In the world of cybersecurity, the term XDR has recently gained significant popularity, offering comprehensive protection, including real-time detection of security threats and a quick response to them. An XDR system can either be delivered by a single vendor or through third-party integrations from multiple vendors.

Let’s explore what NDR solutions like GREYCORTEX Mendel bring to XDR platforms.

EDR Was Only the Beginning… Prepare for XDR

The core of an XDR (extended detection and response) platform is an EDR (endpoint detection and response) solution, which is additionally enriched with data from siloed security tools. This boosts visibility into your infrastructure and streamlines threat hunting.

An XDR system can aggregate data from various sources, including NDR (network detection and response) solutions like GREYCORTEX Mendel, firewalls, company email, cloud services, and mobile devices. By incorporating data from Mendel or a firewall, XDR can effortlessly correlate data and detect malicious traffic flows between the firewall and compromised devices, or identify which application is causing bandwidth overloads in your office network.

Maximize Visibility

The IT environment has never been as complex as it is nowadays, with the interconnection of networks, communication tools, mobile devices, cloud services, and much more. Protecting such an environment demands a sophisticated detection and response system like XDR.

GREYCORTEX Mendel alone provides visibility into both IT and OT networks. However, with its native integration with EDR solutions, firewalls, and other security tools, you can achieve unparalleled visibility of your organization’s network.

Prioritize Critical Issues

An XDR platform prioritizes security events and vulnerable configurations, providing crucial information for further investigation. By understanding the scope and root cause of these issues, you can concentrate your efforts on the most critical problems and reduce the time required to respond.

NDR: A Powerful Component of XDR

NDR solutions diligently monitor your network traffic, identifying suspicious and malicious activities that might otherwise go unnoticed. Moreover, they detect anomalies and unusual traffic patterns originating from outdated systems and IoT devices. These solutions uncover rogue assets, insider threats, zero-day attacks, as well as malicious user and device activities.

Mendel sends data and alerts to your XDR platform as well as your security teams, as it does for SIEM or SOAR systems. Additionally, it exports and processes data from third-party security tools, including EDR and firewalls.

Read also: Why GREYCORTEX Mendel Is the Essential Member of Your Network Security Product Family

Worried about the increasing threat of cybercrime to your business and its repercussions? Consider these six tips to make your business more secure from these common risks.

In This Article:

• Keep Software Up-To-Date
• Leverage A Password Manager
• Don’t Sleep On Your Network Security
• Use A VPN
• Create & Communicate A Solid Mobile Phone Policy
• Train Your Employees On Cybersecurity

Cybercrime is one of the fastest-growing crimes worldwide and continues to affect businesses across all industries.

Here’s an alarming fact: 10% of the companies experience one or more successful cyber attacks yearly, with $188,400 in losses on average.

Staying protected from cyberattacks is challenging, as cybercriminals constantly seek new ways to exploit security vulnerabilities.

You must allocate budgets and resources to mitigate known risks. And that particularly includes cybercrime.

You must know the latest cybersecurity tips and best practices to prevent your company or firm from becoming a headline due to a security breach.

In this article, we’ll share six super-actionable tips you need to leverage in your organization.

1. Keep Software Up-To-Date

As users, we often download and install software without much thought. But to reduce the risk of security breaches, only keep the software you actively use on your device and uninstall any unused software.

Before installing new software, consider the permissions that the application requests. These include access to personal information, camera, location, or address book.

Also, read the licensing agreement and understand what you agree to. Decline third-party cookies to prevent your browsing data from being sold to third parties.

After installing software, keep it up to date for security reasons. Hackers often exploit vulnerabilities in outdated software, and software providers release patches to fix these vulnerabilities. Apply these patches promptly to prevent such security breaches.

Using outdated software puts your data at risk of being hacked. The same was the case with Equifax’s famous data breach. That happened because they had not updated a known vulnerable software.

While IT organizations may push patches for enterprise applications, be sure that the software on your devices is up-to-date with security patches.

2. Leverage A Password Manager

It’s nearly impossible to keep up with and remember all the passwords for the various accounts you have to create online.

That can be a massive risk to your online security, as it’s the same as having a single key to all your locks. If someone gets access to that one key, all your valuables will be at risk.

Password managers have recently become a popular recommendation for better security hygiene. Security experts suggest using password managers to combat password retention, reuse, and weak passwords.

A password manager retrieves, generates, and stores random passwords whenever you create a new account with a single ​“master key” password.

