Support Site

Zero Trust

The Road to Zero Trust: Your Journey Begins Here

by

In a world where cyberattacks are becoming as common as morning coffee runs, and even the White House is waving the flag for Zero Trust security, it’s safe to say that the spotlight on Zero Trust just got a whole lot brighter. With ransomware wreaking havoc on industrial control systems and supply chains facing more twists and turns than a thriller novel, companies are basically playing catch-up with modern cybersecurity standards.

So, why’s Zero Trust the buzzword of the hour? Well, it’s not just a buzzword; it’s your first line of defense in this digital battlefield. But here’s the kicker – you can’t just stop at Zero Trust. Cyberattacks are evolving faster than memes on social media, and you need more than just a baseline defense.

In this blog series, we’re going to break down the nitty-gritty of Zero Trust, from what it really means to how you can set it up. But we won’t stop there. We’re also going to show you how to take your cybersecurity game to the next level, because in today’s world, you’ve got to be ready for anything. So, let’s kick things off by getting cozy with the basics of Zero Trust and then aim for cybersecurity greatness beyond!

The Zero Trust Journey

So, picture this: you’re building a digital fortress to guard your precious data. With Zero Trust, you start by assuming that someone, somewhere, is trying to break into your network. It’s like installing an extra-strong lock on your front door because you know burglars are getting smarter.

The secret of Zero Trust: it’s not about blindly trusting anyone or anything in your network. Instead, you play detective 24/7, keeping a close eye on every move. You only give people the absolute minimum access they need – no more, no less.

“Trust no one in cybersecurity.” You keep rechecking and verifying because you don’t want any unwanted guests lurking around in your digital world.

In this blog series, we’re going to explore five key characteristics of Zero Trust that you need to know:

  1. Strong User Identity: We’ll talk about how to make sure that the person logging in is who they claim to be, and we’ll sprinkle in some multi-factor authentication for good measure.
  2. Context Matters: We’ll dive into the importance of policy compliance and device health – because not all devices are created equal.
  3. Authorization and Access Control: We’ll show you how to ensure that the right people get the right access at the right time.
  4. Least-Privileged Access: We’ll discuss the art of giving the bare minimum access required, so your digital treasures stay safe.
  5. Eyes Everywhere: We’ll explore how automated monitoring, auditing, and logging can help you spot trouble before it gets out of hand.

And hey, we won’t forget about the vendors, contractors, and visitors who can also pose a threat. So, stick around and watch for the first in this series, because we’re about to unravel the mysteries of Zero Trust and then take you on a journey to even greater cybersecurity heights with ConsoleWorks!

Zero Trust Challenges Introduction

by

Zero Trust security protects you by enforcing its three principles of never trusting a connection, assuming a breach has or will happen and enforcing least-privileged access. Its implementation has become the standard to achieve in cybersecurity. Companies are now moving toward this security architecture but are unaware of the Zero Trust challenges they might encounter along the way.

This blog will review the common Zero Trust challenges you will encounter on your road to implementation.

Zero Trust Challenges

Attacks are constantly evolving and your threats are constantly getting better at evading your security. Today’s traditional Castle and Moat style of network defense finds itself inadequate against these sophisticated threats. This challenge is compounded by the changes to the ways companies interact with each other and how their supply chains are constructed.

Today’s supply chains are more connected than ever before. The access companies now share with each other to achieve their business goals opens them up to new threats that must be accounted for. This is why Zero Trust is the goal for companies looking to increase their cyber security.

A strong Zero Trust implementation significantly reduces your threats by changing your security mindset and enforcing policies and technologies that account for how a threat will try to exploit today’s operating environment.

The Zero Trust challenges below are things you should be aware of and considering as you work toward attaining your Zero Trust goals.

What Are Zero Trust Challenges

Defining Roles

Defining roles for your access permissions is a tough task, especially when you are just starting out on your Zero Trust journey. Do you simply take the user’s job description and consider that to dictate their access level and role? Many believe this to be the case, but it is not a best practice. You will most likely be missing key points about those users’ roles and whether they really should be given the type of access you are about to permit them.

