Blog | ThinkStack

Not All Security Monitoring Heroes Wear Capes

Written by Zach Hill, CTO | Apr 20, 2020 11:01:45 PM

Technology is ever-changing. It is complex and confusing. It is difficult to buy and difficult to sell because it is difficult to understand, which is why it's often removed from the business need. It takes a unique, dedicated team of individuals who understand the constant evolution related to IT and the impact on the industry in order to clearly communicate the message and protect organizations against threats. Security monitoring can sometimes feel, to some organizations, like a superhero is needed to keep their technology safe.

Unfortunately in most stories, a hero is only truly recognized for their bravery after they "save"  someone or something. Although countless warnings were probably made toward the antagonist, we can assume that for any good movie climax, they will not heed the warning. 

::CUE HEROIC MUSIC AND SUPERHERO ENTRANCE TO SAVE THE DAY::

Here is a short story about a company that didn't heed the warning and a group of IT heroes who swooped in and saved the day!

 

The Unthinkable Happens

At 6:00 AM on a Monday morning (because it’s always a Monday morning when disaster strikes), when we received an emergency call from a local company. They were unable to access any of their systems aka they were dead in the water. Their systems had been infected with ransomware. The attackers had gained access to the network, deleting all backups and locking all the servers out. When a 500-million-dollar company can’t access their systems, pay payroll, or pump gas in their trucks something needs to be done quickly.

IT Heroes to the Rescue

First, we quickly assessed the blast radius of the ransomware, created an action plan, and got to work enacting those plans. Much of the plan hinged upon leveraging the speed and scalability of AWS. The infrastructure in place hadn’t been updated in many years and immediate action was required. There was no time to wait around for hardware to ship. Our team utilized scrubbing methods to clean and sanitize the data then migrated that data to AWS to protect it. Once in AWS we began creating resilient, redundant, and secure instances and containers for employees to access their applications and data.

The Road to Recovery

The recovery process took approx. 3 weeks and included the following technology:

  • Migrated all applications, processes, and servers to AWS
  • Modernized the environment utilizing an innovation infrastructure
  • Deployed an SOC aaS (Security Operations Center as a Service)
    • Sophos endpoint security
    • KnowBe4 security training
    • Fortigate firewalls
  • Deployed a NOC aaS (Network Operations Center as a Service)
    • WAN/LAN monitoring
    • Server and workstation patching
    • Backup management

Happily, Ever After

Today, the organization is enjoying an environment which meets all their business needs. It’s supported by automated maintenance, and is protected not only by secure architecture design, methods, but by an advanced SOC.

The Moral of the Story: Be Proactive With Security Monitoring, and More

The best way to avoid breaches and ransomware attacks is by knowing those attack vectors – and right now those are email and social engineering.

  • Get a general security training in place like KnowB4 or Proofpoint and implement that for ALL employees on a quarterly or annual basis.
    • Take it a step further and do actual phishing testing against your employees. For example, if someone does click on a phishing email it will alert them that it was a test and offer best practices and show them what to look out for so they don’t click on an actual phishing email in the future.
  • Triple check to make sure your backups are really solid – do a review of your backups. They should be separate from your normal domains they should be separate from systems that everyone has access to, they should be shipped off-site, and they should be tested regularly.

So, if you’re unsure where to start or if you have questions about your current technology, give us a call or request a consultation

Our Think|Stack tribe is here day or night and happy to help. Until next time - Stay Safe & Be Well!

WE TRANSFORM & PROTECT

We Transform & Protect by putting People Before Technology. We believe that the technology your business relies on should be used to drive transformation and lead to a seamless user experience. In uncertain times it’s important to partner with people and companies you can trust. Think|Stack was built for situations like this, to help those who weren’t. 

If you’re unsure what to do next or if you have questions about your technology, our Think|Stack tribe is here to help, contact us anytime.