Use this information to guide and fortify your defense, inform best practices, and prioritize resource allocation. Organizations that apply good security basics can demonstrably reduce their chances of falling victim to ransomware attacks and other cyber threats.
Mix the Right Prevention, Detection, and Response Tactics for Your Organization
The Key Properties of a Resilient Cybersecurity Strategy
GET STARTED
Common Threats
Threat Response
Threat Detection
Threat Prevention
Information
Patch promptly and regularly to minimize exposure. Prioritize vulnerabilities in context of your organization with Taegis™ VDR.
Next >
Protect external-facing apps with multi-factor authentication. MFA increases the level of effort an attacker must expend to compromise a user’s account.
Learn more in 'Think MFA is Hack-Proof? Think Again'
Require strong passwords that avoid common phrases and include more than 15 characters.
Learn more in 'Part 1: Getting Inside the Mind of a Hacker: Password Related Compromises'
Apply least privilege to both users and applications.
Limit supply chain access to your environment. Secure your supply chain by vetting business partners and implementing appropriate controls.
Ensure that Active Directory is properly configured, routinely tested, and maintained.
Limit exposure of your external assets. Engage the Secureworks Adversary Group (SwAG) to conduct periodic penetration testing to ensure internal and external assets are secure.
®
Learn more in 'Vulnerability Assessments and Penetration Testing (Pentesting)'
Taegis XDR provides a single pane of glass to monitor and correlate all of your endpoint and infrastructure telemetry, allowing for smarter detections.
Automate your vulnerability management program using Taegis™ VDR.
Learn more in 'How’s Your Security Strategy? Accelerate your Maturity with Automation and Vulnerability Prioritization'
Segment the network into logical groups and allow only legitimate, authenticated access to critical information.
Learn more in 'The Importance of Network Inventories and Diagrams'
Taegis VDR provides a meaningful risk score for every vulnerability unique to your business context, and prioritizes them based on impact using 47 different factors, including Secureworks Counter Threat Unit™ intelligence.
Learn more in 'Introduction to Contextual Prioritization: Meaningful analysis to determine which vulnerabilities to address first'
Use Taegis XDR/ManagedXDR to continuously monitor endpoints, network, cloud, identity, and other business systems for early warning signs of an attack.
Learn more in 'Paf Expands Detection Across Endpoint and Cloud Environment'
Subscribe to curated and timely threat intelligence to help you prioritize vulnerabilities and detections that may impact your unique environment.
Learn more in 'Top 5 Actionable Cyber Threat Intelligence Insights'
Supplement automated detection capabilities with continuous threat hunting, which applies human creativity and environmental context to focus on the assets that your organization needs to protect the most.
Learn more in 'Threat Hunting Wisdom: Planning Makes Perfect'
Combine machine learning and security expertise through Taegis XDR to detect threats and dynamically prioritize your organization’s greatest risks.
Learn more in 'A Machine Learning Tour of Taegis XDR'
Find the root cause of threats by having visibility across all telemetry sources (endpoint, cloud, network, email, identity) with one year of data retention included with Taegis XDR (longer time periods available).
Learn more in 'Taegis™ Log Management Add-On: Maintain Your Log Data in Taegis with Flexible Retention Options'
Automatically detect known and previously unknown threats with a comprehensive library of threat detectors.
Learn more in 'Connecting the Dots to Stop Advanced Threats'
Integrate existing endpoint, network, and cloud tools to bring together data from across your ecosystem into one central console, leaving threats with nowhere to hide using Taegis XDR and ManagedXDR.
Learn more in 'From Defense-in-Depth to Defense-In-Concert: Gain Holistic Security with Open XDR'
Have an incident response plan that includes communications protocols, roles and responsibilities, and named contacts. Ensure contacts understand and can perform their role.
Learn more in 'Incident Response Preparation Phase in Cybersecurity'
Use the right EDR tooling that allows for response and investigation at scale, including response actions like host isolation.
