Respect in Security Pledge

Custodian360 backs Respect in Security to remove harassment from the industry.

At Custodian360 we are proud to have signed up to Respect in Security and took our corporate pledge earlier this week. Respect in Security is an initiative setup to take a stand against all forms of harassment and support victims both online and in the workplace. As a corporate partner we will continue to ensure that all members of our team have a safe workplace, free from harassment or abuse.

The infosec community is a fantastic thing, made up of people from all walks of life but for too long there has been an underbelly that has soured the experience for some. If we all take a stand to stamp out any form of harassment and work to create a diverse and inclusive community the fantastic industry that we are lucky enough to work in will become and even better place.

Custodian360, as a member of the cybersecurity community committed to the prevention of all forms of harassment within our industry, hereby pledges its support for a workplace and community free from harassment and fear.

Harassment is any unwanted physical, verbal, or non-verbal conduct that has the purpose or effect of either violating a person’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for them. Harassment may be persistent or an isolated incident and may manifest obviously or be hidden or insidious. It may take place in person, by telephone or in writing, including emails, texts, or online communications such as social media. The definition of harassment applies equally to situations of direct communication as it does to situations of active exclusion of individuals, or solicitation of such communication or exclusion.

This pledge applies in the workplace as well as in work-related settings outside the workplace or outside the regular business day. We pledge that:

We will work to eliminate harassment, to include all employees, partners, customers, and interactions. Any form of harassment, even when not unlawful or directed at a protected category, will not be tolerated.

We will not tolerate, condone, or ignore any form of harassment no matter where it occurs, or the personnel involved.

We will ensure that staff members are not asked to operate in unsafe organisational or social environments.

We will empower employees, contractors and third parties to come forward with reports without fear of retaliation, and to immediately and respectfully respond without prejudice. We recognise that those reporting harassment are not in any way disloyal to the company or the community, and that everyone deserves to work in a positive environment.

We will protect the anonymity of those reporting suspected violations to the greatest extent reasonably possible.

We will regularly educate employees and contractors what constitutes harassment and why it’s never acceptable, while continually maintaining and actively reviewing our policy and reporting mechanisms.

We will regularly discuss reporting protocol with our employees and ensure that we make a public version of this protocol publicly available for external reference and use.

Custodian360 and The ICC Group.

Custodian360 are excited to be partnering with The ICC Group to bolster and support them in providing critical managed security to their existing customers and new. 

With the ever-changing world of technology and the speed at which it moves, it is now more important than ever to keep up. Adding new solutions to The ICC Groups portfolio to complement their existing services has become a key focus for them. Custodian360 are pleased to work with The ICC Group to accelerate the ability to detect and respond to the increasing volume of endpoint threats, which is now more than ever, critical to any organisation.  

For The ICC Groups customers this will mean in addition to monitoring their customers networks, keeping downtime to a minimum from hardware failures, they are now able to provide further support to also reduce their downtime due to security breaches. 

Nikki Webb, Global Channel Manager for Custodian360 had this to say,  “I have had the pleasure of working with Jason Kay for the last couple of years and I have always found him to be astute and committed to the task in hand, he has a real passion and understanding of his customers’ Cyber Security needs. I think The ICC Group are currently making all the right moves as an MSP and we are excited to be on this journey with them. Cyber Security is at the forefront of every organisation’s critical planning and I have no doubt that Jason Kay and his dedicated team at The ICC Group will ensure their customers, new and old, will benefit from such partnerships.”

As a Custodian360 MSP, we can provide you with solutions to bolster your portfolio, including our Gartner leading fully managed EDR and EPP solution against ransomware, persistent threats and other malware, removing the support burden.  Along with this we provide world class partner support, we are a channel only privately owned company who support MSP’s around the world, if you are interested in finding out more about our partner program then please get in touch with nikkiw@custodian360.com 

Emotet Returns

Emotet Trojan

 

Since its initial discovery in 2014, the Emotet trojan has become an increasingly dangerous and persistent threat to users and organisations across the globe. The US Department of Homeland Security CISA division, refers to emotet as ‘among the most costly and destructive malware’ affecting from small to large scale organisations of both the private and public sectors.

Emotet started out as a way to steal users banking details, the scope and capabilities of this trojan have changed drastically.

From spreading itself across a network infecting other machines to skimming Outlook contact information to use in spear phishing attacks to stealing browser history, user credentials and installing other malware such as backdoors and ransomware, emotet can be extremely damaging to an organisation. Also, due to Emotet being polymorphic and able to constantly change and modify itself, it is increasingly difficult to detect and prevent against using typical signature-based methods with hundreds of unique payload variants discovered daily.

