{"id":2420,"date":"2020-06-04T17:03:10","date_gmt":"2020-06-04T16:03:10","guid":{"rendered":"https:\/\/www.adarma.com\/?p=2420"},"modified":"2023-08-17T09:26:40","modified_gmt":"2023-08-17T09:26:40","slug":"adarma-soc-during-covid-19-disruption","status":"publish","type":"post","link":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/","title":{"rendered":"Adarma SOC During Covid-19 Disruption"},"content":{"rendered":"

Adarma Managed SOC response to Pandemic related business transformation and WFH challenges<\/strong><\/p>\n

The Covid-19 pandemic has caused unprecedented business disruption and change. This has resulted in increased security risks as businesses adjust to new ways of remote working. Couple this with threats that are constantly changing and clear intelligence on new Covid-19 related phishing and malware attacks, we see risks increase further.<\/p>\n

The modern Security Operations Centre (SOC) is a key component of the cyber Resilience framework for enterprise organisations. In light of the challenges most businesses are facing relating to remote working, The Adarma SOC team is creating and rolling out working from home (WFH) use cases to help our customers adapt to the new ways of working brought about by the Covid-19 pandemic and new threat vectors.<\/p>\n

Rory Shannon, Director of Managed Services for Adarma commented \u201cRemote working has its benefits for most however, presented with an extended level of freedom and independence as well as reduced influence of cultural norms and behaviours, staff may be more likely to stray from organisational processes and working practices that exist. The traditional working environment encourages adherence of cyber hygiene and organisational policy by default and it\u2019s important that organisations support their staff in maintaining security best practices.<\/p>\n

Our customers are addressing new challenges associated with quick adoption of an enterprise-wide working from home model and we are doing everything we can to support them during this time. \u201c<\/p>\n

The influx of remote users during standard business-hours puts a strain on various online-services which provide essential functions, such as communication, collaboration, authentication and remote access. We have developed use cases and threat hunts around these in terms of confidentiality, integrity and availability (CIA) in these key areas.<\/p>\n

Virtual Private Networks (VPNs)<\/strong><\/p>\n

Adarma has created bespoke WFH Traffic Dashboards for customers to monitor client remote access and related infrastructure on a regular basis in order to identify any control gaps across the relevant services as well as custom threat hunts.<\/p>\n

\"\"<\/p>\n

If VPN\u2019s are at capacity and are disconnected temporarily as they struggle to cope with the sudden rise in demand, this could leave company assets vulnerable to staff looking for insecure workarounds. We monitor VPN usage, capacity and availability in a number of ways including;<\/p>\n

\u2022 Predicting the future bandwidth required, based on historic log analysis
\n\u2022 Monitoring actual VPN session count
\n\u2022 Monitoring terminated VPN sessions in the last 4 hours
\n\u2022 Monitoring failed VPN logins
\n\u2022 Searching for distinct users who have logged into VPN from multiple IP addresses
\n\u2022 Searching for multiple users logging into VPN from a single source IP address<\/p>\n

Collaboration tools<\/strong><\/p>\n

Microsoft Teams has recently proven to be one of the most popular WFH applications; seeing a usage rate increase of more than 37% as the UK and other countries entered lockdown and companies were urged to adopt remote working practices.<\/p>\n

When considering the popularity of Teams, in addition to the rapidly increasing volume of employees WFH, the risk of outage and compromise has exponentially increased.<\/p>\n

\"\"<\/p>\n

Adarma has introduced an availability measure to understand the current Teams utilisation whilst comparing to baselines over 4 hours, a week and 7 days. We could also use the predict function to assess the future capacity required for Teams.<\/p>\n

Covid-19 Phishing Attacks and Malware<\/strong><\/p>\n

When coronavirus first began to spread in China, we received intelligence that the majority of malicious, coronavirus-themed files were submitted from China and targeted Chinese speakers. As the virus continued to spread and infect more countries, the malicious campaigns effectively mirrored the spread of the virus with new campaigns being seen within days of countries being affected by Covid-19.<\/p>\n

Research has shown that an array of malware was distributed by these \u201ccoronavirus\u201d campaigns, including variants of Emotet, RemcomRAT, ParallaxRAT, HawkEye, TrickBot, Agent Tesla and more. The most common technique observed thus far is a spear phishing attack that uses coronavirus-themed emails with malicious attachments. The Adarma SOC created threat hunts looking for these indicators and behaviours described by this series of threat intelligence reports.<\/p>\n

Cyber Hygiene<\/strong><\/p>\n

Our customers are asking us for additional focus on these security metrics at this time. Whilst not always the most glamorous of use cases, having visibility of where other controls aren\u2019t working provides excellent Operational Intelligence. Examples include;<\/p>\n

