EDR, XDR, and MDR are essential tools for detecting and responding to attacks on your data stores and endpoint devices. With EDR, you can identify attacks against your stored data, and with XDR, you can detect and respond to user behavior on endpoint devices. Now with MDR, you can gain always-on real-time monitoring and response to attacks. These tools are essential for protecting modern networks and your critical IT infrastructure.

Endpoint detection and response (EDR) solutions are critical to protecting organizations from cyberattacks. EDR solutions can detect malicious behavior by threat actors and block attacks before they reach your organization’s critical data and processes. However, many organizations do not have an EDR solution in place. This article will discuss why you need EDR and what XDR is. We will also discuss how long you can wait to implement MDR.

EDR (Endpoint Detection and response) for business systems is becoming more prevalent in organizations as they offer advantages over traditional network security and monitoring solutions. EDR devices can capture and store information related to incidents, such as user activity and system events, for future analysis. This data can help identify malicious actors, intrusion points, and critical data to prevent future attacks.

Are you covered against every type of cyberattack?

The days of solely relying on signature-based antivirus (AV) to protect your organization from malware are long gone. To properly defend against modern threats, you need a comprehensive endpoint detection and response (EDR) solution.

Modern malware can evade traditional AV solutions easily, especially when assisted by human threat actors. So, continuous monitoring becomes more important to have in place to detect zero-day attacks and other malware variants. Implementing an Extended Endpoint Detection and Response system can be complex and time-consuming, plus critical components can be left unprotected without the proper understanding and expertise in configuring the EDR platform. Managed security services providers (MSSP) offer comprehensive EDR implementation solutions, including post-installation, detection, and response capabilities.

An extended endpoint detection and response (XDR) solution is integral to a comprehensive security strategy, but what do you need to implement a proper XDR solution today?

Protecting against sophisticated cyberattacks.

First, you must define your goals and objectives, identify your environment, and assess your risk. In much the same way you determine critical systems and infrastructure for backups and firewalls in the past, our team works with you to define the impact zone and weak points that are critical to real-time operations.

Next, you need a platform to detect and respond to threats on endpoints across your organization. This platform should include features like real-time visibility into endpoint activity, identification of malicious files and processes, and the ability to take action when threats are detected.

Now that you’ve planned and executed your EDR or XDR deployment, you need to sift through the data feeds from trusted sources to help you identify threats. These data feeds can come from your security infrastructure, including firewalls, intrusion detection and prevention systems (IDS and IPS), SIEM (security information and event management), and endpoint protection solutions. They can also come from public threat intelligence sources, such as the national and international cybersecurity centers, which provide information on cyberthreats targeting businesses worldwide.

Finally, with mountains of data, and an XDR solution that is up to the task of protecting your business, you need to train your team to be well versed in identifying high-risk activities and changes in your environment. Not just any team, though; you need a highly trained team ready to monitor and adjust security as needed. A team that responds at a moment’s notice 24 hours a day, seven days a week, including holidays. Malware and threat actors don’t take a vacation, and neither can your team of superheroes.

Don’t be left unprotected.

Implementing a proper managed extended endpoint detection and response solution to meet your needs with easy-to-manage EDR software to protect your business against data loss and prevent attacks requires a full-time threat intelligence service. With a managed security service provider (MSSP) and a 24/7 network and security operations center (NOC and SOC), you can protect your organization from cyberattacks and data breaches. Implementing an extended detection and response solution is more critical than ever for any organization. By doing so, you can improve your security posture and protect your business from malicious actors. To get the most out of such a solution, you need a partner with the right team to scale with your needs and your business to offer comprehensive coverage and support.

Exceed Consulting works with you to protect your critical systems, so they are there when you need them the most.

With the latest round of problems impacting the globe, we see a rise in attacks against many countries. Specifically, the United States has returned to the top 5 list of cyber threat targets. That’s not to say China, Russia, and others aren’t also in the mix.

As a security-focused company, the team at Exceed considers your security a key component in maintaining a safe and stable environment for our customers and partners. Among the specific indicators, we monitor activity reports indicating attacks originating from anonymous sources, alerts from our security analysis applications, and more defined attacks such as APT (Advanced Persistent Threat) from nation-states or those acting on behalf of nation-states. Cyber attacks are increasing in frequency and sophistication, and that’s why we continue to invest in security intelligence, threat monitoring, and incident response. It’s our job to help you keep your information secure.