The generated passwords are stored in a password vault. The autofill option fills in your username and password without you having to look at the password in clear text.

A password manager will also store other vital information, including credit card numbers, CVVs, and social security numbers. You only have to memorize one strong master password to access all the other passwords stored within the vault. This eliminates the need for password fatigue and reduces the risk of weak or reused passwords.

You should be clear as long as you use brand-name password managers like Dashlane, One Password, KeePass or Bitwarden. Just remember to create a solid master password.

3. Don’t Sleep On Your Network Security

Focus on your network security to protect the data within a computer network from cyberattacks. It involves taking multiple steps to ensure the network is secure and trustworthy.

A network involves interconnected devices, including computers, servers, and wireless networks, which attackers can target.

Networks are becoming more complex as organizations rely more on their networks and data to conduct business. Security must also evolve to combat evolving threat actors and new attack methods.

The network’s visibility needs to be on point to mitigate this risk. Improving network visibility is critical to closely monitoring network traffic for malicious activities and potential threats.

Identify unauthorized access to the network and enable security measures to respond quickly with improved network visibility. You will also detect malware concealed within encrypted network traffic.

If you use SSL/TLS to secure your communications, you must identify and address any potential threats lurking within encrypted traffic.

All of that you can have with an NDR tool such as GREYCORTEX Mendel that offers deep visibility into your network and the detection of both known and unknown threats. With its real-time network visualization capabilities, it allows you to see every network device, its communication partners, data transmission amounts, protocols used, metadata, and more.

Mendel goes beyond mere visualization by offering advanced filtering options that can be used to investigate the network activity of every device in depth. By combining over 25 parameters and using logic operators, Mendel allows you to efficiently perform root cause analysis, threat hunting, and network troubleshooting tasks.

4. Use A VPN

Virtual Private Networks (VPNs) provide two key aspects: privacy and security. A VPN offers tunneled communication between your local network and an exit node in a different location.

You’ll appear to be connecting from a different location thousands of miles away from where you actually are. This is the privacy aspect of a VPN. Also, when you use a VPN, this data tunnel is encrypted.

Use a VPN for added security when using any public Wi-Fi. Why? It allows encrypted communication between the public router and the service you are connected to or trying to reach.

Your sensitive business information is a sitting duck for many types of cyberattacks if you don’t use a VPN on a public network. 

An example of a network attack could be sniffing data, meaning an attacker could intercept communication between you and the router or service you are communicating with. 

Use a paid VPN, as you never know what a free VPN service provider is doing behind the scenes. We recommend NordVPN or Surfshark, as both offer very competitive rates, are secure and safe, and have a no-logging policy.

5. Create & Communicate A Solid Mobile Phone Policy

Employees often use personal mobile devices for work-related purposes. However, you must establish clear policies and controls to secure sensitive information.

Cybercriminals are increasingly targeting mobile phones as a potential entry point to company systems, making mobile security policies all the more critical.

Implement mobile security policies for best practices among employees who rely on mobile devices to securely access and handle corporate data.

Here are some important points to consider when implementing a mobile phone security policy:

• Device management: Establish guidelines for device management that include identifying authorized users, device enrollment and provisioning, and device deprovisioning.
• Password policies: Establish password policies that require strong passwords, regular password changes, and a policy of not using the same password across multiple accounts.
• Encryption: All mobile devices that connect to your organization’s network should have encryption capabilities to protect sensitive data.
• Application management: Set guidelines for application management that include identifying authorized applications and prohibiting the installation of unauthorized applications.
• Employee training: Provide regular training on mobile phone security policies, procedures, and best practices to reduce the risk of security breaches.

6. Train Your Employees On Cybersecurity

Most security breaches involve human error or picked-up habits. This can include clicking on suspicious links, ignoring security alerts, delaying software updates, syncing sensitive data to unsecured devices, and more.

To combat these issues, follow up on employee training with simulated attacks to test their knowledge and help them develop better security habits.

Here are some best practices to train your employees on cybersecurity:

• Implement policies to protect sensitive data: Create formal policies and share them with all employees.
• Teach employees about cyber threats & accountability: Employees must understand the severe nature of cyber threats and know they will be held accountable for violating protection policies.
• Require backup of all critical data: The company data should be kept safe and backed up in case of any disaster.
• Only allow authorized individuals to use your devices: Ensure company-issued devices are only used by authorized employees, and stress the importance of obtaining authorization before using any device.
• Create web content securely: Authorized individuals should be the only ones updating company websites and know how to do so securely to avoid backdoors for cybercriminals to exploit.
• Prohibit unauthorized software: Remind employees that unauthorized software should not be allowed on corporate devices.
• Train on proper email use: Educate employees on spam and phishing, and teach them how to identify illegitimate emails.

