Tech Tidbit – You cannot respond to what you cannot see – Visibility

September 18th, 2024

You already know that "all" in security protection is vitally important. You need all your endpoints and servers protected with something. Hopefully, that something is EDR, MDR, and XDR products like CSI's CSEDR powered by SentinelOne, CSMDR powered by Blackpoint plus SentinelOne, or CSI's Managed XDR service powered by BlueShift Cybersecurity. Many of you have had to make some hard choices, first protecting your "holy of holies" with the better tools and then filling in the rest of the district with more basic tools. That leaves some gaps in your defenses, and you must continue to be vigilant about managing yourself.

Some of you are so financially constrained that you can only use basic tools like the built-in Windows Defender. In this day and age, that is honestly scary.

The most important thing you can do to strengthen your endpoint and security defenses is to ensure 100% coverage. The second most important thing is to have visibility and centralized control over every endpoint and server security tool.

You need to know what is happening on each endpoint in your district, regardless of your level of sophistication.

The third most important thing you can do is have eyes on all those endpoints 24x7x365 with a Security Operations Center watching and responding to active security threats.

Huntress provides you with a centralized console with centralized management and 24x7x365 SOC oversight for their Huntress basic EDR product and the built-in Windows Defender. They will see, analyze, isolate if necessary, and tell you that something bad is happening on your endpoints or servers.

Our CSEDR, powered by SentinelOne, provides the Vigilance SOC, which provides much more robust endpoint and server defense, including 24/7 oversight and intervention, including isolation.

Our CSMDR power by Blackpoint provides a proactive SOC that watches the "in-between" traffic inside your network, including authorized and unauthorized remote sessions, application blocking, and all the cross traffic, looking for that "noise" that an attacker may be making. In a fully implemented system, it also has the ability to provide notification of first-time VPN usage. That alone would have stopped the last few attacks I have seen in minutes.

Our Managed XDR service is the gatekeeper, monitoring all traffic to identify the inbound and outbound traffic that every attacker must perform to breach your network.

The reality is that basic antivirus software from any vendor is becoming increasingly limited as threats become more sophisticated. However, we have repeatedly seen that just listening for what the basic tools are encountering, having someone proactively alert you, and doing even basic device isolation is enough to shut down an attack before it becomes a major incident. That is the "x factor" that Security Operations Center oversight provides, dramatically improving any tool's effectiveness in defending your network.

A lot has changed in the security landscape in the last six months. If you haven't revisited this topic with us in a while, we probably want to have a discussion, as there are now some options and strategies that didn't completely exist a year or two ago in the robust form they are today.

We welcome the opportunity to help you protect your district in the most complete and affordable ways possible. Give us a call.

-Scott Quimby, CISSP