Centre (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016 (ic3.gov).
- Phishing continues to be an effective attack method with clever social engineering and targeted spear phishing that dupes users into activating their campaigns and eventually compromising entire organisations. During the second quarter of 2017, 67 percent of the malware hitting organizations was delivered via phishing attacks (nttcomsecurity.com).
Cisco deploys a number of methods to create the multiple layers of security needed to defend against multiple attack types.
- Geolocation-based filtering safeguards against sophisticated spear phishing by quickly controlling email content based on the location of the sender.
- The Cisco® Context Adaptive Scanning Engine (CASE) provides spam capture rates greater than 99 percent and an industry-low false positive rate of less than one in one million.
- Automated threat data drawn from Cisco Talos™ identifies threats with increasing speed, reducing TTD and exposing even the newest zero-day attacks.
- Advanced outbreak filters provide ongoing deep inspection of URLs. With real-time click-time analysis, so that even websites that change from good to malicious behaviour can be blocked quickly.
Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. And AMP can uncover even the most advanced threats--including fileless malware and ransomware--in hours, not days or months.
Visibility and control to defeat advanced attacks
Get global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches with Cisco Advanced Malware Protection (AMP). But because you can’t rely on prevention alone, AMP also continuously analyses file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
Stop advanced malware
Using multiple preventative engines and cloud-based threat intelligence and doing the heavy lifting for you, AMP automatically identifies and stops advanced threats before they reach your endpoints.
Eliminate blind spots
AMP provides a holistic view of your endpoints, giving you deeper visibility, context, and control of servers and endpoints running Windows, MacOS, Android, iOS, and Linux.
Investigate and remediate
AMP lets you take back control of your time by drastically reducing investigation and remediation cycles time by providing a complete scope and history of threats, then gives you the power to remediate across your environment with just a few clicks.
Protection from advanced email attacks
AMP analyzes emails for threats such as zero-day exploits hidden in malicious attachments. It gives you advanced protection against spear phishing, ransomware, and other sophisticated attacks.
Continuous analysis and retrospective security
Once a file crosses the email gateway, AMP continues to watch, analyze, and record its activity, regardless of the file’s disposition. If malicious behaviour is spotted later, AMP sends you a retrospective alert so that you can contain and remediate the malware.
Deep file analysis
Advanced sandboxing capabilities perform static and dynamic malware analysis of unknown files. You get detailed analytics on the file’s behaviour and threat level to help your security team understand, prioritize, and block attacks.
Stronger network defence
Our Cisco Talos experts analyze millions of malware samples per day and push that intelligence to AMP. AMP then correlates files, telemetry data, and file behaviour against this knowledge base to proactively help you defend against known and emerging threats.
Protection from blended attacks
AMP for Email Security can be integrated with other AMP deployments to stop blended attacks across multiple threat vectors.