\u2022 Significant changes to the number of endpoint devices failing to receive Windows, AV or other routine updates.
\n\u2022 Significant changes to either allowed or blocked traffic through perimeter firewalls
\n\u2022 Use of prohibited or Insecure protocols on the network
\n\u2022 Tracking RDP usage for potential malicious lateral movement
\n\u2022 Data sources stopping reporting to the data platform\/SIEM<\/p>\n

\"\"<\/p>\n

The Adarma Managed SOC Service<\/strong><\/p>\n

At Adarma, we provide a fully managed tailored and entirely flexible SOC capability that constantly evolves with our customers\u2019 needs and the changing threat landscape. Our primary objective is to provide pain free access to all of the necessary tools, skills and processes that will give our customers peace of mind and enable them to get on with the job of running their businesses.<\/p>\n

In times of uncertainty and business disruption, the Adarma service is able to adapt quickly and ensure our customers remain fully supported, thereby minimising the impact of security incidents and threats on the day to day operation of the business.<\/p>\n

The Adarma Managed SOC Service acts as an extension to our customers in house team. Delivered remotely, the service enables complete visibility of threats across their entire monitored domain, highlighted from the background noise of all of their event data. Every event is handled, nothing is ignored.<\/p>\n

We also deliver a day one configuration balancing our industry expertise with a flexible approach focusing on clients\u2019 key risks as well as consistent, high quality, context aware and iterative response processes ensuring threats are identified and addressed in a timely manner.<\/p>\n

Whilst our service includes bespoke use case creation and development as standard for every customer, we also quickly create use cases aligned to the Mitre ATT&CK framework, responding to common shared threats and challenges to ensure our customers remain operational.<\/p>\n

Sign up to our webinar to learn more and meet the SOC team<\/strong><\/p>\n

About Adarma<\/strong><\/p>\n

Adarma analyses, monitors and responds to threats for some of the world\u2019s largest companies. Formed and run by former senior security leaders from the UK\u2019s leading financial organisations, we know security and how to deliver real value in the real world. Our clients are successful FTSE 350 organisations from highly regulated industries, looking for a partnership approach to threat management. We would welcome conversations to discuss Adarma\u2019s SOC service with any existing Adarma customers as well as organisations considering outsourcing their Security Operations.<\/p>\n","protected":false},"excerpt":{"rendered":"