This is especially the case with users who have been in their role for some time. Many times, users take on tasks and responsibilities that are not defined in the original job description. Over time roles change. This means you will be doing more research and updating what your users actually do than you probably imagined. Permitting least-privileged access is a fine balance between not permitting enough access or permitting too much for that user. You’ll be spending a lot of time discovering your roles and defining them on your journey, and it’s a Zero Trust challenge that can take quite a lot of time, particularly when the business is large.

Recognize that Zero Trust is an Investment

An important challenge to recognize is that it will be an investment. Not just in money to establish, but in time. It requires training, software and hardware, potentially new positions in the company. These are all investments you should expect to make to become more secure.

You may find that your current software does not help you enforce Zero Trust principles. You’ll also be spending time training on how to use the software, how to enforce Zero Trust, what policies, systems and procedures will be changing in order to accommodate this new cybersecurity approach in your business. You’ll want to account for the time it will take to design the necessary procedures

Zero Trust Does Not Happen at the Flip of a Switch

The Zero Trust challenges above all mean that things will happen over time, not all at once. It’s important to keep that in mind. There is no “Zero Trust button.” You can’t suddenly activate it. Nor should you. Implementing things too quickly can mean processes might be broken or insufficient. Your Zero Trust implementation needs to be a methodical, incremental process.

Identifying all your devices, users, using a cybersecurity platform like ConsoleWorks to enforce your Zero Trust needs and more, will take time. As you’re doing this, you’ll notice areas that need your attention and gaps that may exist that need to be addressed before continuing. Even once you have implemented Zero Trust, you need to remember that the process is something that you must manage on an on-going basis.

Getting to Zero Trust

Getting to a Zero Trust implementation is a process that will take time. Being mindful of that process and various challenges you may encounter along the way will help you navigate it.

We talk a lot about attaining – and going beyond – Zero Trust. For further reference, see our Beyond Zero Trust series as well as our Beyond Zero Trust white paper.

If you have any questions or want to see how ConsoleWorks enables your Zero Trust needs, you can contact us here.

OT and ICS Cyber Security Professionals Networking Event

by

NEWS RELEASE

FOR IMMEDIATE RELEASE

 

PLANO, Texas – The leading  Zero Trust secure remote access technology, ConsoleWorks and Sectrio, a leader in IoT and OT security solutions have announced the successful completion of the first OT and ICS Security networking event in Houston. Over 30 CISOs from across North America joined security leaders from Sectrio and ConsoleWorks at the event.

Thought leaders from across industries such as manufacturing, oil and gas, mining, retail and healthcare spoke at the event outlining various aspects of OT and ICS security. The areas of deliberation included:

  • Attaining true Zero Trust and validating risk exposure with accurate KPIs
  • Preparing for new risk and security challenges in 2024; using AI as an ally to improve OT and ICS security
  • Leveraging secure remote access to improve shop floor security
  • Rolling out NIST CSF across the plant shop floor with minimal disruption
  • Building and deploying a comprehensive risk management program for IoT systems and networks
  • Plugging leaks in the risk and threat exposure matrix with measured interventions around visibility, threat perception, and asset intelligence
  • Countering automated threats with intuitive attack path analysis and improved SecOps
  • Deploying defense-in-depth through micro steps
  • Institutionalizing incident response through a multi-phase approach through optimized resource allocation

In addition to the speaking sessions, there were also gamified cyber incident response and intervention sessions where attendees participated. Industry leaders also set the agenda for OT and industrial security in 2024 by identifying priority areas for investments, visibility and control.  Speakers also touched upon the impact of AI on industrial security through use cases and spoke in-depth about how AI will influence security across the enterprise.

To book a free consultation or demonstration, reach us here.

The event was well-received
Over 89 percent of the attendees rated the event as ‘extremely helpful’ while 97 percent of the attendees agreed that there are clear and implementable takeaways for them and their teams post the sessions.