Phishing Email Example

Phishing Email Example

Emotet trojans will generally arrive on a user’s machine via emails like the above example. Spam emails spoofing common brands and institutions (banks, government departments) with layouts and language designed to encourage the user to click on the malicious attachment or link to sites hosting the document for download.

Crimeware-as-a-service (CaaS) helps ensure that new versions of these email attachments can be generated and distributed on a near constant basis ensuring its ability to evade traditional AV on Zero-day.

We regularly see new Emotet detections and an example of a malicious emotet attachment that one of our agents detected had been created only 4 hours prior.

VT History

In a short span of time, a new .doc attachment was generated with a new file hash value which would be unknown to a traditional AV solution was attached and emailed to an unsuspecting user ready for the morning inbox clear-out.

At the time of the detection, our threat researcher uploaded a copy of the threat file to VirusTotal where only 8 other Vendors were aware of and had the file marked as malicious.

VT Detections

This means that on many other AV solutions, the file would have been allowed to run and would not have been detected.

For this example, the user clicks on the attachment unaware as the document starts delivery of the Emotet payload.

From the attack storyline on our management console, we can see that as soon as the doc is opened, it attempts to utilise PowerShell to run obfuscated code. Code obfuscation is one of the methods used by hackers to evade static analysis engines in Anti-Virus and help disguise their activity.

Story Line

In this case, the PowerShell code attempts to create a network connection to reach out to a compromised domain online and download the additional emotet payload to the users’ machine to exploit further.

For any business, such an attack could cause severe consequences that would translate to high financial costs and reputational damage.

In this case, the threat was detected by the behavioural engine of the agent which was able to determine that the activity exhibited by the threat was malicious and then, autonomously killed and quarantined the threat from the users’ machine. After the threat was investigated by our security analysts, the threat was successfully remediated against without any disruption or compromise to the user’s machine.

Without our agent in place on the user’s machine, the result may not have been as favourable.

 

Alex James – Lead Security Analyst – Custodian360

Cyber-Security and Lego

Custodian360 are delighted to welcome Dan Maund from the SEROCU Cyber Protect unit to our office on Thursday 7th February to host a FREE Cyber Security workshop. This workshop has the added bonus of playing with Lego, to help you and your colleagues work out how to get the best protection with the budget you have right now.

Custodian360 are proud to support the tireless efforts of SEROCU Cyber Protect unit. We all know businesses are under constant attack from organised cyber-criminals and that their aim is to steal or extort money, data and time from you.

Come along and find out where your Cyber Security posture sits right now and how this could be leaving doors open to these criminals, but, more importantly, to find out what the SEROCU Cyber Protect unit advise you to do about this. Please contact info@custodian360.com for more details and to secure your place at this event.

5 Things Everyone Gets Wrong About Anti-Virus

It shouldn’t be news to anyone that cyber threats are on the increase, and the requirement to have an effective security solution has never been more pressing as advanced hacking techniques continue to proliferate in the wild.

With the market awash with vendors making bold claims and news stories making even bolder headlines, it can be hard to separate the fact from the fiction. If you’re new to endpoint security, here’s the five basic things to ensure that you get right about the options available.

1. Viruses Aren’t the Only Threat

Security threats have evolved beyond all recognition from the early days of the computer virus, but most security solutions still carry the term “anti-virus” in their name, which is really something of a misnomer in the modern threatscape.

The reality is that cyber attacks take many different forms that have nothing to do with being a virus, and they can range from the indiscriminate to the highly targeted. These include ransomware, spear-phishing, drive-by attacks and both software and hardware vulnerabilities that can lead to loss of customer and corporate data.

And don’t fall into the trap of thinking your business is too small to be targeted. Attackers are now weaponizing machine learning to produce highly-targeted campaigns, at low cost to themselves.

Also, don’t forget that threats can come from within; disgruntled employees know the weaknesses of your system better than any outsider. Good endpoint security needs to be able to detect bad behaviour no matter the point of origin.

2. Malicious Files Aren’t the Whole Story

Most people think that security software works by scanning files on the local computer and deciding whether they are malicious or not. Like the term ‘anti-virus’, that’s a bit of an old-fashioned way of thinking about it. Although there are still legacy AV programs that primarily work in that way, even they will usually offer some additional functions such as blocking malicious websites or detecting excessive use of resources typically used by ransomware and crypto-miners.

