Blumira can detect and notify your team of any access attempts that could indicate attacker activity. SSH connections should be made via VPN in most cases. Our own internal honeypot detected a 85% spike in attacks from across the globe against RDP since December 2019, showing the need for additional security measures, such as using virtual private networks (VPNs) for secure remote access and protecting all logins with two-factor authentication.Īnother example is detecting public IP connections via SSH to your network – another example of misconfigurations that can leave your organization open to risk. One example is any public connections to your network via RDP (Remote Desktop Protocol), which should never be left internet-facing, as it can result in malware infection, including ransomware. Detecting Common Misconfigurations to Reduce Risksīlumira can also detect and provide contextual information about common misconfigurations within your environment. Other examples of Blumira’s findings are similar to those detected across other firewalls, such as Palo Alto Network’s Next-Generation Firewalls, including reconnaissance scanning and data exfiltration.
In this case, we recommend blocking the source IPs of the password spraying attack. In addition to an analysis of the detection, Blumira provides guided steps to mitigate or remediate a threat, available to the designated Responder within the platform through workflow questions. The detection includes an analysis of password spraying against specific users on a Cisco An圜onnect VPN device, as well as relevant source and destination IP addresses. Incident Response Engineer Amanda Berlin.
A ‘threat’ is an event that poses an immediate and real threat to the security of data or resources detected with a very high level of confidence, according to Blumira’s Sr. The above depicts the Responder view within Blumira’s platform, listing out the number of events detected and analyzed, as well as how many suspects and threats have been identified.Ī ‘suspect’ is a finding that cannot be verified as a threat due to lack of information surrounding the event they require further investigation in order to determine if it should be escalated. In this type of attack, an attacker tries to log in by using a large number of usernames and a single password – this method avoids password lockouts and can often be more effective at uncovering weak passwords than targeting specific users, according Blumira’s Incident Response Engineer Nick Brigmon. One example of a type of finding that Blumira’s platform alerts on is password spraying. Threat Detected: Anomalous VPN Access Attempt
Finally, we provide different options for response, with guided playbooks to walk you through remediation. Then, Blumira’s platform parses and analyzes those logs, automating threat detection and surfacing the most important security findings. Firewall and VPN Logging for Threat Analysisīlumira’s security platform easily integrates with Cisco ASA firewall and FTD (FirePower Threat Defense) to stream and centralize security event logs, including those from Cisco An圜onnect VPN. Your firewalls also provide network security around your perimeter by monitoring network traffic and allowing you to prevent unauthorized access to or from your network.
One of those includes virtual private networks (VPNs) to securely send or receive data across public networks. A number of security and collaboration tools are enabling the widespread work-from-home reality, allowing for secure remote access as your employees work from their own personal or corporate-managed devices, from distributed locations.