We are continuously determining new strategies to mitigate risks to our products and our infrastructure, and we will continually augment our security measures to increase protection for our clients. The best way to protect yourself is to act proactively. We know that security is a critical issue for all industries, and we regularly evaluate new technologies and approaches to reduce risks to your information. In the meantime, we hope you’ll look at our resources and services.

We recommend the following steps:

• Teach your team about the risks involved after being phished or engaging in social engineering attacks.
• Establish two-factor authentication on all critical accounts used by your team or you.
• Make sure that data and communications systems at your company are safe. Attackers may be planning to use your systems as a pivot point to attack your clients.
• Make a point of watching your entire system with added focus on the security logs.
• Monitor for new files appearing that your staff didn’t create.
• Monitor financial activity in your organization to stay ahead of fraud attempts.
• It’s crucial to ensure that PII (personally identifiable information) is well guarded, especially in your HR systems.
• “Watch for the weird” Encourage open communication; at a minimum, you’ll have an interesting conversation—and at worst, you may help prevent an attack.
• Adopt a sufficiently suspicious approach.
• Did you receive an email from a vendor about an unpaid invoice? Call the vendor back to confirm.
• Did a customer call you for sensitive information? Email them back using a known email address to confirm the request.
• Remember to confirm requests using a different known contact method.

Exceed Consulting is here to answer any questions you might have. We sincerely hope for a quick and safe resolution to the current global state of heightened alert before it worsens.

We are always concerned for all individuals affected by this serious matter.

With reports of travel restrictions opening up and another travel season approaching, don’t forget to restrict your data usage while traveling. Many mobile plans charge much more when traveling outside your regular network, especially to other countries. Protect your mobile phone budget by adjusting your data usage while traveling.

Note: The steps below may vary somewhat for different versions of Phone Operating Systems

If you do not want to receive your email automatically: 

Disable your device’s auto-check functionality. You may wish to use Wi-Fi to supplement Phone Data Plans to download and manually check email. Free Wi-Fi is available in many domestic and international airports, hotels, and restaurants.

• iPhone Users:
• To turn off the auto-check functionality, tap on Settings>Mail, Contacts, Calendars>Fetch New Data.
• Toggle “Push” to “OFF,” and under “Fetch,” select “Manually.”
• Android Users:
• Select: Settings > Accounts and sync > Manage Accounts.
• Un-check “Auto-sync” to cancel all auto-sync functions (email, weather, stock quotes, etc.) or select the specific account and uncheck sync options.
• Users of Other Devices: Consult your user guide.

If you want to place calls but not use data

The setting for international data roaming will typically be in the “OFF” position. To verify the settings on your device before traveling abroad. Turning data roaming “OFF” will block email, browsing, visual voicemail, and downloads, but it will NOT block text messages. International roaming rates apply when traveling outside of the United States when you send text or picture/video messages.

• iPhone Users:
• Tap on: Settings>General>Network> Data Roaming (toggle to “OFF”).
• Android Users:
• Tap on: Settings>Wireless and network>Mobile networks>Data roaming (uncheck it).

Information

What is a ‘Push’ Email?

Email that is ‘pushed’ or downloaded automatically to your device.

Why would you turn Email Push off?

Email Push can be disabled to prevent unwanted data roaming charges while traveling.

If I turn Email Push off, when will I receive my email?

By turning this feature off, you will only receive an email when you launch your email application.

Tip: For large files, save by opening your email app until you’re on Wi-Fi to download.

Returning from Vacation

• iPhone Users:
• To turn on the auto-check functionality, tap on – Settings>Mail, Contacts, Calendars>Fetch New Data.
• Toggle “Push” to “On,” and under “Fetch,” select “Every 15 Minutes.”
• Android Users:
• Select: Settings > Accounts and sync > Manage Accounts.
• Check “Auto-sync” to allow all auto-sync functions (email, weather, stock quotes, etc.) or select the specific account and check sync options.
• Users of Other Devices: Consult your user guide.

This article was originally posted on July 5th, 2017. Additional information was added on January 21st, 2022.

