Why You NEED To Use EDR As Part Of Your Company Security

As a Cyber Security company, we have (a LOT of) experience with different EDR systems. To maximize our clients’ security profiles, we implement our tried-and-true best practice policies and configuration settings.

One of our clients, a financial corporation, was using CrowdStrike for their EDR protection.

We noticed there was unusual activity with the Nmap tool, a tool providing scanning discovery of network activity, so we decided to implement a detection rule to strengthen their endpoint protection posture.

Not long after implementing Nmap rule, we were alerted that an IT manager user was scanning the network using Nmap on a Friday night – a time it was definitely not supposed to be active!

While Nmap is a known tool we use to scan the network, it can be used for malicious activity as well. And in this case, one of the helpdesk computers was being used without permission.

After some research, we found that one of the Helpdesk team members had accessed his manger’s credentials and used it to preform scanning activity.

As a result of this proactive approach, we ensured all data remained intact and the guilty party’s credentials were removed while management investigated his intentions.

Are you using Nmap to scan your network? If you’re not sure, it is a good time to detect it.

Wondering how to get this done? Take a look!

About qmasters

QMasters was founded in 2015 to help Israeli governmental, military, niche security, and municipality offices protect themselves from cyber-attacks. As the cyber security threats grow year after year, so does our list of customers. We are a team of 30+ security experts committed to solving security challenges with the right combination of strategies and technologies.

you might also like:

FortiOS Flaw Exploited as Zero-Day in Attacks

On December 12, Fortinet reported on a heap-based buffer overflow...

תגובה לאירועי אבטחה – Incident Response

לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...

ClearPass Vulnerability Alert

Aruba has informed us about a new security advisory for...

VIDEO: Carbon Black Webinar - Investigating an Incident

This video link has expired. Please contact Michelle at [email protected]...

1 2 3 6

Join our newsletter!


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram