These blog posts and articles discuss the latest artificial intelligence trends and platform enhancements.

Outsmarting the Adversaries: How AI is Transforming Threat Detection & Response

/in , /by

Watch On-Demand


Event details:

Thursday, May 23, 2024
1:00 PM ET

Presenters:

Mark Sangster, VP, Chief of Strategy at Adlumin
Ben McPherson, Head of Solutions Engineering at Adlumin

About this Talk:

This webinar will explore how artificial intelligence (AI) is being used to revolutionize data security. Industry experts Mark Sangster, VP, Chief of Strategy, and Ben McPherson, Head of Solutions Engineering, will discuss how AI is addressing emerging threats in the cybersecurity landscape and Managed Detection and Response (MDR) space.

What you will learn:

  • How AI can analyze vast amounts of data to identify and predict security threats.
  • Different ways AI can be used to detect unusual user activity that might indicate a security breach.
  • Methods for how AI can be used to scan networks and systems for vulnerabilities.

As a thank you for joining our webinar, you’ll receive “The Ultimate Guide to Using Cybersecurity AI,” which includes key takeaways and recommendations for your security strategy. Additionally, one lucky participant will receive a $200 Amazon gift card.


Additional Resources





Unraveling Cyber Defense Model Secrets: Credential Harvesting and Insider Threats

/in /by

By: Bronwen Cohn-Cort, Data Scientist, and Shaul Saitowitz, Data Scientist

Welcome to the Unraveling Cyber Defense Model Secrets series, where we shine a light on Adlumin’s Data Science team, explore the team’s latest detections, and learn how to navigate the cyberattack landscape.

The Essential Role of Threat Detection

Threat detection is a critical component of an organization’s cybersecurity strategy. Requiring the combination of human expertise and machine learning, risk can be significantly reduced by identifying threats before a potential attack.

Many threats can go unnoticed for months or even years. In IBM’s latest report, it takes an average of 277 days for security teams to identify and contain a data breach, and the cost of a breach skyrocketed, reaching an average of $4.45 million. Given the extended timeframe it often takes to detect and contain a data breach, organizations must proactively implement measures to quickly respond to potential threats and reduce the risk of costly damages.

To effectively combat malicious activity in your environment, it can be challenging to stay on top of all the potential threats, particularly as it demands skilled professionals who can develop models to apply artificial intelligence. Setting up alerts for when suspicious activity is detected can help organizations quickly respond to potential breaches and mitigate the risk of further damage to their systems and data.

Critical Detections for Your Network Security

While there are many types of security threats and detections to consider today, we highlight credential harvesting and insider threats as two crucial ones to add to your queue.

Adlumin Data Science is rolling out alerts for credential harvesting and insider threats, each capable of warning against prevalent attack tactics within their domains by utilizing user and entity behavior analytics. These detections are crucial as they are often difficult for organizations to identify.

Credential Harvesting Detection

A credential harvesting alert addresses a post-exploitation technique to broaden network access. After gaining a foothold, this alert will notify an organization about suspicious activities related to stealing login credentials from a computer system. This information can then be used to access other systems, steal data, or even compromise an entire network.

Sources of stored credentials include files, databases, registry entries, and memory structures where login credentials are stored, whether in plaintext or encrypted form. Some of these locations include LSASS (Local Security Authority Subsystem Service), GPP (Group Policy Preferences), and web browsers that store passwords. Cybercriminals can use one of many tools or techniques to capture the stored credentials.

These include utilities like Mimikatz, Hashcat, and SharpChromium. Once the credentials have been extracted, the attacker harvests them for future use. Encrypted passwords can be cracked offline and then used to access other systems within the network, furthering the attack.

The detection exposes several credential dumping techniques and delivers background on the tool discovered. This allows prompt stoppage of the unfolding attack and helps protect business assets. The detection model should be updated regularly to keep up with new tactics and methods.

Credential harvesting poses a significant threat to organizations, leading to unauthorized access, data breaches, and financial loss. Setting up alerts for credential dumping processes is crucial as it enables early detection and swift response to mitigate potential damage. Organizations can protect their sensitive information, maintain operational continuity, and uphold trust with customers and stakeholders by efficiently enriching, containing, and recovering from such incidents.

Insider Threat Detection: Aggregating and Analyzing Widespread File Deletion

Some ransomware variants, like REvil, involve mass file deletion; in some instances, an unauthorized insider may gain permissions sufficient to mass-delete files. The Insider Threat model detects and alerts on cases of a user or attacker deleting an abnormally high number of files across many different subdirectories. Further analysis is conducted to filter out file extensions and locations that likely correspond to benign deletion activity. For example, a user emptying the Recycle Bin would not trigger an alert.

Setting up an Insider Threat alert uses a machine learning model to determine anomalies in the number of Windows Event ID 4663 (“An attempt was made to access an object”) events with Delete access permissions. A high quantity of these 4663 events in a half-hour period significantly deviating from the customer baseline is considered anomalous.

The table below displays partially redacted information from 4663 events associated with an alert. For each, it shows the time of the log message, the computer name on which it occurred, and which Object Name and Process Name were associated with the event. This table can be used to further investigate the deletion activity by reviewing the details of what computers, locations, and types of files were involved.

Following an alert, activity from the username(s) in question should be examined if a threat actor compromised a user account. Suspicious behavior may warrant disabling the account and quarantining affected computers from the network. Review user actions and run an anti-malware scan and vulnerability assessment to check if the threat actor has performed any other actions, such as creating a logic bomb or backdoor.

Insider threats pose a significant risk to organizations as they can result in data breaches, financial loss, reputational damage, and operational disruptions. Malicious insiders or compromised accounts can intentionally or unintentionally cause harm by deleting critical files, installing malware, or stealing sensitive information.

Setting up Insider Threat alerts, like the one described here, is crucial for detecting suspicious activities, such as widespread file deletion, in a timely manner. By observing user behavior, organizations can proactively identify and respond to potential insider threats, mitigating the impact of security incidents and safeguarding their assets and operations.

Experience The Innovations 

Here at Adlumin, we know how important it is to see everything in cybersecurity. That’s why we offer a customized Security Operations Platform and Managed Detection and Response services to give organizations a complete view of their IT environment. But we go further than that. We believe in the value of firsthand experience, so we invite you to explore our platform yourself with a guided tour.

See how our platform helps your team find and address threats by arranging a demo or trying out our platform for free. Join the tour and boost your organization’s visibility to a whole new level.

Explore the Platform

Boise ISSA Conference

/in /by

Join Adlumin during the 21st Annual Boise ISSA InfoSec conference, an immersive experience set against the scenic backdrop of downtown Boise, Idaho.

This event includes three dynamic keynote speakers who will illuminate the latest trends and developments in the cybersecurity realm. Delve deeper into the intricacies of information security through a wide range of educational sessions tailored to accommodate varying levels of expertise.

Dates: April 25, 2024
Location: Boise, Idaho

Contact: marketingevents@adlumin.com

View the Full Agenda

Interface Kansas City

/in /by

Join Adlumin during INTERFACE Kansas City 2024, where the dynamic landscape of IT Infrastructure presents new challenges daily.

From cybersecurity threats to advancements in AI and data storage demands, staying current is daunting. This conference offers a solution. Featuring top-tier hardware and software solutions and local experts, INTERFACE Kansas City provides education, guidance, and networking opportunities to help you navigate this evolving terrain.

With sessions on Information Security, Cloud, Disaster Recovery, and more, uncover the latest innovations and best practices to propel your organization forward.

Dates: June 6, 2024
Location: Overland Park, KS

Contact: marketingevents@adlumin.com

Learn More

ElevateIT Phoenix Technology Summit 2024

/in /by

ElevateIT provides a one-stop, all-inclusive experience which brings IT & IS practitioners together with experts and thought leaders throughout the country.

This premier conference brings together technology leaders, professionals, and enthusiasts to discuss emerging trends, best practices, and innovative solutions across various topics including cloud computing, cybersecurity, data analytics, and more. With engaging keynotes, panel discussions, interactive sessions, and networking opportunities, attendees can connect with industry experts, gain valuable insights, and explore the latest technology solutions and services from leading vendors.

Whether you’re a technology leader, professional, or enthusiast, this summit offers a chance to stay informed and enhance skills in the ever-evolving tech landscape.

Date: March 13, 2024
Location: Phoenix Convention Center, Phoenix, AZ
Booth: #501
Sponsorship Level: Breakout / Conference Exhibitors Sponsor

Speaking Session

Lessons Learned for Securing M365

Speaker: Jordan Gackowski, Senior Systems Engineer at Adlumin
Date: March 13, 2024
Time: 11 AM – 12 PM
Location: Tech Theater 3

Jordan works with customers every day to help monitor and secure their environments. Approximately 80% of his customers use M365, Hybrid, or some variation of those. In this talk, he will highlight and discuss some best practices and common configuration errors seen on a daily basis and help you address some potential risks to securing your M365 environment. If you don’t use M365, that’s ok! These concepts also apply to other platforms like Google Workspace and others.

