The first step of any cyber-attack involves an adversary performing reconnaissance activities to understand and gather information about their target’s environment. Commonly this involves performing ‘port scans’ whereby they can identify which ports in your network are open and closed to determine their entry points. Next will be to gather information about your employees specifically, their usernames and what types of applications are used to login to and access your business’ resources. Once this is obtained the attacker will now be able to craft ‘brute-force’ attacks whereby they run commonly used passwords with the obtained usernames in an attempt to bypass the authentication pages and gain access to that user’s account in what seems a legitimate fashion. All the above methods are easily performed by using publicly accessible open-source tools. These simple yet highly dangerous methods form the key foundations of an attacker gaining access to your environment.
However, detecting these reconnaissance activities is the key reason why security solutions such as Intrusion Detection System (IDS) was developed. An IDS will analyse all network traffic hitting your environment and look for these anomalous activities. For example, if a user was seen logging into an account with multiple failed attempts in a short period, an IDS would instantly pick this up and flag it as suspicious activity. This is where Brace168’s team of security experts comes in to investigate this suspicious activity and alert you of a potential break-in. In addition to this, firewalls can be put in place to ensure only certain user IP’s can access your company resources, eliminating the possibly of an attacker performing their reconnaissance activities.
Brace168 offers a full end-to-end managed firewall service where we configure and monitor your firewall 24 hours a day, 7 days a week to ensure all malicious network traffic is caught.