Wrapping Up

It’s only natural to have your focus set on growing your company and achieving success. But cybersecurity should never be neglected. Protect your business and the valuable assets you’ve worked hard to build.

Seek help from experts in the field to confidently navigate the digital landscape without sacrificing your attention to growing your company.

Prioritize cybersecurity and take the necessary steps to protect your business. Invest in your own success, leverage these tips, and inspire your employees to follow in your footsteps and set your mind free from all the worries involving cybersecurity.

Visibility is key to protecting our networks. But what exactly is visibility and why is it important?

Visibility means having a clear understanding of what’s happening in your network at all times. That means you can continuously verify what you see in your policies and best practices, immediately catching configuration issues, vulnerabilities, irregularities in security protocols, and user behavior. You also gain knowledge in the area of network performance and services as well as their availability.

By having visibility, you can act preventively, and systematically strengthen your network’s resilience to intrusions and reduce the room for maneuver for potential attackers. It also allows you to observe traffic in all relevant locations and network segments, whether on local networks, servers, or in the cloud.

So, how can you achieve perfect visibility?

One tool that can help is GREYCORTEX Mendel, which provides real-time monitoring and visualization of all communication in your network. It builds a mathematical model of your network and helps you determine what devices are communicating with each other, when, and how much data they’re sending and receiving. In Mendel, you can read details about used protocols for communication, including analysis of application data, or user identities. This provides detailed context and additional information about security events and threats.

Visibility is also crucial for managing any OT/SCADA network.

An up-to-date and accurate knowledge of what elements are involved in these communications, and what appears or disappears in them is invaluable, if only from an operational point of view. On top of that, GREYCORTEX Mendel understands OT/SCADA protocols, which brings visibility to critical control parameters such as temperature, RPM, voltage, or any other relevant factor in the data transmitted over the network. This adds more visibility into the processes in operation and provides an additional opportunity for the prevention of and response to abnormal events.

It does not stop here. GREYCORTEX Mendel goes a step further in this visualization. Thanks to advanced filtering, combining a number of parameters and using local operators, you can examine each device and its communication also to the smallest details as well as in the history. That makes root cause analysis, threat hunting, and network troubleshooting simple. This has also been confirmed by SOC teams that found Mendel an invaluable tool for post-hack analysis and prevention activities.

In short, visibility is an essential part of cybersecurity, and tools like GREYCORTEX Mendel can help you achieve it. By clearly understanding what’s happening on your network at all times, you can take preventive measures to strengthen your network’s resilience and protect against potential attacks.

The integration of IT and OT networks has brought significant benefits to industrial processes, including increased efficiency, real-time data access, and improved decision-making. However, this integration also brings serious security challenges that could threaten equipment availability and the integrity of factory data. Manufacturers rely on data to make critical business decisions, which can cause production delays, equipment failures, and even safety hazards if the data is compromised.

This blog post reviews and analyzes a potential cyber attack on a production factory and demonstrates how it could be detected using GREYCORTEX Mendel. It serves as an example of how network detection and response solutions can effectively protect against massive cyber attacks.

Traditional security approaches, such as air-gapping or DMZ, are no longer effective in protecting OT networks. Although existing security solutions are attempting to close the gap between IT and OT infrastructures, unfortunately, it is highly problematic to achieve. Industrial equipment is more outdated as its lifecycle is much longer than that of IT devices (which, in some cases, can be 20 years or more). Furthermore, IT professionals are responsible for network security in both IT and OT, whereas OT professionals are more concerned with maintaining smooth operations and data integrity than cybersecurity. And the lastly, IT and OT professionals have difficulty communicating and understanding each other due to the use of different terminologies, technologies, and educational orientations.

About the Factory

For this scenario, we will imagine that GREYCORTEX Mendel has been installed in a bakery consisting of three separate locations: the main office building, the storage and production building, and the packaging and logistics building. Although separate, the IT and OT networks of these locations are interconnected.

