Cybersecurity: Essence of Threat Intelligence & Protection Software in your IT environment

…to protect your IT assets, invest in endpoint security solution

The screenshot below is a threat intelligence report sent by an Advanced Threat and Protection (ATP) Software implemented at the endpoint of a cloud environment.

The essence of the #ATP is to monitor any threat attempt within an email exchange environment and block them automatically, depending on how the ATP is configured.

Now let’s analyze what happened here:

An attacker using a legitimate email source, carefully attached a Trojan horse to an email and dispatched it to a user within the cloud environment (organization). The Trojan is in the form of a mail attachment, please note the file name order.7z.exe (malware). This is why we advised that you carefully check file attachment in your email before opening. An .exe file extension tells that the file is an executable programme, and not a word document, PDF or a picture.

What is the attacker’s intention?

Once you open the attachment, it runs the Trojan program and installs itself into your system without your knowledge — this happens in stealth mode. The Trojan then checks your entire computer system for vulnerability to exploit.

ATP in Action:

So long as an active ATP is resident in your cloud environment, it watches for threat for you. Here, my ATP detected the attacker’s email with a Trojan (malware) and automatically stopped the email from being delivered to the intended recipient and deleted the attachment. Further, the ATP blacklisted the sender from sending email again to any user within our domain. Next, the ATP sent a report about the threat found and the action it has taken. It further gives me details of the sender should I want to carry out forensic to determine the sender.

This is what Cybersecurity entails. Pay attention to the confidentiality, integrity and availability (CIA) of your personal information.

#Staysafe

~ Destiny Young