His post on metrics is interesting. I know many CISOs, but have not been one; I never made it higher in the security food chain than Head of IT Security, a post I held for less than a year before handing it over to the very capable David Calder – and founded ECS Security, where David is now Managing Director.<\/p>\n","protected":false},"author":1,"featured_media":4192,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[196],"tags":[],"acf":[],"yoast_head":"\nAdarma Managed SOC During Covid-19 | News & Blogs | Adarma<\/title>\n<meta name=\"description\" content=\"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Adarma SOC During Covid-19 Disruption\" \/>\n<meta property=\"og:description\" content=\"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\" \/>\n<meta property=\"og:site_name\" content=\"Adarma\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-04T16:03:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-17T09:26:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2020\/06\/Social-banner-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1044\" \/>\n\t<meta property=\"og:image:height\" content=\"540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"pnpd-admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@adarma_security\" \/>\n<meta name=\"twitter:site\" content=\"@adarma_security\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"pnpd-admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\"},\"author\":{\"name\":\"pnpd-admin\",\"@id\":\"https:\/\/adarma.wpengine.com\/#\/schema\/person\/ef0653c33d69815507d6cc37594e33dc\"},\"headline\":\"Adarma SOC During Covid-19 Disruption\",\"datePublished\":\"2020-06-04T16:03:10+00:00\",\"dateModified\":\"2023-08-17T09:26:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\"},\"wordCount\":1099,\"publisher\":{\"@id\":\"https:\/\/adarma.wpengine.com\/#organization\"},\"articleSection\":[\"News\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\",\"url\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\",\"name\":\"Adarma Managed SOC During Covid-19 | News & Blogs | Adarma\",\"isPartOf\":{\"@id\":\"https:\/\/adarma.wpengine.com\/#website\"},\"datePublished\":\"2020-06-04T16:03:10+00:00\",\"dateModified\":\"2023-08-17T09:26:40+00:00\",\"description\":\"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.\",\"breadcrumb\":{\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/adarma.wpengine.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Adarma SOC During Covid-19 Disruption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/adarma.wpengine.com\/#website\",\"url\":\"https:\/\/adarma.wpengine.com\/\",\"name\":\"Adarma\",\"description\":\"Cybersecurity Services Tailored to Your Needs\",\"publisher\":{\"@id\":\"https:\/\/adarma.wpengine.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/adarma.wpengine.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/adarma.wpengine.com\/#organization\",\"name\":\"Adarma\",\"url\":\"https:\/\/adarma.wpengine.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/adarma.wpengine.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2021\/09\/Logo-Dark.svg\",\"contentUrl\":\"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2021\/09\/Logo-Dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Adarma\"},\"image\":{\"@id\":\"https:\/\/adarma.wpengine.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/adarma_security\",\"https:\/\/www.linkedin.com\/company\/adarma-security\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/adarma.wpengine.com\/#\/schema\/person\/ef0653c33d69815507d6cc37594e33dc\",\"name\":\"pnpd-admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/adarma.wpengine.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8db9b99d79fb7b848980de57cb219c57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8db9b99d79fb7b848980de57cb219c57?s=96&d=mm&r=g\",\"caption\":\"pnpd-admin\"},\"sameAs\":[\"https:\/\/adarma.wpengine.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Adarma Managed SOC During Covid-19 | News & Blogs | Adarma","description":"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/","og_locale":"en_GB","og_type":"article","og_title":"Adarma SOC During Covid-19 Disruption","og_description":"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.","og_url":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/","og_site_name":"Adarma","article_published_time":"2020-06-04T16:03:10+00:00","article_modified_time":"2023-08-17T09:26:40+00:00","og_image":[{"width":1044,"height":540,"url":"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2020\/06\/Social-banner-1.png","type":"image\/png"}],"author":"pnpd-admin","twitter_card":"summary_large_image","twitter_creator":"@adarma_security","twitter_site":"@adarma_security","twitter_misc":{"Written by":"pnpd-admin","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#article","isPartOf":{"@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/"},"author":{"name":"pnpd-admin","@id":"https:\/\/adarma.wpengine.com\/#\/schema\/person\/ef0653c33d69815507d6cc37594e33dc"},"headline":"Adarma SOC During Covid-19 Disruption","datePublished":"2020-06-04T16:03:10+00:00","dateModified":"2023-08-17T09:26:40+00:00","mainEntityOfPage":{"@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/"},"wordCount":1099,"publisher":{"@id":"https:\/\/adarma.wpengine.com\/#organization"},"articleSection":["News"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/","url":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/","name":"Adarma Managed SOC During Covid-19 | News & Blogs | Adarma","isPartOf":{"@id":"https:\/\/adarma.wpengine.com\/#website"},"datePublished":"2020-06-04T16:03:10+00:00","dateModified":"2023-08-17T09:26:40+00:00","description":"Adarma has assisted with managed SOC responses to pandemic related business transformation challenges and working from home challenges to prevent new threat vectors.","breadcrumb":{"@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/adarma.wpengine.com\/adarma-soc-during-covid-19-disruption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/adarma.wpengine.com\/"},{"@type":"ListItem","position":2,"name":"Adarma SOC During Covid-19 Disruption"}]},{"@type":"WebSite","@id":"https:\/\/adarma.wpengine.com\/#website","url":"https:\/\/adarma.wpengine.com\/","name":"Adarma","description":"Cybersecurity Services Tailored to Your Needs","publisher":{"@id":"https:\/\/adarma.wpengine.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/adarma.wpengine.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/adarma.wpengine.com\/#organization","name":"Adarma","url":"https:\/\/adarma.wpengine.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/adarma.wpengine.com\/#\/schema\/logo\/image\/","url":"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2021\/09\/Logo-Dark.svg","contentUrl":"https:\/\/adarma.wpengine.com\/wp-content\/uploads\/2021\/09\/Logo-Dark.svg","width":1,"height":1,"caption":"Adarma"},"image":{"@id":"https:\/\/adarma.wpengine.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/adarma_security","https:\/\/www.linkedin.com\/company\/adarma-security\/"]},{"@type":"Person","@id":"https:\/\/adarma.wpengine.com\/#\/schema\/person\/ef0653c33d69815507d6cc37594e33dc","name":"pnpd-admin","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/adarma.wpengine.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8db9b99d79fb7b848980de57cb219c57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8db9b99d79fb7b848980de57cb219c57?s=96&d=mm&r=g","caption":"pnpd-admin"},"sameAs":["https:\/\/adarma.wpengine.com"]}]}},"_links":{"self":[{"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/posts\/2420"}],"collection":[{"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/comments?post=2420"}],"version-history":[{"count":0,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/posts\/2420\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/media\/4192"}],"wp:attachment":[{"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/media?parent=2420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/categories?post=2420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adarma.wpengine.com\/wp-json\/wp\/v2\/tags?post=2420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}