Barracuda Email Security Service provides site-to-site encryption for your messages. Exceed Consulting makes the process easy by configuring rules and tags within the Barracuda Spam Firewall to review your email for sensitive terms. The Barracuda Spam Firewall uses SMTP over TLS and AES with 256-bit keys encryption to protect outbound email. Today’s tip will explain how to tag an email for encryption with the Barracuda Email Security Service provided by Exceed Consulting.

To start the secure email process, add the <encrypt-msg> tag anywhere in your message.

We recommend making a copy of your primary signature and placing the tag below your signature in the new signature for ease of use.

Now sending a secure email will be as easy as changing signatures.

When you send an encrypted email, the recipient will receive an email similar to the one shown below.

Clicking this link will take you to the Barracuda Email Encryption Service.

The long link in the email will take the recipient to the login page for the Encrypted message service.

If the recipient has not logged in before or has lost their password, they will need to click Forgot your password? to set a password.

Barracuda will send a password reset link to the account’s mailbox.

Once logged in, the recipient can read and respond to the encrypted message or print and download the message.

Downloading and saving the message is required to keep the messages since delivery to your mailbox isn’t an available option here.

Deleting is possible also, but be careful there is no restore function.

Barracuda stores messages in the Encrypted Message Log for 30 days.

Settings allow changing of your Encrypted Message Service password.

Exceed Consulting is available to assist you with your email security needs.

Filter your browsing content

Many firewalls, including Barracuda NextGen Firewalls, provide web content filtering from harmful sources. Stand-alone web filters are available as hardware and software if you already have a good firewall. We can assist you in implementing solutions with Cisco Umbrella, Barracuda Web Security, and others.

Use Protection

Get yourself a proper antivirus application. There are many suitable antivirus applications available, some are better than others, and some provide a better fit for your needs and budget. BitDefender, Avira, AVG, and Avast all work well, but we rely on the end-to-end protection of VIPRE on a daily basis.

Be aware

Don’t click on links or attachments in your email. Especially important if the sender appears to be you or someone you know that wouldn’t be sending this material. Just click the delete button. Fake invoices and shipping notifications are standard attachments used to trick you into infecting your computer.
Disable preview mode. Email applications like Outlook, Thunderbird, eM Client, and others often automatically load attachments for your convenience – this loading process can automatically launch a virus. Contact us if you need assistance disabling preview in your email program.

Take a look

What do you do if you receive an email that seems fishy, but you were expecting a message from the person or company? Copy part of the message that doesn’t contain links into the search box at https://www.google.com/ Scammers and spammers love to reuse text; this can benefit you in detecting their tricks. The search results should return many examples of other spam attempts, but don’t click the links in the search results.

Be cautious

If the email seems unusual, especially if it is a company you do business with, the email is probably fake. Scammers and spammers often use trusted addresses to gain access to your PC.
Businesses should never request sensitive information via email. Even if they make such a request, be smarter than them and don’t use email to transfer sensitive data like passwords.

Drive safely

Be careful when using USB drives. Just as an actual virus can jump from person to person, the install process and handshake used to connect a USB drive to a PC can transfer a virus to or from a PC to spread. Most antivirus programs can check USB drives when they connect; please let the antivirus scans run and complete. Please never plug in a USB drive or flash card you don’t trust or “just found somewhere.”

Stop with all the pop-ups

Pop-ups aren’t just annoying; they can often be misleading and dangerous. The primary concern is when a pop-up starts an installation process or mimics a known and trusted application. Rather than trusting the pop-up, contact your system administrator and close the window. Do not click OK, Apply, Continue, or whatever button the pop-up asks you to click. Start a full scan for viruses while you or your system administrator investigate. Better safe than sorry.

An ounce of prevention

Your protection is excellent, but what if you make a mistake? First, it is better to have a message re-sent than getting an infection. Web filters, antivirus, and anti-malware tools catch most malware that fools the human eye. Contact us today to build your layered solution with VIPRE, Cisco, and Barracuda protection.

Plan B (for Backup)

So you did all this, and something still got through – now what?!? Time to pull out the backups. Before getting infected, ensure you have a reliable backup solution, appropriately scheduled and ready to recover. Your system administrator can assist you with configuring and testing your backup solution.