By Paul Young, Co-Founder & CIO NextSTOP Consulting
NextSTOP Consulting is presenting two of our Global Partners SaaS cybersecurity products as a dual SaaS based solution to two of today’s biggest cybersecurity threats, Phishing & Over-The-Horizon attacks. Together these NextSTOP Partner SaaS cybersecurity solutions address your organization's critical cybersecurity problems. This article looks at how these two products provide defense in depth.
Park Road Technologies MSP Security Awareness Platform:
Automated phishing tests with remediation training, detailed reporting and user direct response capability.
Park Road Technologies: A NextSTOP Global Partner Exchange Member
Red Sky Alliance’s RedXray:
External aggression monitoring against the “Castle” that’s not easily detected from “over the horizon” bad actors.
Red Sky Alliance’s RedXray: A NextSTOP Global Partner Exchange Member
The Combined Model:
In previous articles I described the castle and moat analogy when it comes to cybersecurity. Today, that approach while still fundamentally valid, is not effective without including Phishing & Over-The-Horizon monitoring functionality. The threat landscape has progressed to a point where not only cybersecurity technology must adapt depending on the enterprise’s risk tolerance but also corporate processes and behavior.
I personally believe in a zero-tolerance approach whenever practical! We must operate with the belief that perimeter defense layers may be breached. As a former COO/CTO & Founder of a Cloud Services Provider I always believed in tools that looked for niche anomalies in an automated way, especially those with AI and machine learning embedded in their construct.
The picture above illustrates this conceptualization:
a) The internal Castle grounds and also external attempts are well protected by ParkRoad against Phishing efforts.
b) Beyond the protected area into the surrounding hills or in the forests and “over the horizon” is protected by RedXray.
1) PHISHING SOLUTION: Park Road Technologies MSP Security Awareness Platform
An increasing number of bad actors begin their “offensive” operations with phishing. These attacks are much less expensive to launch but have become very sophisticated with the work-at-home paradigm necessitated by the Corona virus. These attacks have a goal of either stealing your end user’s personal information or targeting your company through newly hired teleworkers. These phishing attacks contain malicious payloads that can include:
a) Ransomware
b) Viruses
c) remote access trojans (RATs)
d) Remote Desktop Protocol (RDP) exploits.
The Rapid Deployment of new IT infrastructure is increasing your company’s risk
Unfortunately, hastily created IT infrastructures for remote work (including RDP access tools) are being deployed every day without the usual well-designed & tested cybersecurity protection. Many of my SMB compatriots have told me they are unable to procure enough laptops for every employee that is required to work remotely. This means teleworkers may be using their personal devices to connect into the corporate network. Those same devices, as we all know, are also being used for activities such as social media, shopping and streaming entertainment. As a result, they are far less protected by corporate cybersecurity solutions which makes them far more vulnerable to the malware being pushed by constantly updated and new phishing attacks.
Since these devices are connected to the home network an attack has multiple avenues of attack including:
● Other users computers
● Tablets
● Gaming systems
● IoT devices
At a critical time when IT staff are stressed out and overloaded with new responsibilities, the Park Road Technologies MSP Security Awareness Platform offering helps reduce your company’s IT costs and dramatically decreases your cybersecurity risk profile.
2) ANTICIPATE AND DETECT ATTACKS AND COMPROMISED DATA: Red Sky Alliance’s RedXray
Security tools need to recognize that an adaptive security model providing early anticipatory detection of compromises (e.g., RedXray) is necessary. It must continuously assess risk and monitor the entire web in real-time to hunt for your company’s data, as well as indicators that may compromise your company’s passwords, IP’s, data, etc.
With the mountains of diverse data traversing the web every second it is critical to look Over-The-Horizon to see both of the following:
● If there is any of my company’s data “floating” around in either/both the regular and/or the deep web.
● Potential attack scenarios as they are “forming”.
RedXray provides that functionality. RedXray’s AI-based solution will help your security teams quickly determine where they need to put their focus. While I was CCO at ClearObject we implemented a layered security strategy I refer to as "The Castle Model.” This strategy is an analogy for Cybersecurity, where the enclosed structure provides an area that is considered safe and protected as opposed to outside the fortress where you are open to potentially dangerous threats. RedXray allows you:
To know if any of your external contacts have been adversely effected. This can include but not be limited to suppliers, customers, partners, members, or other subsidiaries.
Determine if there are any potential unreported cyber threats that could pose an issue to your business or organization?
Determine if your subsidiary locations, members, or suppliers at risk?
Be notified of any potential threat in your enrolled named entities for any industry segment.
Give you another layer of protection without the need to connect to other networks.
To see who is at risk in your supply chains on daily basis and comply with NIST 800-171 standards. (NIST 800-171 refers to National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.)
An Affordable platform solution for small and medium businesses so that the protection you need doesn't outweigh resources and budgetary guidelines.
To receive Cyber threat notification services that send daily emails identifying potential issues to your business.
To operate from a single console that manages monitoring threats against your networks and supply chain. That can automatically notify you of any threats in your enrolled named entities pertaining to any industry segment.
Check out these offerings today!
Opportunity: Contact us for information on our uncapped SaaS-based Revenue Stream for these two SMB cybersecurity products
Please contact us if you, as an individual, or your company are interested in becoming a member of the NextSTOP Global Sales Alliance.
A Global Sales Alliance Partner MEMBER can participate in NextSTOP’s SaaS Finder’s fee program which can provide a recurring, uncapped SaaS-based revenue stream.
#cybersecurity #phishing