How Syxsense Would Respond to the Florida Water Poisoning Attack
After the attempted water poisoning cyberattack in Florida, cybersecurity experts are advising IT departments to take action.
Hackers Attempt Poisoning in Florida
Last week an unidentified attacker gained access to a water treatment plant’s network and modified chemical dosages to dangerous levels.
The FBI has issued an alert on Tuesday, raising attention to three security issues that have been seen on the plant’s network following last week’s hack. In these cases, the FBI recommends a series of basic security best practices as an intermediary way to mitigate threats.
Using Syxsense Secure, you can verify your governance against these FBI recommendations, along with resolving any issues discovered as part of this vulnerability scanning exercise.
Rob Brown, Chief Customer Success Officer at Syxsense said, “Obsolete software or unpatched devices provide one of the most serious concerns to the Security Chiefs of companies worldwide. Many of our customers are saying the unpatched laptop may become the next big weaponized threat. They are using Syxsense Secure with the hyper-automation of Syxsense Cortex to return their users safely to the office or isolate those devices if they are unsafe.”
The FBI Recommendations
1. Use multi-factor authentication
In addition, other security settings are enabled by default such as email notifications upon login to the console and auto logout following a period of inactivity. Whitelisting is an option for anyone using static IP address, and geographical protection can be enabled to restrict access to your Syxsense console based on country.
2. Use strong passwords to protect Remote Desktop Protocol (RDP) credentials
With Syxsense Cortex, you can discover all systems with Remote Desktop Protocol enabled without the required “strong passwords”. Syxsense Cortex can detect and notify through email any systems which do not meet this requirement.
3. Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure
The Syxsense Secure vulnerability scanner can provide an independent audit to the health and status of the most popular anti-virus and anti-spyware programs, and where needed, update those system automatically to protect the devices.
4. Audit network configurations and isolate computer systems that cannot be updated
Based on the detected vulnerable status of devices, Syxsense Cortex can automatically quarantine the device, isolating it from the network and preventing the device from being a threat.
5. Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
There are many types of ports scanned using Syxsense Secure. Based on those detected, you can report on the devices or take action such as enabling local firewalls or reconfiguring the operating system using Windows Powershell.
6. Audit logs for all remote connection protocols
Syxsense Secure provides real-time access to the Windows Application, Event, System and Security event logs.
7. Train users to identify and report attempts at social engineering
From customizing different computer desktop backgrounds, to customizable end user message prompts; Syxsense Secure and Syxsense Cortex can help users thwart mistakes made at the endpoint. All tasks performed by Syxsense can use a corporate logo and custom messages.
8. Identify and suspend access of users exhibiting unusual activity
Untrusted applications, processes, or multiple login attempts can disable local accounts automatically and provide email alerts to automated helpdesk systems. Syxsense Secure comes with a built-in alerting system so that you can never miss them.
9. Keep software updated
Whether your devices are local, remote, or at home, you can trust Syxsense to update your software or notify you when obsolete software has been found.
Experience the power of Syxsense Cortex, free for 14 days.
Syxsense Cortex is included with Syxsense Secure. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.