However, for truly effective protection, you should be looking at security solutions that do more than that. Today’s cyber criminals are able to leverage fileless attacks, change DNS settings to re-route your network traffic and inject code into legitimate processes. A legacy AV solution that primarily focuses on scanning for malicious files is, like last week’s soup, well past its sell-by-date.

3. Trust is a System Weak Point

As we hinted in the previous point, untrusted software is not the only danger on your endpoint. Even first-party and established software brands can be leveraged to breach your system.

While MS Office Macro attacks have a long history, Macro-less attacks such as DDE can exploit vulnerabilities that will bypass many security solutions because they appear to be coming from trusted applications. Similarly, most businesses will likely have a need for legitimate PowerShell operations, and yet PowerShell-powered attacks are becoming increasingly common. You need a security solution that’s smart enough to allow PowerShell to maintain your productivity, but also able to ensure that it can tell the difference between malicious and legitimate behaviour.

Modern malware can also run without interference on many systems running AV solutions if it is able to operate with system-level privileges, whether through a privilege escalation vulnerability or other methods of infection. This is because many AV packages take the wrong approach by granting trust by identity, rather than by behaviour. When security solutions take this kind of “whitelisting” approach, the endpoint is left vulnerable to supply chain attacks and fake certificates.

4. There’s Power in Simplicity

Security software doesn’t have to be hard to use, and you shouldn’t have to be a security expert to manage it. Unfortunately, a lot of security software gives business owners just that impression, overcomplicating things with diagnostic tools and components that require specialist training courses to master. Be sure to choose an endpoint solution that minimizes maintenance tasks, presents a clean, easy-to-understand interface and provides one-click remediation.

You want a solution that anyone in your team can quickly learn and operate. It’s important for business continuity that knowledge of your security solution is not tied to specially-trained members of staff. Who knows how long before they move on, taking their expert knowledge of your security solution with them?

5. Security is a Mindset, Not a Product

Probably the biggest thing you can get wrong about AV software is believing that it can solve all your security issues in one fell swoop. Threats come in many shapes and forms: from indiscriminate ransomware attacks to disgruntled employees. What’s your plan of action when (don’t think “if”) a breach occurs? How will you respond? Failure to have a response plan in place could mean greater damage to your customers, your data and your reputation.

This is why you need an endpoint solution that can be part of your entire response plan. A cross-platform solution like SentinelOne can provide deep visibility into even encrypted traffic across your network,  one-click remediation and rollback, and a single, holistic agent that’s simple to use.

Our Takeaway

Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses. Most attacks are opportunistic and target not the wealthy or famous, but the unprepared. According to a 2018 SentinelOne survey of US companies, 56 percent suffered a ransomware attack in the last year. Given that the majority of organisations will be hacked over their lifetime, it is imperative that organisations have the necessary tools to spot and stop an attack quickly and effectively.

This is why you need an endpoint solution that can be part of your entire response plan. A cross-platform solution like SentinelOne, provided by Custodian360 can provide deep visibility into even encrypted traffic across your network, one-click remediation and rollback, and a single, holistic agent that’s simple to use.

 

This blog was first posted by Migo Kedem

Custodian360 and CyberHive Form an Alliance

Custodian360 and CyberHive Form an Alliance

Two innovative UK cyber security companies are excited to announce that they are joining forces to provide the world’s best cyber security solution.

Custodian360 and CyberHive are able to protect an organisation’s entire IT estate against all types of Cyber threats. This disruptive new technology will combine Custodian360’s real time protection and remediation with CyberHive’s patented whitelisting technology.

The combined solution protects all endpoint devices, including servers, laptops and mobile devices and further strengthens the security of the all-important servers where critical data is stored.

The combination of these 2 technologies would detect and stop the major breaches we have seen hit the headlines in recent months in their tracks. A combination of dynamic process monitoring and continuous learning ensures that new or previously unseen events are detected as malicious and stopped before they ever become a major problem to your business.

The partnership has been formed to address the inadequate threat-awareness, poor work practices and out of date technology that is leaving many organisations open to attack from cyber criminals.

No matter which industry your business operates in, no sector is immune to an attack.

Lanning Consulting Company Choose Custodian360

I first met Custodian360 at an exhibition and was immediately impressed by their Managed Security Service offering.

 

A true Enterprise solution at SME prices.

 

Since that time, they have continued to be open, and approachable to support me as a reseller (with online demo’s, support at exhibition’s, addressing technical questions etc), but they are also more than willing to engage directly with customers on my behalf in the pre-sales cycles.

