Every year Marshall Wright goes to about a half a dozen industry events looking for technology that will benefit our clients. Most technology I see doesn’t provide a compelling benefit for our clients. Every show I usually come back with at least one technology we try out in our lab, and if it works in the lab, we deploy it to our production network. If we see the value in the production network, we push the technology out to our clients. This vetting process results in one or two new technologies getting released to our clients per year. Most of these changes are transparent to our clients, but sometimes the technology presents itself to the client.
Third Wall is one of the new technologies we deployed in the last year that makes itself visible to our clients. Third Wall works in conjunction with our remote management and monitoring (RMM) tool. By leveraging the scripting engine in the RMM, Third Wall adds security features that we have been in search of. After a brief lab test and use on our network, we quickly determined the value of Third Wall to our clients and pushed it to our larger clients immediately. By the end of December, the tool had been deployed to all of our clients.
What security tools does Third Wall give DeckerWright that are important to secure our clients? Here’s a shortlist of what it can do for our clients:
- The ability to pull data on used logins and logouts.
- The ability to isolate computers from the network.
- The ability to “annihilate” a lost or stolen computer/laptop.
- An alternative method to control access to social media and webmail.
- The ability to get an early warning on possible crypto-locker attacks.
- The ability to get an early warning on possible brute force attacks.
The new tools allow DeckerWright to respond faster to possible malware attacks by learning about them faster. By responding faster, we are able to stop an attack before it can do a lot of damage. Many clients reported seeing the Third Wall “canary” files appearing in their documents folder. The Third Wall “canary” files are monitored, and if they are modified, Third Wall issues an alert that there is a possible crypto locker attack underway. We check it out, and if an attack is underway we are able to use the Third Wall “isolate” tool to remove the computer from the network. The faster we are able to begin the battle against a crypto-locker attack, the less damage is done, and the time is spent in remediation. These tools allowed us to stop an in-progress crypto-locker attack at a client last fall reducing the amount of damage caused by the attack.
Many of our clients have transitioned to mobile devices, laptops, and tablets, for their primary business computer. With the risk of loss or of being stolen, these devices present a special security challenge. One of our clients recently reported that one of their laptops had been stolen out of a car. With Third Wall, DeckerWright is able to issue an “annihilate” command which will wipe out the data, programs, and operating system on the laptop upon its next reboot. The command got issued, and the laptop is now a paperweight.
The other tool that has allowed us to better protect our clients is a tool that monitors failed logins over a period of time. Criminals using brute force attacks have modified their software to cycle through lists of possible usernames and passwords before triggering the built-in Microsoft account blocking feature. With the criminal’s smart software, the alerts we expected from these attacks never got generated. With Third Wall, we are able to set a threshold based on the total number of login failures in a period of time, so the new types of attacks are quickly revealed. Since activating Third Wall in December, we have stopped two in-progress brute force attacks on clients before they were able to compromise the client’s systems.
With the rapidly changing security environment, DeckerWright will constantly be looking for and deploying the latest technology to safeguard our client’s systems and data.