Cybersecurity professionals are probably going through a challenging time in their careers. As a result of the Russian invasion of Ukrainian soil, hacking activities have skyrocketed. The cyberwar has begun. It is our responsibility to ensure our and our customers' assets are managed, monitored, and equipped with the necessary tools to protect their endpoints against potential threats.
It is our goal at Advantio to ensure our assets are protected from new threats that emerge every day. Our previous blog (9 Step Action-Plan to Reduce Cybersecurity Risks Arising From the Russian War Against Ukraine) outlined our initiatives to support other organizations and how we are conducting numerous risk assessments and implementing new initiatives every day.
As a multinational with a strong presence in Ukraine, we want to make sure our Ukrainian colleagues are also provided with adequate, and often bespoke, security controls. Below is a summary of all the recent measures we’ve taken.
Endpoints Protection
We are adding new IOCs to our regular EDR function, which is used by our SOC and security professionals to provide the MDR service internally at Advantio. This ensures specific malware and tools are identified even faster than our malware protection technology. Threats like 'HermeticWiper' and its variants, or the newer Daxin tool, require special attention.
Additionally, we have strengthened our web filtering policies to block traffic to and from all Russian DNS tracked sites. It might seem extreme, but the purpose of this is only to remove uncertainties from our risk assessment, even temporarily.
Each of our installed endpoints has been manually validated for integrity, and the operating system policies have also been restricted for specific critical endpoints, such as disabling USB ports.
Company Content Management and Monitoring
We have requested a "cloud-only" approach from several individuals, thus prohibiting operations on company and customers' content on local disks. We do this to limit the presence of potentially compromised content on local storage devices.
Dedicated alerts have been implemented to monitor this initiative so our SOC can be informed of any violations and assist our colleagues in implementing these best and temporary practices.
Continuous Education
Our security specialists keep an eye on intelligence feeds and additional resources to make sure our security controls are adequate to protect our organization and our customers. Take a look at the NSA's newly adopted best practices regarding Network Infrastructure.
We are offering the Advantio MDR (Managed Detection and Response) service FREE* until the end of May 2022. Reach out to us now and start protecting your business.
* While we strive to help everyone, our capacity is limited. We will work on a first-come-first-served basis, and our existing clients will be given priority.