Contact: marketingevents@adlumin.com

View the Agenda & Sessions

KB4-CON 2024: Securing the Future: AI and the Human Layer

/in /by

Come visit Adlumin at KB4-CON 2024: Securing the Future: AI and the Human Layer.

Hear from Adlumin’s Mark Sangster, VP, Chief of Strategy, on Monday, March 4th from 2-2:45 PM during his speaking session, “Cyber Rosetta Stone: Using Tabletops to Engage Executives in the Cyber Risk Conversation.”

KnowBe4’s premier annual conference unites customers, channel partners, security advocates, keynote speakers, and industry experts. Featuring a blend of in-depth product sessions and cutting-edge security presentations, attendees gain actionable insights to immediately implement in their organizations.

Dates: March 4-6 2024
Location: Orlando, FL

Speaking Session

Cyber Rosetta Stone: Using Tabletops to Engage Executives in the Cyber Risk Conversation

Speaker: Mark Sangster, VP, Chief of Strategy at Adlumin
Date: March 4, 2024
Time: 2:00 PM – 2:45 PM

The biggest barrier to the cyber risk discussion is the language we use to talk about cybersecurity. Tabletop exercises, when done right, can be the Rosetta stone needed to translate the ones and zeros of security to the dollar and cents of financial and reputational losses. Join cybersecurity author and expert, Mark Sangster, as he identifies the pitfalls of tabletops, and builds a simple framework to bring executives and security leaders to the table to collaborate, reduce business risk, and prepare for an inevitable cyber incident.

Contact: marketingevents@adlumin.com

View the Agenda & Sessions

The Ultimate Guide to Using Cybersecurity AI

/in , /by

The rise of artificial intelligence (AI) has significantly altered the way IT security experts approach cybersecurity. Our new guide outlines the benefits of integrating AI into your cybersecurity plan and showcases four stages of AI advancements in cybersecurity. It provides organizations with useful information on Adlumin’s recommendations for responsible AI integration.

Read more

Penetration Testing as a Service vs. PenTesting

/in /by

By: Brittany Holmes, Corporate Communications Manager 

Penetration testing is a vital part of cybersecurity strategies for organizations, helping them identify vulnerabilities in their systems, networks, and applications. Organizations have relied on traditional penetration testing methods, where a team of experts conducts the tests on-site. However, with the rise of technology and cloud-based services, a new approach has emerged – Penetration Testing as a Service or PTaaS.   

This blog discusses the differences between conventional penetration testing and penetration testing as a service, comparing each method. By understanding the differences, organizations can make informed decisions when choosing the right approach for their security needs. 

What is Penetration Testing as a Service (PTaaS)? And how is it different? 

Penetration testing as a service is a revolutionary cybersecurity approach that is gaining popularity. Unlike traditional penetration testing methods, penetration testing as a service takes advantage of the cloud and offers on-demand accessibility, making the entire process more efficient and seamless.  

With penetration testing as a service, organizations can securely access the testing platform through the cloud, eliminating the need for manual setup and configuration of testing environments. This significantly speeds up the testing process and allows for greater scalability since the necessary resources can be easily allocated as needed. 

Additionally, penetration testing as a service employs automation and machine learning technologies to enhance the testing process. These technologies can assist with scanning for vulnerabilities, analyzing results, and even suggesting remediation steps. As a result, it can offer more accurate and comprehensive testing, saving time and effort for organizations. 

To further investigate what solution is best for your organization, let’s explore the differences:  

Who conducts the penetration test? 

Penetration Testing:  

Penetration tests are typically conducted by specialized cybersecurity professionals known as ethical hackers or penetration testers. These individuals have extensive knowledge and experience in identifying and exploiting security vulnerabilities. They follow a systematic approach to test the effectiveness of an organization’s security controls and identify areas where improvements are needed.  

Penetration Testing as a Service: 

Many organizations choose to engage in external penetration testing services provided by third-part services, such as Managed Detection and Response (MDR) providers. These providers have specialized expertise and access to advanced tools and techniques that can comprehensively assess an organization’s security posture. 

How long does a penetration test take? 

Penetration Testing:  

The duration of a penetration test can vary depending on the availability of resources and information, the test’s scope, or the target system’s complexity. On average, a penetration test can take anywhere from a few days to several weeks to complete.   

Penetration Testing as a Service:

With penetration testing as a service, the testing is run based on your convenience or when your team wants to schedule them. Moving penetration tests to ‘as a service’ eliminates needing someone to manually set up pen tests. Instead, they can be scheduled to run on a regular basis or when you want, allowing for consistent assessments and updates. This means the duration can be longer than a one-time conventional test, but it provides more comprehensive and up-to-date security coverage. 

Will there be communication between an organization and the penetration testers? 

Penetration Testing:

During a penetration test, the communication between the penetration testers and the internal team can vary based on the policies and procedures of the organization. In some cases, there may be little to no interaction between the two groups, with the penetration testers working independently and providing updates only to a designated point of contact, such as a project manager. 

Penetration Testing as a Service: 

Two options are offered: the organization runs the tests independently, or an MDR provider manages the tests through a Progressive Penetration Testing Program  

Utilizing an MDR provider allows for seamless and direct communication between internal teams and penetration testers throughout the project, resulting in a more streamlined process. By eliminating unnecessary mediators, the exchange of information becomes more efficient and effective. 

The close collaboration enables any friction or misunderstanding to be promptly addressed, clarified, and resolved during the penetration test. This not only ensures a smoother workflow but also allows for quicker resolution of any issues. 

Additionally, it provides a valuable opportunity for the organization’s employees to enhance their skills by working alongside penetration testers. By actively participating in the penetration testing process, they can gain valuable insights and knowledge, ultimately improving their capabilities in cybersecurity. 

When can I see the results? 

Penetration Testing:  

One of the significant limitations of traditional penetration tests is the delayed communication of results. Typically, the findings are only conveyed at the end of the tests. Consequently, potentially crucial vulnerabilities may remain unaddressed for extended periods, ranging from days to even weeks. 

Penetration Testing as a Service:   

When a penetration tester detects a vulnerability, the platform immediately notifies the organization. This real-time alert allows internal teams to address the issue promptly, even before the penetration test is complete. Organizations can deploy patches and test them against cybercriminals without the need for another round of testing.  

This continuous reporting system, coupled with the ability to collaborate with penetration testers, enables the organization’s IT team to gain valuable insights into the remediation of vulnerabilities. 

Penetration Testing as a Service vs. PenTesting 

Penetration testing as a service offers organizations an affordable and convenient solution for assessing their cybersecurity vulnerabilities. Organizations can quickly identify and mitigate potential threats with on-demand access to human-led penetration testing combined with automation. It also provides continuous monitoring and real-time reports for faster resolution. This approach ensures higher accuracy and data analytics and makes penetration testing more accessible and cost-effective compared to traditional methods. By illuminating potential risks, penetration testing as a service enables organizations to adopt effective defenses and enhance their security posture. 

Ultimately, the choice between penetration testing and penetration testing as a service depends on an organization’s unique needs and financial resources. Traditional penetration testing may be ideal for certain tasks, but it is crucial to assess the areas where assistance is needed and select the most appropriate option to meet the organization’s security requirements. 

Stay Informed

Subscribe to Adlumin’s blog series and gain access to actionable advice and step-by-step guides from cybersecurity experts.



N-able Empower Conference

/in /by

Join Adlumin during the N-able Empower Conference for three days of tailored experiences designed to inspire transformation and foster innovation.

  • Executive Leadership: Navigate unique challenges faced by leaders seeking to enhance enterprise value for their organizations. Topics cover defining and measuring success, differentiating strategies employed by the best, identifying emerging market opportunities, optimizing go-to-market models, leveraging growth levers, and effective team building.
  • Service Managers & Operations: Delve into issues pertinent to those shaping service packages and ensuring top-notch delivery. Topics include exploring market opportunities, learning from industry leaders, and addressing staffing considerations during scaling.
  • Technicians: Deepen your understanding and utilization of key technologies and products to achieve best-in-class performance. Topics cover in-depth exploration of key use cases, staying abreast of emerging technologies such as RPA and AI, and strategies for adding value to your organization.
  • Sales & Business Development Professionals: Challenge conventional wisdom to boost revenue and foster growth. Topics include innovative approaches employed by top MSPs to drive growth, effective measurement of success, and insights into building a successful sales team.

Dates: March 25-28, 2024
Location: Omni PGA Frisco Resort, Frisco, TX

Contact: marketingevents@adlumin.com

View the Full Agenda
Adlumin Cybersecurity

Headquarters (N-able)
30 Corporate Drive, Suite 400
Burlington, MA 01803
USA
(202) 570-7907

Get a Demo Free Trial Contact Adlumin
Adlumin Inc 5000

Privacy Policy  Sitemap  GDPR Privacy Notice

GDPR Data Processing Addendum  GDPR Privacy Request Form

Copyright 2024 Adlumin, Inc. All Rights Reserved