Canadian Cyber Security Firm Launches New Standalone Incident Response Readiness Service

ISA, a Toronto-based cyber security firm with over 20 years of experience helping organizations of all sizes solve complex challenges relating to IT security, today launched its new standalone Incident Response Readiness Service designed to help Canadian organizations respond to cyberattacks in hours rather than days. The expanded service is the result of positive customer feedback from ISA’s years of experience providing incident response as well as the need for this type of offering due to the evolving cyberattack landscape. It takes a proactive approach to cyber security and helps customers cope with ever more sophisticated attacks.

A proactive approach is key because attacks are becoming more sophisticated. For example, cybercriminals are increasingly using file-sharing to distribute their malware payloads, according to recent data from ISA’s Cybersecurity Intelligence and Operations Centre (CIOC).

It’s easier to carry out an attack by moving within an organization rather than relying on e-mail attachments, Pollitt explained. According to customer network data gathered from the ISA CIOC, there was a 500 per cent increase in a file sharing exploit known as Samba, between Q2 and Q4 2017.

Learning the Samba (exploit)

A good example of the Samba exploit is “EternalBlue” because it was the underlying vulnerability in Windows that was exploited by the WannaCry ransomware to spread from network to network. Samba is an open source implementation of the Server Message Block networking protocol, which allows Linux systems to share file and print services with Windows machines. There were other separate flaws in Samba’s implementation of SMB not related to EternalBlue that could potentially lead to attacks as well.

Ransomware attacks that spread through exploits like Samba are, by their nature, extremely difficult to defend against and require a proactive security approach. The main reason is that in order for any business to go about its day-to-day activities, people need to share files. It would be unrealistic and ultimately detrimental to an organization’s survival to shut that file-sharing capability down.

Better to be prepared than sorry

It’s no secret that cyberattacks are on the rise. Recently an organization contacted ISA to help with a malware incident. The organization’s servers had gone offline and were rebooting. There was no patch management and the internal team was unprepared to deal with the threat.

ISA’s security team was able to identify a complex, multi-stage, zero-day threat for which there was no protection available and contain it before the malware reached its second stage. If the malware had deployed fully, it would have used the organization’s servers to mine virtual currency.

Taking action with Incident Response

ISA’s Incident Response Readiness Service provides an initial triage within 30 minutes of an attack, 24 hours a day, seven days a week through access to ISA’s CIOC. Without the Incident Response service, recovering after an attack can take days compared with hours.

ISA recommends implementing a documented Incident Response Plan based on a six-stage approach that ensures readiness throughout the Incident Response lifecycle.

  1. Preparation – Review of existing security infrastructure, preparing identification and response plans, and implementation of incident response tools and processes.
  2. Identification and Assessment – Timely detection of security incidents and determination of their nature and potential impact.
  3. Containment – Immediate action, using documented processes, to limit damage and prevent any further loss or impairment.
  4. Eradication – Evaluation of systems to ensure the security incident is fully remediated.
  5. Recovery – Restoration of data and network availability, as well as confidentiality and ongoing integrity.
  6. Lessons Learned – Review and assessment of the events and processes that have taken place, and application of improvements to the plan.

ISA recently published a whitepaper on its six-step plan, which can be downloaded here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: