Blog Series ChatGPT Not quite Skynet part 4

PRESS RELEASE

Part 3 - Helping SOC analysts with Mitre ATT&CK, TTPs and threat hunting ideas?

Training and continuous professional development are important at e2e for everyone, including managers. Recently, I attended the 2023 FIRST Regional Symposium Europe in Bilbao, Spain.

What is EDR?

Helping SOC analysts write log queries

“Business Email Compromise, one of the top three online security risks facing business today that has the potential to be every bit as devastating as a ransomware attack or a production outage.”

The three biggest cyber threats also create the greatest cyber-related risk for organisations. Cyber risk is defined as Likelihood x impact. The impact is often measured against the cost to repair or recover from the attack or by other business metrics such as reputational impact, financial impact, or business continuity capability.

A robust cyber security strategy should effectively address the following questions:

Although it was only released November last year, there’s already been a lot of talk about how OpenAI’s ChatGPT could democratise cybercrime and fuel cyberattacks, with examples of how it’s been used to develop malicious tools available on the dark web.

Tim Anderson joins e2e-assure as Chief Commercial Officer

Why firms without cyber resilience strategies are putting their futures on the line

As 2022 comes to an end, there will be much trepidation going into the New Year where cyber attacks are likely to become faster and more destructive. Our CEO, Rob Demain, shares his thoughts on what to expect for 2023.

Cyber security has traditionally been viewed as an item on an IT checklist and a cost centre. But the perception of cyber security is changing and to explore this, e2e-assure invited seven leading cyber security practitioners and experts to participate in a thought leadership roundtable titled, ‘The cyber security paradigm shift: from cost centre to competitive differentiator’.

As part of our ongoing closer alignment with Microsoft as a chosen strategic partner we have received our first Gold status on cloud platform competency. This is the first in a series of what will be several Gold certifications we are currently working towards.

“It feels revolutionary!” J. Rimell Development Manager e2e-assure

In this blog we introduce Siva, recently recruited to the role of Junior Software Tester at e2e-assure.

Cyber security is a topic that’s talked about far and wide. Whether it’s due to the exponential increase in remote and now hybrid working over the last two years, nation state tensions or the decreasing costs to create a ransomware attack, everyone seems to be talking about it.

Continuing with our new starter series, we are introducing David, Cyber Security Analyst at e2e-assure.

We’re really looking forward to attending Cyber UK 2022 this coming Tuesday and Wednesday (10th and 11th of May) in Newport, Wales.

At e2e-assure, we do a lot of work behind the scenes to protect our customers, both proactively through the likes of threat hunting, but also reactively as new vulnerabilities become known. Over the years we’ve worked tirelessly to ensure customer networks are up-to-date and that we can detect and respond to exploits.

e2e-assure has entered into a new partnership with cloud computing and managed services company, iomart.

e2e-assure launches new Microsoft Defender focused SOC services to help organisations kickstart their cyber risk management.

As part of our new starter series (which has admittedly been on hiatus recently), we’re introducing our newest Senior SOC Analyst and Shift Lead – Karl Moss.

We’re pleased to share that, earlier this month, e2e-assure renewed their Cyber Essentials Plus (CE+) certification. We’ve held the Cyber Essentials certification since it started, evidencing the continued commitment of our teams to ensure we uphold (and exceed) best practice in cyber security.

Every year the requirements to achieve Cyber Essentials changes, in line with the ever-changing threats and best practice to combat these threats. Changes brought in on the 24th of January 2022 saw the biggest overhaul with regards to technical controls since the schemes launch in 2014, reflecting the heightened risk and complexity of cyber threats today.

Lessons on managing cyber security risk

With Russia and Ukraine consistently in the news there is more focus on the likelihood of cyber-attacks on Ukraine’s electric grid and the potential of retaliatory attacks on Europe and the United States given the possibility of sanctions on Moscow. The New York Times reports that the top US cybersecurity official met with NATO to discuss how to prepare, deter and perhaps disrupt any Russian cyber-attacks.

—– 24/03/22, 09:30 update —–

It’s been a month since the world was thrown into frenzy around the log4j vulnerabilities, so what do we know now and what have we learnt since then?

We’re often asked whether we think an organisation’s Managed Service Provider (MSP) should be responsible for their cyber security. Initially it may seem like a question with a simple answer, after all they’re responsible for the overall IT delivery, so surely that should incorporate cyber security?

Now that the dust has settled a bit on the log4j vulnerabilities and we’re beginning to build up a better picture of the situation, e2e have provided some more guidance on how to ensure your organisation is as protected as possible. This post complements our regularly updated blog, which provides our initial response and subsequent updates, including new patches and information on the latest industry guidance. You can view the update blog here.

This blog will be updated regularly as we understand more about the log4j software vulnerabilities.

We’re increasingly being asked by smaller organisations how they can improve their cyber security, without huge budgets, given the increasing threats they are facing in today’s world.

