Reducing Mean-Time To Resolution and Repair
The following three videos provide a quick and easy overview of how our IDS works. We asked our customers which threats took the most time to work through, and where our IDS had helped them most. Although the examples are reasonably well understood and, in many cases, have automated mitigation scripts in place to deal with them, these examples are designed to show how any threat can be analysed using our IDS workflow.
Tracking down Conficker
Worm infections continue to find their way into Corporate networks through a variety of different vectors including infected USB sticks, active network shares and downloaded executables. Worms, such as Conficker and Koobface seek to co-opt machines into a bot net where these systems can be controlled remotely for nefarious purposes such as data theft and spam.
Worm infections absorb significant amounts of time and resource in clean-up and lost productivity. Worms also consume valuable system resources and often associate Corporate IP addresses with illegal activities.
Investigating a website hack attempt
There are many possible motivations behind cyber attacks on websites - financial, defamatory, denial of service (DOS) to name just a few. The range of tools open to hackers is extensive and it's vital organisations are able to identify when they are under attack, how the attack is playing out and what the hacker got away with.
Once hacked, it's vital you are able to identify and rapidly secure this point of entry to your systems to avoid any further exploitation. The video example illustrates an attack based on SQL injection where the hacker was seeking to steal credit card details.
Identifying a Trojan
Trojans continue to be a serious threat to large organisations. Trojans are applications that provide the attacker with complete control of the target system. Once the host has been infected, the attacker can run any other malicious software they desire, including keyloggers, spambots, and Denial of Service (DOS) agents. Attackers commonly use social engineering techniques to fool unsuspecting users into downloading the Trojan to their computer.
Zeus (Zbot, Kneber) have also been using social media sites to accelerate their spread of infection- preying on the trust between users to get us to download what appears to be a beneficial file. In this use case, we are seeking to identify the point of infection and the malicious activity that a possible Trojan is conducting on the network.