Sign up for the next security event near you here

About ConsoleWorks:

ConsoleWorks is a unified IT/OT cybersecurity and operations platform based in Plano, Texas, USA. It provides complete oversight, streamlines work processes, and enhances productivity and reliability. With secure access and control to any device, it creates a persistent, Zero Trust security perimeter for monitoring, auditing, and logging.

Media Contact

Company Name: ConsoleWorks

Contact Person: Pam Johnson

Email: pam.johnson@consoleworks.com

Country: United States

Website: https://www.consoleworks.com/

ConsoleWorks Zero Trust Platform and CISA JCDC – a Profound Partnership

by

In the relentless battle against the ever-evolving landscape of cyber threats, collaboration between cybersecurity solution providers and government agencies is paramount. This paper shines a spotlight on the partnership between ConsoleWorks, a leading Zero Trust cybersecurity platform, and the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC). The focus of this collaboration encompasses ConsoleWorks’ pioneering features, specifically Secure Remote Access with a true protocol break, ConsoleWorks REACT (Risk Evaluation and Assessment for Cyber Threats), Log correlation and event management, and the indispensable role of continuous monitoring with the Baseline Configuration Management (BCM) feature. More about what the CISA JCDC partnership encompasses can be found here: CISA JCDC

ConsoleWorks: Pioneering Zero Trust Secure Remote Access with a Protocol Break

ConsoleWorks stands as an indispensable ally in the realm of cybersecurity, offering a suite of robust features designed to ensure secure remote access to critical infrastructure. In an era where remote work is the norm, ConsoleWorks’ Protocol Break capabilities take center stage. This innovative approach places a strong emphasis on controlled and encrypted connections, effectively acting as a “man-in-the middle” monitor for any unauthorized access attempts. ConsoleWorks permits authorized personnel to access critical systems without compromising security, fortifying the defenses against potential cyber threats.

ConsoleWorks REACT: Comprehensive Risk Evaluation and Assessment

The complex and ever-changing cyber threat landscape requires a comprehensive approach to risk evaluation and assessment. ConsoleWorks employs a state-of-the-art strategy known as ConsoleWorks REACT (Risk Evaluation and Assessment for Cyber Threats). This proactive approach aligns seamlessly with JCDC’s mission of collective defense. ConsoleWorks conducts continuous risk assessments, assessing vulnerabilities and monitoring configuration changes for situational and operational awareness. Such a strategy empowers organizations to identify potential threats before they escalate into significant security incidents, staying ahead of the evolving threat landscape.

Continuous Monitoring with BCM: Enhancing Cyber Resilience

ConsoleWorks bolsters its capabilities through Baseline Configuration Management (BCM), a feature that plays an instrumental role in continuous monitoring. BCM ensures that the configuration of critical assets remains aligned with established and authorized baselines. By continuously monitoring and managing configuration changes, BCM not only participates in risk evaluation but also mitigates mis operations and provides invaluable assistance in incident response and recovery. It serves as the guardian of operational integrity.

CISA JCDC remote monitoring and management cyber-defense-plan

ConsoleWorks Zero Trust Cybersecurity Platform for CISA JCDC

The collaboration between ConsoleWorks and CISA JCDC amplifies the capabilities of Secure Remote Access, ConsoleWorks REACT, and BCM. By integrating real-time threat intelligence from JCDC, ConsoleWorks’ cybersecurity platform becomes even more dynamic and adaptive, preemptively thwarting unauthorized access attempts. In partnering with JCDC’s, and through collaborative efforts, ConsoleWorks REACT provides a template for mitigating an organizations risk in real-time. Meanwhile, BCM actively contributes to risk mitigation, ensuring operational integrity, and expediting incident response and recover by tracking and monitoring “known-good” asset configurations for unauthorized changes and library vulnerabilities.

Enhanced Incident Response and Recovery

In the event of a cyber incident, ConsoleWorks plays a pivotal role in incident response and recovery. Its continuous monitoring and session recording capabilities offer a crucial forensic toolset. When an incident occurs, organizations can rely on ConsoleWorks’ recorded data to investigate the incident’s root cause, identify compromised systems, and assess the extent of the breach. This invaluable information accelerates the incident response process, reducing downtime and minimizing the impact of cyberattacks. Furthermore, with asset “known-good” running state baselines that are stored within ConsoleWorks, the restoration of an asset can coincide with the incident response operations.

Comprehensive Compliance and Reporting

ConsoleWorks is not only a robust cybersecurity platform but also a compliance enabler. It automates compliance checks and generates audit-ready reports, ensuring that organizations meet regulatory requirements, effortlessly. This feature is particularly crucial for critical infrastructure sectors that must adhere to stringent compliance standards. Through ConsoleWorks, organizations can maintain compliance without the burden of manual checks and reporting.

Scalability and Integration

ConsoleWorks is designed with scalability and integration in mind. As organizations grow and their cybersecurity needs evolve, ConsoleWorks adapts. It seamlessly integrates with existing security tools, creating a cohesive security ecosystem. Whether an organization operates on a small scale or a large enterprise level, ConsoleWorks scales to meet the demands of the ever-expanding threat landscape.

Conclusion

In a dynamic cyber threat landscape, partnerships such as the one between ConsoleWorks and CISA JCDC are the linchpins in safeguarding critical infrastructure and data. The emphasis on Secure Remote Access with protocol break, the adoption of ConsoleWorks REACT for comprehensive risk evaluation and assessment, logging and event correlation, and the inclusion of BCM for continuous monitoring underscore ConsoleWorks’ commitment to providing a holistic cybersecurity platform. This collaboration bolsters these features, demonstrating a proactive approach in addressing emerging threats, and increases the reliability of the organizations operations.

Together, they exemplify the potential of cooperation and innovation to mitigate the ever-evolving cyber threat landscape, securing the digital future of organizations and critical infrastructure. As organizations navigate the complex cybersecurity terrain, ConsoleWorks and JCDC stand as guardians, offering a beacon of resilience in an interconnected world, ensuring the secure, uninterrupted operation of critical infrastructure assets.

For organizations eager to explore the capabilities of ConsoleWorks and witness firsthand how it can strengthen their cybersecurity posture, we extend an invitation to contact us. Our dedicated team is poised to provide further information, address inquiries, and arrange a live demonstration of our solution. Contact us today to embark on a journey towards enhanced cybersecurity, proactive threat mitigation, and a fortified digital future. Together, we can navigate the ever-evolving cyber landscape with confidence and resilience.

[SCHEDULE A DISCUSSION AND DEMO]

 

Announcing ConsoleWorks REACT for Risk Evaluation & Assessment for Cyber Threats

by

The industry acknowledges the necessity for a revolutionary and transformative approach to cyber risk assessment. Traditional methods, which frequently focus exclusively on individual assets and technologies or offer a point solution without a comprehensive view of the entire cyber risk landscape, are insufficient in today’s complex environment.

Cyber risk assessment should extend beyond assets to encompass various crucial elements including people: commands or actions, roles, training, and assets: known vulnerabilities of applications, operating systems, patch level, firmware, and configuration settings.

That’s where our platform, ConsoleWorks REACT, comes in. It combines comprehensive assessment of assets and user’s impact on assets through their day-to-day activity, with real-time cyber situational awareness. It epitomizes the integration of advanced risk and threat assessment, mitigation, and remediation technologies. Our distinctive, context-driven approach to risk awareness and threat mitigation provides organizations with unparalleled insights.

Organizations gain precise insights and the ability to proactively identify and respond to potential security risks and operational vulnerabilities before they occur.

ConsoleWorks REACT embodies the core principles of Zero Trust security, “never trust, always verify”. As the centralized human response and access control, logging, configuration monitoring, endpoint password management solution, the ConsoleWorks platform offers robust control over user access to essential resources for managing critical infrastructure operations. Think of the ConsoleWorks platform as the firewall for humans as the network firewall is to network traffic.

This comprehensive approach empowers organizations to adopt a proactive and vigilant stance, safeguarding the integrity and reliability of critical infrastructure.