As part of our ongoing roadmap, covering both specific customer needs and proactive product development, this week we launched our Google Cloud Security Operations Centre services, delivered through new integrations with our SOC Platform, Cumulo, allowing organisations to have a 24/7 detect and respond service for all Google tools.

Let us start by saying that the cyber security threats facing each organisation will differ. For some the challenges could be more internal, in getting everyone to take responsibility for cyber, getting the board to move away from the “it won’t happen to us” mentality, or even malicious insiders. For others, they could be the target of sophisticated nation-state attacks.

There are numerous routes into a cyber security career and different paths to take within it. You may be new to the world of work and thinking that cyber security might be for you, but unsure what path to take or where to start. You may have years of experience in cyber security roles, but not clear what your next step or even end-goal for your career is. You may even have years in other industries and be considering a complete career change.

The next blog in our Cybersecurity Awareness Month series covers 10 tips organisations can take to improve their cyber security without spending huge sums of money. Whilst some of these will be quite basic, the beauty (and challenge) of cyber security is that often having good hygiene will help you just as much as investing thousands in a piece of technology or service.

We kick off Cybersecurity Awareness Month with 10 simple ways in which individuals can improve their cybersecurity for themselves and by extension, their businesses. It’s worth noting that most potential attackers don’t target a specific individual (unless of extreme wealth!) as it’s doesn’t represent a good ROI for them and so will normally use bulk techniques, including ‘credential stuffing’ based on previous breaches and the equivalent of mass marketing. This means that taking relatively simple steps can massively reduce your risk of having your details compromised.

October is Cybersecurity Awareness Month, a joint initiative between the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA), entering its 18th year in 2021.

Last week a team of 10 e2e-assure employees arrived at the River Solent for our 2nd Silicon Cup Regatta, in support of three great charities:

Last week thousands of people descended on Birmingham’s National Exhibition Centre to attend the National Cyber Security Show (NCSS), as part of the wider Safety and Security Series.

We are excited to be attending our first physical event in years on the 7th-9th of September 2021; the National Cyber Security Show (NCSS) at the Birmingham NEC.

To launch our new blog series aimed at finding out more about the people behind e2e-assure we spoke to Duncan Wright, Cyber Consultant. Duncan has worked at e2e since the very early days, joining as employee #16 in 2016 and has had an extremely interesting life and career to date, which we explore in this blog.

As part of our new series introducing our new starters, this week we find out more about Aaron Lewis.

e2e-assure, as a member of the cybersecurity community committed to the prevention of all forms of harassment within our industry, hereby pledges its support for a workplace and community free from harassment and fear.

At e2e-assure we’re seeing increasing demand for our services and as part of that have started ramping up recruitment across the business. We’ll be introducing new starters at e2e as we continue to grow as an organisation and thought it was best to start with the new starters to our Business Development team that has doubled in size in the last few months.

Hi. I’m Dan, the new(ish) Marketing Manager at e2e-assure. In contrast to my normal ways of working I decided to write a blog on my first 3 months at the company. I hope it will be useful, whether you’re looking to join e2e and unsure what it’s like, are about to join e2e or are a current employee and interested to see my initial experiences.

Abingdon, June 2021: Nine23, specialising in cyber security solutions to enable end-users to utilise secure technology through its secure UK Platform FLEX cloud and managed services, and e2e-assure, a trusted cyber security services company with over 20 years’ experience specialising in SOC as a Service and Managed Detection & Response (MDR) will join forces and work together to deliver world class cyber security solutions to reduce risk and deliver value whilst being fully transparent.

We are delighted to announce that e2e have been recognised as one of the 100 most innovative cybersecurity companies helping financial institutions by FinTech Global as part of their 2021 refreshed list.

Alerts are undoubtedly critical in delivery of an effective Cybersecurity operation, but sheer volume of alerts can be crippling to a SOC. In this blog we’ll talk about the steps you can take to reduce the false positive alerts, freeing up your analysts to provide more pro-active defence and less ‘alert bashing’. We talk openly about the challenges we’ve faced in this area and how we’ve seen drastic improvement through a process designed to save analyst time without increasing security risk.

In May, e2e-assure held the first of two ‘virtual private events’ (VPEs), hosted by Amar Singh of the Cyber Management Alliance with 15 CISOs.

This week is Autism Awareness Week, and to help celebrate this, we thought it was best to help collate some useful articles and tools from experts in the field that we feel are worth reading and watching to expand your knowledge:

BGF, the UK and Ireland’s most active investor, has completed a £10.5 million minority investment in e2e-assure, an established, fast-growth cybersecurity business based in Oxfordshire. The funding will be used to facilitate international growth and expand its go-to market offering.

Part One of this article covered some of the challenges of the traditional SOC approach – overly technology focused with budgets taken up with hardware costs and licence fees desperately chasing log capture.