 

Their pricing model is clear and simple for partners allowing me to quote prospective customers instantly and avoid delays in my sales cycle.

 

My customers are always amazed at how quickly and easily Custodian360 detects threats that they didn’t know they already had in their networks.

 

Depositit Choose Custodian360

As a company offering Data Protection services to the SME sector we were seeking additional and complimentary solutions without the need for ourselves to spend time and resource reinventing the wheel.

We narrowed down our search of possible solutions and then emailed/left message and spoke/met with with the companies who, on the face of it looked like they could provide what we required. Very quickly we got a feel for the types of company we had approached as most didn’t return calls, those that did promised a call back which, to this day remains elusive and a few whom we met didn’t seem interested in doing business unless there was a guaranteed value on the table.

Custodian 360 were easy to contact, forthcoming and supportive in helping us achieve what we were looking to do and no question was too silly. They actually reminded us of us, which is very customer focused be it towards partners or an end user of the product itself. We knew within a very short space of time that this was a company we could develop a sound relationship with moving forward knowing we’d be supported in all ways.

The relationship continues to develop and grow and we feel  very comfortable approaching Custodian 360 at any time for resources, information, customer support, trial accounts, webinars and brainstorm sessions to develop ideas to help achieve sales.

We’re very happy with the choice we made and confident the relationship will only continue to prosper over the months and years ahead.

Trickbot Trojan On The Rise

Over the last month, we’ve noticed an increased amount of weaponised trojan documents detected by our Custodian360 agent.

Criminals have setup a large variety of fake email campaigns spoofing email domains to imitate genuine emails typically from financial institutions such as PayPal, HMRC, Sage, Barclays etc.  They typically use language which demand the user’s attention such as an “unpaid invoice” or “bill attached” and have a weaponised document attached for the user to open.

i Example of spoof email (Screenshot taken myonlinesecurity.co.uk)

Once opened, the threat will attempt to use exploits and vulnerabilities in Office to gain ability to create system process and download additional malicious payloads all without the users’ knowledge.

Whilst newer versions of Office have additional protections and countermeasures against this type of attach, many businesses still run older versions of Office. In a 2017 survey by Spiceworks, 68% of companies are still running instances of Office 2007 which won’t have sufficient protective measures in place against this type of threat.

Custodian360 effectively protects against this type of threat by using documents and scripts analysis engine to prevent their execution including unknown zero-day campaigns.

However, end users should still be advised to be vigilant and avoid opening unknown attachments and companies should be encouraged to move away from using older versions of office due to the vulnerabilities and increased security risk which these types of threats attempt to exploit.

Data Snapshot: The state of productivity suites in the workplace

Found on Spiceworks: https://community.spiceworks.com/software/articles/2873-data-snapshot-the-state-of-productivity-suites-in-the-workplace?utm_source=copy_paste&utm_campaign=growth

Alex James – Lead Security Analyst – Custodian360

Thomsonlocal Choose Custodian360

Thomsonlocal is one of the largest digital marketing agencies in the UK with over 30 years of experience connecting 10s of millions of customers and suppliers daily.

The security team at Thomsonlocal decided to work closely with AVR International to evaluate their options around End Point Security as the assessment had been made internally that ‘legacy’ systems were fast becoming unfit for purpose. “There are a plethora of End Point solutions in the market place currently and we simply don’t have time to test them all thoroughly.

We trust the technical capabilities of the AVR team and trusted that they would put forward only the very best solutions to address the changing needs of our business in the digital age.” Says Steven Denver (Infrastructure Support)

Key to the implementation were:

•A Modern approach to Protection, Detection and Remediation

•Detections rates – The existing solution was missing growing numbers of threats

•Detection methods – Signature scanning is fast becoming old hat and does not detect new advanced threats like memory based exploits.

•Comprehensive expert support with leading SLA times.

Following this collaborative approach Thomsonlocal chose Custodian360 as their New Managed End Point Protection Service. Built on the SentinelOne platform and managed by the team of experts at Custodian360 it is a service that backs itself 100%. Custodian360 offers SentinelOne’s unmatched detection, mitigation and remediation capabilities in one single agent all backed up by the Custodian360 teams’ many years of experience in EndPoint protection

“Custodian360 provides us with a truly next generation EndPoint solution which saves us time, money and most importantly protects robustly from Ransomware and all methods of threat” 

“I would highly recommend Custodian360 to address your EndPoint protection and remediation needs. The roll back functionality is exceptional and the level of support from Andy and the team from pre-deployment right through to production has been excellent”

Steven Denver

Infrastructure Support