TDi Technologies has been at the forefront of innovation in cybersecurity, working with funding from the Department of Energy (DoE) on this unprecedented project aimed at mitigating human errors within critical infrastructure.

Learn more about ConsoleWorks REACT, here.

Register for the ConsoleWorks REACT webinar on November 1, 2023, here.

Schedule a live demonstration of ConsoleWorks REACT, here.

ConsoleWorks REACTs to MGM Resorts and Caesars Entertainment Attack

by

SKIP the Read and REACT now!

Dive in with us! We invite you to present a scenario where ConsoleWorks, when correctly deployed, can detect, inform, and eliminate the MGM threat. We’re confident in our solution and eager to prove its capabilities. Let us be your partner in safeguarding your environment. Arrange a demo or a technical discussion today. Rest assured, you’ll be speaking with our expert engineers, not sales representatives. Share your top 3-5 concerns, and we’ll replicate them in our lab to showcase our solution. And if, after an hour, you’re not convinced? Our CEO will treat you to lunch at your preferred dining spot. Challenge us to prove our case !!

[SCHEDULE A DISCUSSION AND DEMO]

Prevention and Mitigation

Imagine you are in Las Vegas, enjoying a vacation at one of the famous casino resorts. You have just won a big jackpot and are ready to celebrate. But when you try to check out of your room, you find out that the hotel’s computer system is down. You can’t access your reservation, your loyalty points, or your winnings. You are stuck in limbo, along with thousands of other guests who are facing the same problem.

This is not a hypothetical scenario, but a reality that many guests at MGM Resorts faced on September 10, 2023, when the company was hit by a major ransomware attack that took systems offline in locations across Las Vegas. The attack left guests locked out of their rooms and unable to transact both on site and through the MGM mobile app. Eventually the affected casino hotels had to process transactions manually. It is expected that this incident will have a material effect on its operations as it continues to deal with the fallout.

MGM Resorts was not the only casino company targeted by threat actors in recent weeks. On September 14, 2023, Caesars Entertainment disclosed that it had suffered a data breach that compromised the personal information of many of its loyalty program members, including their Social Security numbers and driver’s license numbers. Caesars paid about $15 million in ransom to the attackers to prevent them from releasing the data.

These attacks have drawn scrutiny from the FBI, the Cybersecurity and Infrastructure Security Agency, the Nevada Gaming Control Board, and the Nevada Governor. They also highlight the need for more cybersecurity professionals and better security practices in the casino industry.

It also begs us to say, the weak point was the human response, fooled or tricked by the threat actor to perform a privileged function to allow the threat actor in by resetting credentials. Therefore, no technology could actually prevent this hack. I would argue however, that with a fully deployed ConsoleWorks REACT solution, the threat actor would have tripped over so many monitoring points and associated alerts with automated responses enforcing business policy, I cannot imagine how they could have succeeded. I know, go ahead, Challenge ConsoleWorks. Let’s use our lab to let you come after the lab or asset in the lab, whether its IT, OT or IOT. I’m good for a great discussion and demonstration.

In this blog, we will explore how ConsoleWorks, a cybersecurity and operations platform that provides secure remote access to IT and OT devices, could have prevented or mitigated these attacks using its features and benefits. We will also discuss how ConsoleWorks aligns with the Zero Trust approach, which is a security model that assumes no trust for any entity inside or outside the network perimeter.

How ConsoleWorks could have prevented or mitigated the MGM attack

The MGM attack was carried out by an affiliate of the notorious ransomware group ALPHV, also known as BlackCat. The threat actors claimed to have infiltrated MGM’s network on September 11, 2023. A supposed social media feed claimed they said threat actors had access to MGM’s Okta environment, which is a cloud-based identity and access management service. ALPHV also claimed to have access to their Azure tenant, which is a cloud-based platform for hosting applications and services. In addition to access the claim was that data had been exfiltrated from MGM’s domain controllers, which are servers that store user accounts and passwords.