Since launching in 2013 e2e have used our own, specially designed SOC platform “Cumulo”, designed as the ultimate analyst support tool, and have focused on recruiting the best and most diverse analysts in the business.

Saturday the 10th of October was World Mental Health Day - an important reminder of the continued importance of mental health in both the workplace and our wider lives.

We’re very excited to be offering our new service, CloudSOC, with our partners at UKCloud

2018 seems to be the year when the panoply of cyber security standards comes into effect.

In recent months, we have seen an increase in the number of cyber-attacks taking place across the globe. The UK Government is dedicating £1.9bn over the next five years to grow the country’s cybersecurity capabilities to be able to match this growing threat.

Earlier this year, we implemented DMARC records and reporting for e2e-assure.com. In this blog post, we look at what DMARC is, and the benefits it can provide.

e2e-assure has become a Preferred Partner in UKCloud’s partner programme and will deliver their world class cyber defence and security monitoring capability to UKCloud’s cloud platform. It will also be available as an optional service for UKCloud’s public sector customers: including Public Sector organisations, System and Service Integrators and Independent Software Vendors.

As an active member of the security community, e2e-assure is committed to keeping up-to-the-minute with information security tools, techniques and discoveries. However, we know that the only way the ‘Good Guys’ stay ahead of the ‘Bad Guys’ is by thinking offensively, and beating them to the punch. One way we do this is through security research and vulnerability disclosures to major companies.

In our daily work of Protective Monitoring we see a lot of encoded/encrypted traffic - from webpages served over HTTPS, to passwords being obscured using Base64, to zipped binary data, and PGP emails.

Welcome to Part 3 of this series on Android Photo Locker app weaknesses, and things are getting more interesting… As you’ll recall, in Part 1 we discussed the general Android app security landscape, while in Part 2 we delved into poor data storage practices. We’re now going to discuss poor implementations of encryption, alternative methods of data hiding, and the dangers of over-privileged users and apps.

At e2e-assure, we like to play our part in making the web safer for everyone.

Ransomware has unfortunately been gaining in popularity over the last year. With targets such as hospitals and schools ‘paying up’ to get their files decrypted, ransomware has become the latest menace to both home and corporate users.

This is the second part of a security review of Android ‘Photo Locker’ apps. In the first part we looked at an overview of the state of these types of apps, determining the most common vulnerabilities, and revealing that most of them were easy to extract images from just by having access to the device – with others being vulnerable to other attack vectors requiring more skill or access levels.

Security is an important issue to all of us today, and we are all realising the value of our personal data. Images in particular are deemed to be important - we have a desire to protect these over most other types of data. And to address that need comes the ‘Photo Locker’ category of apps. Whether we want to keep corporate secrets in images safe, protect photos of ourselves from others with access to our devices, or keep a personal collection of pictures to ourselves, there are these apps available to keep them safe. But how much protection do these apps really provide?

For those of us privileged to have been invited to the 4th annual SANS Netwars tournament of champions, held in the ballroom of the Grand Hyatt hotel in the centre of Washington D.C. last week, the sight of the massive display screens towering over the rows of competitor’s tables was an inspiring start to the event. Each of the tables had several rows of seats for the attendees of the SANS Cyber Defence Initiative, the competitors being made up of people who were attending one of the many concurrent SANS courses and people invited to the Champions Tournament, with my invitation having come from my top scoring performance in the Cyber Academy in Cardiff in October.

When e2e discovered a suspicious webpage had been visited by a host on a client’s network we decided to analyse the script contained within the webpage to find out its functionality. What we discovered was a landing page used by the sophisticated exploit kit ‘Angler’…

A breakdown into the Dec 2015 vulnerability in Juniper ScreenOS by carlu

In the last blog entry I gave my view of why major corporations keep getting hacked. I argued that the focus of security within organisations is all wrong and, due to lazy evolution, corporate security teams fail to provide business owners with the information needed to make informed decisions on how to defend against cyber-attacks.

This is the third article of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services. This article explains e2e’s approach to delivering protective monitoring services.

This is the second of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.

This is the first of a three part article that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services.

I’ve previously argued that by attempting to secure an employee’s personal device you were creating a ‘technology tug of war’ – the security measures remove the user experience and so on.

e2e attended the SecurityExpo at Excel earlier in the week and managed to listen to a few key note speakers. We were very interested in ‘The Future of Incident Response’ talk by Bruce Schneier and thought we should add our thoughts…

How do you make and maintain a massive public cloud? You use common parts and you use them everywhere. You try to keep the whole cloud as similar as possible. You do this at every layer of the stack from the hardware to the application api’s. That means the major cloud back ends are homogenised. Key to keeping in control of a massive cloud is to reduce the number of variables - reduce components, reduce complexity and look for as many ‘one size fits all’ solutions as possible.

The Cyber Essentials Scheme (CES) - http://www.cyberessentials.org is relevant to every business. Even small ones like ours.