Attack Description

The cyber attack took place over the weekend. The attackers, who may have been amateurs, cybercriminals, or hackers hired by a competitor, were able to connect to a device that had an outdated operating system on the private office network via public Wi-Fi. Using the infected device, they launched a network scan and discovered production machines in remote facilities. The attackers gained control over the oven and packing line and made changes to their configuration.

Detection in GREYCORTEX Mendel

The first thing that IT or OT specialists would see in GREYCORTEX Mendel is a representation of the industry standard MITRE ATT&CK® Security Framework. It is a dashboard designed to be a connection point for IT and OT specialists as it uses terminology that is understandable for both sides. Here, they can detect security alerts concerning industrial equipment.

By going to the event section in Mendel, the analysts can filter all events related to the OT network and this cyberattack. Here, they detect that the attacks were able to infiltrate the internal network and, upon scanning, discover both IT and OT infrastructures. The cybercriminals found devices that were open and could be used to initiate a connection.

Security Alert: Temperature Change in the Oven

The attackers tested their ability to make changes to the machine settings. They connected to a device controlling the oven and altered the temperature.

Continuing in the incident investigation, the analysts observe that Mendel detected the change in the oven temperature. Upon analyzing this event, they discover that there was a connection from the engineering workstation from the IT network to a machine in the Storage and Preparation network over the MODBUS protocol. In the application layer, they detect that the attackers set a high temperature, which could result in the cookies coming out burnt.

Security Alert: Change in Packaging Settings

Similar to the oven, the attackers in this example attempted to connect to the packaging line and change its configuration.

Mendel also detected that the cybercriminals changed the default number of pieces per package. They connected to a system within the Packaging and Logistics network via the MODBUS protocol, and upon analyzing the application layer, it was discovered that only eight pieces would be placed in one box instead of the usual ten.

Mendel alerted the analysts to these changes because the default values for the oven were set to 200 degrees Celsius and ten pieces for a single package. Thus, Mendel is capable of detecting any changes that occur in the OT network.

Empower Your IT and OT Security

Industrial networks need to operate continuously without unscheduled interruption, making security a secondary concern. However, failing to secure industrial networks can lead to devastating consequences, including production downtime, equipment damage, and even physical harm. The reason why cyber attacks can happen in the first place is that OT protocols are not designed with security in mind, making them vulnerable to cyberattacks.

We have described just two examples of what potential attackers could do, but they could take multiple actions, such as infiltrating the system and testing their abilities to make minor changes in the configuration. Such changes may be unnoticeable for analysts and OT professionals. The attackers could then wait until the right moment, such as the launch of a new product, to cause significant damage.

Thanks to the ICS module, the advanced industrial intrusion detection system (IDS), GREYCORTEX Mendel is able to detect such an attack. Mendel alerts manufacturers to potential security threats in the early stages, providing valuable time to prevent attacks. To narrow the gap between IT and OT worlds, the detection dashboard based on the MITRE ATT&CK® framework was created, which uses unified terminology understandable for both IT and OT professionals.

As infrastructure modernizes, building management systems (BMS) are becoming increasingly sophisticated. They provide automation, control and management of the physical environment of buildings, and to operate reliably, you need to ensure their security. This can be crucial in some buildings, such as hospitals. What can you do to make buildings safer?

An Introduction to BMS

• Siemens Desigo
• Johnson Controls Metasys
• Honeywell WEBs
• Schneider Electric Andover Continuum
• Trane Tracer
• Delta Controls

BACnet Protocol: Essential for Building Management Systems Security

• Authentication: BACnet supports the use of passwords and other forms of authentication to ensure that only authorized users can access the building automation and control systems.
• Encryption: BACnet supports the use of encryption to protect the confidentiality and integrity of data as it is transmitted between different devices and systems.
• Access control: BACnet includes features to restrict access to specific objects and properties within the building automation and control systems. This allows building operators to control who can access and control different systems within the building.
• Auditing: BACnet includes the capability to record and log all access to the building automation and control systems. This allows building operators to detect and investigate any unauthorized access or tampering.

BACnet is a communication protocol that is widely used in building automation and control systems, and provides several security features to protect against unauthorized access and tampering. However, there are some concerns about the security of the protocol, particularly regarding the use of static passwords and the lack of wide implementation of security features. It is important for building operators to be aware of these security risks and to take steps to secure their building automation and control systems, such as regularly changing passwords, enabling encryption, and monitoring for suspicious activities.

Risk Mitigation in BMS Security

• Static passwords
• Lack of certificates
• Disabled security features on various BACnet-enabled assets