In the normal course of business you are going to have different vendors in your system performing different actions, unfortunately they don’t always have your best interests at heart.
In this video, Nate Drier, Secureworks Managing Principal Consultant, describes an engagement with a client during a penetration test and some of the discoveries they found that opened a path to compromising the entire network. The lesson learned is for organizations to ensure they are doing their due diligence when hiring vendors and to think about testing the network after major software installations or changes to ensure security integrity is upheld.
We were doing this internal pen test against this lab environment that this client had set up and they wanted to test the security of it before they rolled it out in multiple locations. All the systems were new, up to date on patching, strong passwords set, everything was looking good. The system really wasn’t around long enough to have a lot of vulnerabilities introduced in it. However, right before we tested it they had hired a software vendor to put a specific piece of software on some of these systems to facilitate the needs of the business and the software vendor needed a local user account on the windows machine to work so what they did was created a username of the name of the software they were installing and set the password to the name of the software as well and the host name was also set to the name of the software as well.
So as an attacker it was easy to enumerate that and figure out what software was running and try that as a username and password to compromise the system and use that as a lunch point to compromise the rest of the network. In the normal course of business you are going to have different vendors in your system performing different actions, they don’t always have your best interests at heart, so do your due diligence when hiring vendors and think about testing the network after they are done with it to make sure they didn’t do thinks like set default or weak passwords on systems.
We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
Sunil Saale, Head of Cyber and Information Security, Minter Ellison
Red Cloak™ Threat Detection and Response isn’t just the next generation of SIEM, it’s an evolution.
David Levine, CISO, Ricoh Group
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.