Every year I go to about a half a dozen industry events looking for technology that will benefit our clients. Most technology I see doesn’t provide a compelling benefit for our clients. Every show I usually come back with at least one technology we try out in our lab, and if it works in the lab, we deploy it to our production network. If we see the value in the production network, we push the technology out to our clients. This vetting process results in one or two new technologies getting released to our clients per year. Most of these changes are transparent to our clients, but sometimes the technology presents itself to the client.
Third Wall is one of the new technologies we deployed in the last year that makes itself visible to our clients. Third Wall works in conjunction with our remote management and monitoring (RMM) tool. By leveraging the scripting engine in the RMM, Third Wall adds security features that we have been in search of. After a brief lab test, and use on our network, we quickly determined the value of Third Wall to our clients and pushed it to our larger clients immediately. By the end of December, the tool had been deployed to all of our clients.
What security tools does Third Wall give us that are important to secure our clients? Here's a short list of what it can do for our clients:
The new tools allows us to respond faster to possible malware attacks by learning about them faster. By responding faster, we are able to stop an attack before it can do a lot of damage. Many clients reported seeing the Third Wall “canary” files appearing in their documents folder. The Third Wall “canary” files are monitored, and if they are modified, Third Wall issues an alert that there is a possible crypto locker attack underway. We check it out, and if an attack is underway we are able to use the Third Wall “isolate” tool to remove the computer from the network. The faster we are able to begin the battle against a crypto-locker attack, the less damage is done, and the time is spent is remediation. These tools allowed us to stop an in progress crypto-locker attack at a client last fall reducing the amount of damage caused by the attack.
Many of our clients have transitioned to mobile devices, laptops and tablets, for their primary business computer. With the risk of loss or of being stolen, these devices present a special security challenge. One of our clients recently reported that one of their laptops had been stolen out of a car. With Third Wall we were able to issue an “annihilate” command which will wipe out the data, programs and operating system on the laptop upon its next reboot. The command got issued, and the laptop is now a paperweight.
The other tool that has allowed us to better protect our clients is a tool that monitors failed logins over a period of time. Criminals using brute force attacks have modified their software to cycle through lists of possible usernames and passwords before triggering the built in Microsoft account blocking feature. With the criminal’s smart software, the alerts we expected from these attacks never got generated. With Third Wall we are able to set a threshold based on the total number of logon failures in a period of time, so the new types of attacks are quickly revealed. Since activating Third Wall in December, we have stopped two in-progress brute force attacks on clients before they were able to compromise the client’s systems.
With the rapidly changing security environment, DeckerWright will constantly be looking for and deploying the latest technology to safeguard our client’s systems and data.
Click HERE for more details.