ConsoleWorks is a cybersecurity and operations platform that provides secure remote access using Role Based Access Controls (RBAC) and Priviledged Identity Management (PIM) for IT and OT environments. If ConsoleWorks, as platform, had been deployed in their environment the scenario could have been prevented or mitigated in several ways.  Lets explore the capabilities for prevention ConsoleWorks provides relative to this scenario.

Secure Remote Access : To significantly bolster security measures, ConsoleWorks takes a proactive stance by implementing a Protocol Break and embracing a Zero Trust system with role-based access control (RBAC) and multi-factor authentication (MFA).  In this case ConsoleWorks would have been integrated with OKTA as an Identity and Access Management (IDAM) solution. This proactive approach effectively thwarts threat actors who rely on social engineering tactics to bypass security protocols or gain access to credentials, thereby preventing the transmission of malware and viruses into the critical environment. The absence of end-point asset credentials poses a formidable challenge for these malicious actors. It is important to emphasize that ONLY ConsoleWorks would have access to OKTA, eliminating the need for the user, or in this case ALPHV, to request an unauthorized  reset of OKTA credentials. Moreover, if a threat actor were to attempt an unauthorized reset of MGM OKTA credentials with the capability to escalate privileges within OKTA to become a “Super Admin”, ConsoleWorks detect the activity and and present the system owners with risky activity ALERTS. In reality, the opportunity to gain access to OKTA credentials would be very slim, as access to OKTA would only be applicable through the ConsoleWorks platform and not by end users.  If the integration between ConsoleWorks and OKTA were somehow modified by a threat actor, again, this change event would be detected and would be a clear indicator that something is amiss and necessitates immediate attention. As a recap, ConsoleWorks integrates with OKTA as an IDAM solution not the user and the platform uses the credentials for identity validation only. The User would never have escalated privileges that would provide the threat of account creation, modification, or privilege escalation. ConsoleWorks would create the necessary sessions based on business authorized ROLES. Furthermore, ConsoleWorks records, monitors, and risk score the end user activities in real-time. ConsoleWorks. Users ONLY ever need one credential and that is to authenticate  to ConsoleWorks where identity validation occurs through access control lists (ACL), password complexity, and/or through the use of multi-factor authentication, as is the case with the OKTA integration.  ConsoleWorks meets NIST, ISO, DOD and many other government standards as a Cyber Security Platform

Baseline Configuration Monitoring : Through the implementation of automated configuration monitoring on managed endpoints, ConsoleWorks can effortlessly maintain a comprehensive record of the system’s configuration. This includes details such as who made changes, when these changes occurred, and the specific commands that were used. This advanced functionality allows for a thorough understanding of the approved configuration both before and after any human interaction takes place. By comparing the approved values with the current values at the end of a user session, ConsoleWorks ensures the utmost accuracy and security. In the scenario involving MGM, ConsoleWorks would have promptly identified any modifications made to the reporting of monitoring tools on the system, as well as any newly installed software. As a result, it would be equipped to provide a detailed log of the session undertaken by the perpetrator involved in the MGM incident. This not only strengthens the security measures, but also enables effective password management, patch gap analysis, missoperations, and event remediation in the native language of the assets. With ConsoleWorks, IT and OT systems can remain consistently updated, secure, and fully compliant with industry standards and regulations.

End Point Password Management : Because ConsoleWorks stores the session generating credentials for remote access to assets and can rotate those passwords automatically, the user needing to connect to the asset only needs to be authenticated to ConsoleWorks and would never have access to escalated privileged accounts.  In this incident the OKTA credentials hi-jacking could have been prevented and the impact reduced as the critical asset would have not been reachable through a user endpoint. ConsoleWorks would be the intermediate system between a user and the critical asset and would broker all sessions and activities. The only integration of OKTA would be between ConsoleWorks and the MFA provider to authenticate the validity of the user connecting to the platform through HTTPS.. This separates the user from the credentials the generate connectivity to critical assets one more layer. As mentioned previously, ConsoleWorks would provide even further mitigation as in this case the comporomised credentials would be logged, the activity would be evaluated and automatic mitigation, based on business policy could be deployed based on our REACT solutioning. Furthermore these activities could be reviewed as  everything the user is doing down to the key stroke actions are recorded and retained. As an example of automated mitigation, here is a sample of opportunities:

