The common perception of Hackers and Cybercriminals being teenage geeks operating as maverick lone wolves, targeting corporate networks just to prove they can “beat the system” may well have been correct 10-15 years ago. The modern Cybercriminal is organised and often part of a larger underworld group, who are well managed and driven by political or financial gain. Security experts identify Cybercriminals as threat actors and we can often split them into different categories.
The role of the distributor is to gather data on potential targets. This can be from purchasing hacked database information or mining social media sites for information on individuals and/or organisations.
The Exploit Threat Actor identifies potential exploits from various sources (i.e public patch information from major vendors) and writes targeted code to open back door access onto vulnerable systems. The Exploit threat actor purchases a specific users from the Distributor.
The payload is the program that inflicts the damage and provides moneterisation of the attack. The payload may target credit card information or more often recently triggers the ransomware software that encrypts all files on the effected system.
A holistic approach to Security means that protection has to be provided across all potential areas that threat actors operates.
In developing its own datacentre, LogicPlus recognised the need to ensure that CyberSecurity was treated with the highest priority. Long before the recent high profile ransomware exploits were known of, LogicPlus identified the need to have a holistic, future proof CyberSecurity strategy and engaged with several partners to help implement our security solution.
At a network level, LogicPlus has partnered with Secureworks. Secureworks is a Security-As-A-Service organisation and part of the Dell group of companies. As a Dell partner, LogicPlus engaged with SecureWorks and implemented their Counter Threat Platform across its DataCentre and Client WAN links.
The Secureworks Counter Threat Platform™ (CTP) is a SaaS-based early-warning system that delivers insights and deploys countermeasures, derived from analytics and applied intelligence from across the globe.
LogicPlus is one of a 4,400 client environments in 61 countries worldwide within the CTP. This delivers the network-aware intelligence that helps LogicPlus make educated, informed decisions in real-time on potential threats to our network. Each functional component of CTP – Analytics, Intelligence and Operations – works seamlessly, adding intelligence to automation, simplicity into orchestration, and confidence into recommendation.
LogicPlus has chosen Sophos as its Endpoint Protection Partner, utilising its Sophos Central suite of products. Sophos Next Generation Endpoint protection blocks malware and infections by identifying and preventing the handful of techniques and behaviours used in almost every exploit.
Sophos Endpoint doesn’t rely on signatures to catch malware, which means it catches zero-day threats without adversely affecting the performance of your device. So you get protection before those exploits even arrive.
By correlating threat indicators, Sophos Endpoint can block web and application exploits, dangerous URLs, potentially unwanted apps, and malicious code from ever touching your endpoints.