170 likes | 189 Views
RocketCyber is a cyber security platform enabling managed service providers to generate billable security services to small-medium businesses. The company develops endpoint detection and response apps, exposing malicious and suspicious attack activity before a breach occurs.
E N D
Detecting Breaches Evading SMB Cyber Defenses ASCII IT SUMMIT
Who We Are RocketCyber, a Cyber Security Platform empowering MSPs to deliver billable security services to SMBs. Billy Austin President Carl Banzhof CEO Founders of iScan Online, now SolarWinds Founder / CTO of Citadel Security, now McAfee 6 US Patents | 40+ years of security
Epidemic or Opportunity 30.2 Million US SMBs 61% experienced a cyber attack Most SMBs: 2 layers of defense; Firewalls & Anti-virus SMB reporting a breach in 2018, averaged a 6 month dwell time sources: SBA.gov, Verion, UPS Capital, Ponemon
Dwell Time The period of time describing “the moment an adversary gains a foothold and the actual detection of their existence.” 206 day average dwell time Attacker Initial Access Detection of Existence
Indicator Detections “If it were possible, blocking and detecting Tactics, Techniques, Procedures (TTPs) would bring the most pain to the adversary and severely increase their costs.” ~ Bianco Types of Indicators to Detect Adversaries
Attack Tactics 11 tactical categories describe what can occur during an intrusion. ~goal of the attacker Each tactic contains a list of techniques (221 +) that an attacker uses to accomplish the goal.
Example TTPs Tactic - Goal Technique - how the operation is carried out to accomplish the goal.
Game On MSP Objective: Who can detect the attacker tactic before the Exfiltration of Data Lateral Movement Evasion Persistence Initial Access Data Privilege Elevation Discovery Collection Attacker needs to accomplish numerous objective for the Win MSPs need to detect 1 tactic to stop the attacker for the Win.
Demonstraion Detect the unknown Post-exploitation “What happens after the initial access” Live Threat Map for your MSP as an early warning Attack timeline - reduce the dwell time from months to minutes
How It Works Cloud Console Cloud Agent RocketApps
ROCKETAPPS Endpoint detection and response apps discovering malicious & suspicious activity. Flip the switch to begin “What you want to Detect”. Breach Detection Terrorist Monitor Event Log Monitor Threat Hunting View all RocketApps: rocketcyber.com/rocketapps
ALERTS Member Sign In When a RocketApp detects a malicious finding, RocketCyber delivers an alert to the MSP via Email and/or a ticket to your PSA [Carl], please review your alert for [CUSTOMER] Breach Tactic: [Execution] Breach Technique: [PowerShell] [A remote PowerShell session from China was detected executing code.] View Details
Managed Services You Can Sell • Managed EDR • Managed Threat Hunting • Managed Breach Detection • Managed Windows Log Monitoring
Project Service You Can Sell CYBER SECURITY COMPROMISE ASSESSMENT SUMMARY 3 1 2 Compromised Hosts Connections to Terrorist Nations Prepared for: <SMB Customer Name> Assessment date: Jan 1 - Jan 8, 2019 Cryptomining Instances 12 Attack TTPs Discovered Read More
How We License To detect attackers circumventing Firewalls & Anti-virus Software-as-a-Service Managed / Project Service
Business Questions in a language SMB owners can all understand. • What systems are breached? • How did it happen? • Who attacked us? • When did it occur?
“It’s not a matter of if, but when… With RocketCyber, find out if when is now.” THANK YOU www.rocketcyber.com