  1. Create and Event or Alert to the Security Operations Center (SOC) that a critical activity was taking place by an interactive user.
  2. Never send the users command to the endpoint if it were identified as a command outside their scope of permitted activity
  3. Disconnect the users’ sessions and tag them as a threat, alert the SOC and tag the device the user was acting on to prevent forensic information from being corrupted.
  4. or pretty much any other business policy required such as preventing north, south or east, west movement and requiring a timed wait between changing endpoints.

Risk & Vulnerability Scoring : Think about it, Risk Scoring is generally approached from a single point solutions perspective, thus each score is only a part of the story. Let’s step out and say none of those scores consider scoring risk from a holistic perspective, where each of those point solutions are aggregated as individual sensor, feeding information to a human response platform. The Human, Device, and the Human Activity is scored and layered on top to produce real-time reaction or response to human activity and operational state of a device or application being influenced.

Finally add the CRITICAL part which is real-time scoring of a user’s command set on the device to understand their activities risk to the device and its operation. Send all of the above to the SIEM or SOC that aggregates and correlates network activity and human activity down to the keystroke, command, and a wholelistic situational awareness exists that provides a true real-time risk score.  In continuing this path, this provides the capability to take data and transform it into useable information that Incident Responder can take action on.

Situational Awareness : By actively monitoring, logging, and promptly reporting all activities performed on managed assets in real-time, organizations can significantly boost their ability to swiftly detect and respond to potential cyberattacks. This proactive approach not only alerts security teams promptly of any suspicious or unauthorized actions but also enables the creation of a detailed forensic record of the incident, capturing even the smallest details across diverse endpoints. Additionally, by effectively aggregating and intertwining all log files, organizations gain valuable situational awareness and ensure compliance with regulatory and cybersecurity best practices. In the case of MGM, ConsoleWorks would have provided the necessary audits and logs for every command issued and response received, empowering MGM visibility into what the threat actor did from start to finish and knowledge of what and how to remediate the affected systems. This comprehensive solution would even include the crypto keys utilized to encrypt the files on the machine, resulting in savings of up to 15 million dollars! Is anyone from MGM reading this?

Secure File Movement : Apparently, in the MGM incident, the threat actor had outside access from the infiltrated systems to be able to download files and their toolset. ConsoleWorks could have prevented that activity.  ConsoleWorks strictly forbids, without approval, change tickets, and scanning for virus and malware the ability to do file transfers across its platform.  If the Threat actor wanted to bring in their toolset, they would have had to download the toolset to a ConsoleWorks “Dirty” folder on the ConsoleWorks platform, and then get another person with higher authority in MGM to authorize the file transfer.  Even if an authorization of a file transfer through ConsoleWorks were to occur, ConsoleWorks would initiate a malicious code scanning activity to detect embeded virus’s and/or malware before placing the file(s) into a “Clean” Folder. Only after the file is in the “Clean” folder can the user now transfer the file to the critical asset.  This  adds another security checkpoint in the defense-in-depth approach and could have been another prevention in the case of the MGM incident. The key part here is the business policy and separation of duties to bring the files inside the enclave.

This case study could probably go on and on about how ConsoleWorks would have prevented or mitigated this attack with many more risk mitigating controls the platform has to offer. However, it could take days and we want to be respectful of your time. We invite you to reach out to us to find out more and even challenge us on our prevention and mitigation claims. We would even be happy to back our claims up through a demonstration of the platform to you.

We Thank You for your time and its an honor to get your comments, suggestions or guidance – please feel free to leave comments.

Remember, a BLOG is a written version of my consciousness at the time, I don’t remember if I slept last night or was just out all night, so please any disagreements should be with me, not the Company. But again, we ask you – challenge us to prove it, I am pretty sure we can do that in SPADES!! get it, lol!

 

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us