Why Detection matters: A True Story
Dustin and Trey sat down to have another conversation about why the detect phase of NIST's Cybersecurity Framework is important in a short transcribed call. The conversation has been lightly edited.
Dustin: The Cybersecurity & Infrastructure Security Agency (CISA) came out last week and said oops, we've been having a problem with the hackers getting in and it was a VPN product that they did not patch, even though they were sending out notices to all the companies and the country saying, hey, this is a big problem, you need to patch it. They did not take their own advice and got hacked. My whole reason for bringing that up was you have to protect yourself, but at some point, even the government can't protect itself.
That’s why the detect phase, which we covered about a few weeks ago, is really important. Last year, we found attackers within 5 minutes with one of our clients and were able to get them out. That's the detect phase in action. If we hadn't had somebody sitting there on the weekends watching everything from a security standpoint right, we wouldn't have seen that ransomware beacon happen and would not have been able to shut it down in 5 minutes.
Our security team knows the way that ransomware works is, Huntress calls it a command-and-control beacon on your computer, so they got that beacon loaded, and that's what we saw. That Beacon connects back to the ransomware servers, downloads the ransomware, and uploads your files. We have also talked about the dwell time, the amount of time hackers will sit in your system without making a move so that beaconing is like the dwell time where you still have the advantage against the hackers. If you can catch it during the beacon phase, then there's no harm done. Which is a really important part. So the question is how do we go through our phases, right? It used to be just protect, protect, protect, protect. Now everything is equally as important.
Trey: If you would like to know in what areas your company could be potentially exposed for a breach, fill out our website form to schedule a time with a partner to talk about doing a security audit!