Learn more in 'Endpoint Attacks, Endpoint Defenses, and Endpoint Time-Sink Avoidance'
Leverage built-in response playbooks to take action quickly and mitigate risks with Taegis XDR.
Ensure your backups are segmented from the network and protected from destructive malware. Regularly test the restoration of backups.
Establish partnerships to be leveraged during incident response before an incident occurs. Functions usually performed by partners include incident response, legal counsel, cyber insurance, and public affairs.
Leverage post-incident response monitoring to ensure that the eviction of the adversary was successful and to identify successful or attempted re-entry.
Learn more in 'You’ve Been Compromised: Now What? A guide to action when a cyberattacker strikes'
Conduct tabletop exercises with your executive team at least once annually to root out deficiencies and inefficiencies in your plan and team’s response actions.
Learn more in 'Incident Preparedness: Key Components of a Robust Incident Response Plan'
Know in advance how to engage regulators, customers, and law enforcement in the event of a breach to ensure that information is shared at the right time, with the right level of detail, and via the most appropriate mechanisms.
Consider building and securing a Tier 0 of the company’s Active Directory infrastructure based on criticality of the situation.
Once the attack is contained, remediate compromised hosts and conduct a reset on all Active Directory accounts.
Learn more in 'Ousting Threat Actors: 5 Steps to Ensure a Secure Network'
Know your critical information and system assets, where they live, and who owns them. Prioritize them in terms of recovery.
Learn more in 'Protecting the Crown Jewels: Securing Critical Assets'
Ransomware is one of the most prevalent and disruptive forms of cyberattack in recent years and has grown into a multimillion-dollar global enterprise. In ransomware attacks, a threat actor breaks into a network and then deploys malware that encrypts files on business-critical devices. They then demand a ransom payment in exchange for the secret key needed to decrypt the files.
Learn more in 'Prevent Ransomware Attacks: Ransomware Report 2021 Vol. 1'
Email services are lucrative targets for threat actors, yet are often overlooked by organizations. BEC exploits the fact that so many of us rely on email to conduct business. In BEC scams, criminals use access to a compromised email account to identify an upcoming financial transaction, and then replace the legitimate payment details with a bank account under their control. The buying party, totally unaware that anything is amiss, then pays their money into the fraudulent account.
Learn more in '2021 State of the Threat: A Year in Review'
In cryptojacking attacks, threat actors access one or more computers or mobile devices to run cryptocurrency-mining software. They abuse the resources of the compromised machines to mine cryptocurrency, causing cost and disruption to the victim. If that unauthorized access is to an organization’s cloud resources, then the criminals can quickly rack up massive costs.
Cyber espionage involves the theft of classified or sensitive data, or intellectual property. Typically, cyber espionage is done on behalf of a foreign government or intelligence service, however, corporations also engage in cyber espionage. Motivations for cyber espionage might include national security, economic espionage, or surveillance.
DDoS attacks make an online service, network resource, or host machine unavailable to its intended users on the Internet — like flooding a website with requests so that legitimate users cannot access it. In distributed DDoS attacks, criminals use several hosts to amplify the effects of the attack.
Learn more in 'Fort Mills School District Case Study'
With phishing, threat actors send emails that attempt to trick the recipient into divulging sensitive information, like login credentials or bank details, or trick them into installing malware on their device. Typically, phishing attacks use social engineering tricks to appear authentic or urge the recipient to take action without thinking. In spear phishing attacks, rather than send out emails indiscriminately, the threat actor deliberately identifies their targets in advance.
Learn more in 'USAID - Themed Phishing Campaign Leverages US Elections Lure'
Smishing is similar to phishing but uses text messages rather than email to trick targeted recipients into divulging sensitive information or installing malware. Smishing attacks typically target mobile devices and are becoming increasingly popular as more people use their phones for tasks like mobile banking.
< Previous