Network Security Assessment | Brisbane | Gold Coast

Security has become one of the most important components of ICT delivery as adversaries are developing technologies and tactics that are growing in sophistication. For their part, bad actors are building strong back-end infrastructures with which to launch and support their campaigns. Online criminals are refining their techniques for extracting money from victims and for evading detection even as they continue to steal data and intellectual property.

Traditional security systems, such as firewalls and intrusion prevention systems are all point in time devices. They may see a threat that may enter or leave your network, at that time. If the threat, at the time, were deemed a non-threat, it would be allowed to pass. Today’s attacks can be polymorphic and multi-staged attacks, meaning the malware enters the system undetected as benign files only to morph into malware later that compromises the system. Multi-staged attacks could copy your data offsite without your knowledge as stage one, and then phase two will encrypt all the files. In most cases, the business is so busy dealing with the recovery of their data they do not even realise the bad actors stole or wiped the data first. (Cisco, 2018)

A seemingly small incident may be a precursor to an imminent attack. Our approach is to use the collective intelligence of the large cyber threat companies, such as Talos Intelligence, and their cloud scaled power to help identify and retrospectively alert us to ongoing threats.

The Mercury Cyber Security Department has extensive expertise and experience across Cyber Security configuration, hardware, software and virtual appliances including:

Firewalls both physical and virtual
Multifactor / 2Factor authentication
Email security appliances
DNS / URL filtering
Virtual Private Networks
Secure remote file access
Device encryption
Application whitelisting (running a Standard Operating Environment, locked down to selected applications)
Restricting removable storage device access

Mercury IT has worked with the industry leading Security Vendors to create a layered defence package containing 5 leading complimentary components to improve the defence posture of our customers.

We have called this package Active Cyber Defence (ACD) because that is what it does, actively protects your organisation from unauthorised access of your valuable data.

Overview

When looking for a suite of cybersecurity products to protects their clients, Mercury IT wanted to target the main sources of cybersecurity threats:

Web browsing
Email

Web browsing not only poses as a threat when staff click on bad links but there are drive-by downloads and infected PCs that can connect out to command and control servers to download the payload to then damage the network and take the business offline for sometimes days. Email is still one of the largest threats to a business via Business Email Compromise, which involves spoofing and getting staff to click on bad links or carry out instructions they think were legitimate company directives. Mercury IT’s cybersecurity department wanted these products to share intelligence so an attack in one vector, such as email, could then update the Web Browsing vector to provide coordinated intelligence and protection. These enterprise features normally come with an enterprise price tag, so the last part of the puzzle was making this affordable. Mercury IT has the solution for your business, Mercury IT’s Active Cyber Defence. This is made up from Cisco’s Umbrella for web browsing security, Cisco Email Security Appliance (ESA) for anti-spam and anti-virus capability and Cisco’s Advanced Malware Protection (AMP) that sits across the ESA and your PCs and servers.

Cisco Umbrella

Your users connect from many locations and devices. They no longer need the VPN to get work done — they use cloud services. What if you had a fast, easy way to protect users anywhere they access the internet?

Threats continue to increase in sophistication, but attackers often reuse the same infrastructure in multiple attacks — leaving cyber fingerprints. What if you could use those fingerprints to uncover attacks before they launch?

Cisco Umbrella is the solution.

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

Cisco ESA

Cybercriminals are turning to email more than ever to deliver threat-centric content, using it to introduce malware into corporate systems, steal data, and extort money. With the growing adoption of cloud mailbox services like Office 365, blended attacks can target an organisation from more than one side.Although a variety of attack types continue to wage war on business email, three categories of attack are now causing the greatest concern.

Ransomware. A particular kind of malware that blocks a target company’s access to its own data, ransomware caused losses of US$1 billion in 2016 (csoonline.com).
Business email compromise (BEC). A real money-maker for cybercriminals and an even bigger threat than ransomware, BEC persuades high-value targets to send funds or sensitive information to malicious individuals. According to the Internet Crime Complaint Centre (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016 (ic3.gov).
Phishing continues to be an effective attack method with clever social engineering and targeted spear phishing that dupes users into activating their campaigns and eventually compromising entire organisations. During the second quarter of 2017, 67 percent of the malware hitting organizations was delivered via phishing attacks (nttcomsecurity.com).

Cisco deploys a number of methods to create the multiple layers of security needed to defend against multiple attack types.

Geolocation-based filtering safeguards against sophisticated spear phishing by quickly controlling email content based on the location of the sender.
The Cisco® Context Adaptive Scanning Engine (CASE) provides spam capture rates greater than 99 percent and an industry-low false positive rate of less than one in one million.
Automated threat data drawn from Cisco Talos™ identifies threats with increasing speed, reducing TTD and exposing even the newest zero-day attacks.
Advanced outbreak filters provide ongoing deep inspection of URLs. With real-time click-time analysis, so that even websites that change from good to malicious behaviour can be blocked quickly.

Cisco Esa

Cisco AMP

Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. And AMP can uncover even the most advanced threats--including fileless malware and ransomware--in hours, not days or months.

Visibility and control to defeat advanced attacks

Get global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches with Cisco Advanced Malware Protection (AMP). But because you can’t rely on prevention alone, AMP also continuously analyses file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.

Stop advanced malware

Using multiple preventative engines and cloud-based threat intelligence and doing the heavy lifting for you, AMP automatically identifies and stops advanced threats before they reach your endpoints.

Eliminate blind spots

AMP provides a holistic view of your endpoints, giving you deeper visibility, context, and control of servers and endpoints running Windows, MacOS, Android, iOS, and Linux.

Investigate and remediate

AMP lets you take back control of your time by drastically reducing investigation and remediation cycles time by providing a complete scope and history of threats, then gives you the power to remediate across your environment with just a few clicks.

Protection from advanced email attacks

AMP analyzes emails for threats such as zero-day exploits hidden in malicious attachments. It gives you advanced protection against spear phishing, ransomware, and other sophisticated attacks.

Continuous analysis and retrospective security

Once a file crosses the email gateway, AMP continues to watch, analyze, and record its activity, regardless of the file’s disposition. If malicious behaviour is spotted later, AMP sends you a retrospective alert so that you can contain and remediate the malware.

Deep file analysis

Advanced sandboxing capabilities perform static and dynamic malware analysis of unknown files. You get detailed analytics on the file’s behaviour and threat level to help your security team understand, prioritize, and block attacks.

Stronger network defence

Our Cisco Talos experts analyze millions of malware samples per day and push that intelligence to AMP. AMP then correlates files, telemetry data, and file behaviour against this knowledge base to proactively help you defend against known and emerging threats.

Protection from blended attacks

AMP for Email Security can be integrated with other AMP deployments to stop blended attacks across multiple threat vectors.