Does anyone employ active threat countermeasures at your company and if so what do you use? - Pulse Q&A

Does anyone employ active threat countermeasures at your company and if so what do you use?

@ Number of answers: 0

Jeremy Mayfield, IT Director

, answered on 2019-01-11T19:09:26.387Z, 4 months ago

Currently we employ the Velo from Windstream for our inter connectivity from office to office. We have Cyren and the cloud monitoring our traveling and off premise employees, we have Cylance as a AV engine as well as the Global install of McAfee which does little for us.  We also have Cisco Firewalls in place both in data centers as well as between internal levels of the network. 
 
We have a SIEM system running and monitoring for windows file changes, and we have other software which assists us in our efforts. 

upvotes: 1

Comments:
,

Sudhakar Sundaresan, Director of IT

, answered on 2019-01-11T21:58:11.657Z, 4 months ago

We are in the process of re-evaluating appropriate counter measures. If you are considering making changes, would recommend looking at Splunk and IBM products to begin with.

upvotes: 0

Comments:
,

Michael Wahl, Senior Director of IT

, answered on 2019-01-12T01:44:36.841Z, 4 months ago

Would also recommend splunk, sumologic.

upvotes: 0

Comments:
,

Lee Vorthman, Director of Information Security

, answered on 2019-01-12T03:13:05.866Z, 4 months ago

Thanks. We use Splunk and other security tools, but those aren’t active countermeasures. Active counter measures change and respond based on the attack, such as software defined network technologies that become tar pits for attackers by slowing down protocols or network devices/services that launch pre-canned responses to attacks (such as an attack itself).

upvotes: 0

Comments:
,

Ihab (M.) Kotb

, answered on 2019-01-12T07:24:42.618Z, 4 months ago

Hello Lee, we are doing both Systems and physical security, I am trying to find an application to watch out team behavior throw our network and action taken.
On the other hand we are trying to follow up for normal procedure and stick to it as bio-metric devices every where with 2 factors authentication with face detection , mandatory vacation and etc..
how this help you.
Thanks
Ihab

upvotes: 0

Comments:
,

Don Ringelestein, Director of IT

, answered on 2019-01-12T14:31:01.358Z, 4 months ago

We may or may not - being an appropriately paranoid IT security leader, is this thread an attempt to identify easy targets? All joking aside, we use LogRhythm and other tools to maintain our security environment, along with end user training to prevent malware proliferation through phishing.

upvotes: 1

Comments:
,

Jet Theriac, CFO

, answered on 2019-01-12T16:39:09.256Z, 4 months ago

No active measures as our diminutive size was a bit cost prohibitive; we did look at Splunk though and had a very favorable impression.

upvotes: 0

Comments:
,

Rado Kotorov

, answered on 2019-01-13T17:44:35.262Z, 4 months ago

darktrace. It is a UK company that worked to develop the technology with MI6. Quite interesting technology. They have offices in the US.

upvotes: 0

Comments:
,

Rado Kotorov

, answered on 2019-01-13T17:45:26.823Z, 4 months ago

https://www.darktrace.com/en/

upvotes: 0

Comments:
,

Manish Sinha, CIO

, answered on 2019-01-13T19:38:36.792Z, 4 months ago

The short answer is that we do employ threat countermeasures at my previous company and even in my current one.
 
But here is more details. Security is like a grading system in schools and colleges. You have to get a good grade on your basic subjects and then you can use the extra credit points to make it even better. One cannot get a bad grade on the basic subjects and use extra credits to get an overall good grade.
 
In security world, the basics you can do for security are absolutely critical. Look at the security compromises at Home Depot, Bank of America and all the other major compromises. You will find basics like Phishing education, security patching, application security, DoS protection, partitioned permission access, no-password hardcoding in applications etc. were the cause. You can have the best threat countermeasure but if an employee clicks on the email that says “I can make you a millionaire … click here” everything else is useless. Here is the bad news – even if one employee clicks on it and all 99.999% do not then also every other security stunt may be useless.
 
So my advice to you is to ask the questions
1. What are the top 10-15 basics we need to be good at
2. Is your company covered on all the basics
3. Do you need to do more than the basics
4. Then and only then look for every other solution in the industry
 
Let me leave you with the bear story. When running away from a bear – you do not have to run faster than the bear. You have to run faster than a couple of other people.

upvotes: 2

Comments:
,

Lee Vorthman, Director of Information Security

, answered on 2019-01-13T22:46:07.241Z, 4 months ago

Thanks, but the point of the question was not on security basics, but if anyone uses active countermeasures. Active countermeasures are things that adapt based on an attack and/or attack back. It is pretty rare for companies to actually attack back or use adaptive countermeasures. Based on the responses I’ve see to my question it doesn’t look like anyone is using active countermeasures and it is also clear they don’t quite understand what active countermeasures are.

upvotes: 1

Comments:
,

Francesco Gamba, CIO

, answered on 2019-01-14T18:26:19.783Z, 4 months ago

We are a ForeScout shop and use CounterACT appliances from a NAC standpoint.  

upvotes: 0

Comments:
,

Anderson Duarte, CIO

, answered on 2019-01-15T11:49:43.51Z, 4 months ago

We use Symantec Suite, plus peripheral usage policies

upvotes: 0

Comments:
,

Bill Philbin, CTO

, answered on 2019-01-15T16:49:45.883Z, 4 months ago

Lee - we do deploy active counter measures. Given the subject sensitivity, we can arrange a chat offline to understand your question better and tell you what we can.

upvotes: 1

Comments:
,

Mayank Mehta, Co-Founder & CEO

, answered on 2019-01-15T17:00:57.273Z, 4 months ago

If anyone on this thread is interested, we can host a quick webinar early next week so people can jump in for a quick conversation. Please like this post to tell me know if you're interested and we will invite you.

upvotes: 1

Comments:
,

Todd Milliren

, answered on 2019-01-15T20:09:58.702Z, 4 months ago

I use Sophos including intercept X and their XG125 firewall appliance.

upvotes: 0

Comments:
,

David Elebute, CEO|CIO

, answered on 2019-01-15T22:24:37.328Z, 4 months ago

We use Cisco firewalls and the built-in solutions that come with their devices

upvotes: 0

Comments:
,

Michael Wahl, Senior Director of IT

, answered on 2019-01-16T00:10:55.668Z, 4 months ago

Cisco umbrella, sophos, hardened endpoints.

upvotes: 0

Comments:
,

Mike Brannon, Director, Infrastructure and Security

, answered on 2019-01-17T20:30:32.736Z, 4 months ago

We use services from SecureWorks – they have intrusion detection/prevention tools installed at the perimeter of our network and they are integrated into our firewalls and logging at the perimeter too – If they detect a threat or believe there is an exploit happening they can deploy blocking at the firewall and in their intrusion prevention system (blocking on the network).
 
We also use CrowdStrike tools on key endpoints – high risk clients and our servers have their agents deployed.  This is connected to their monitoring service – which can take active steps to stop an incident if needed (taking a compromised client off the network, blocking traffic to other clients, etc.).
 
We do not have any “hack back” tools or techniques deployed, but we do actively respond via a combination of network and client systems and services.

upvotes: 1

Comments:
,

Tom Murphy, CIO

, answered on 2019-01-18T13:24:36.874Z, 4 months ago

We do not.

upvotes: 2

Comments:

Pulse Q&A

Follow Us

GET THE MOST OUT OF PULSE

Does anyone employ active threat countermeasures at your company and if so what do you use? - Pulse Q&A

logo