Today, RocketCyber, a cybersecurity platform built for Managed Service Providers, announced a live threat map for MSPs servicing small-medium businesses (SMBs). The RocketCyber Live Threat Map demonstrates malicious and suspicious activity occurring on the endpoint as it happens by offering a real-time visualization of attacks that circumvent traditional security defenses within their customers' networks.
Many MSPs are transitioning from NOCs (network operation centers) to SOCs (security operation centers), hoping to identify malicious activity as it is occurring. However, the RocketCyber Live Threat Map provides early warning indicators sooner than SOCs so the MSP can take action before a breach enters the stage of data exfiltration.
“Given that MSPs know their customer networks best, exposing real-time global attack data on the endpoint empowers the provider to quickly remediate the threat,” said Carl Banzhof, CEO and co-founder of RocketCyber. “For example, how many dental offices in North America can justify an SSH or FTP remote connection from North Korea?”
The Live Threat Map is a huge advantage for MSPs that are responsible for detecting attacks and reducing the amount of dwell time within their customer networks. While enterprise products have previously delivered attack map capabilities, those products typically map global threat data and attacks and are not actionable on a customer network. The RocketCyber Live Threat Map allows MSPs to take action sooner and reduce the amount of dwell time.
A visual list of threats is shown above, displaying:
- Location origin and IP address of the attacker
- Managed customer impacted
- Host computer under attack
- Date and time of detection
- Details hotlink providing technical information
When clicking on the details, one can investigate further malicious/suspicious activity taking place on the host (s).
When Cyber Terrorist Network Connections and Malicious File Detection are enabled, we can gain further insight. This example highlights an RDP connection from Russia along with connections from two other countries known for attacking small businesses. In addition, we can see a day later that a malicious file was detected that circumvented perimeter defenses.
Furthermore, a day after the foreign network connections were initiated, we can now see signs of more evidence of the attacker staging additional phases of an attack that has historically been invisible to both small businesses and the Managed Service Provider.
The example below demonstrates signs of Discovery, Persistence, Evasion and more, specifically reviewing the details under Breach Detection and Event Monitor. Consider Carl’s dental office example, how many dentists likely clear their Windows security log and begin running PowerShell?
The RocketCyber Live Threat Map is free for Managed Service Providers and includes monitoring for unlimited customers.
Our next blog will feature the Rocketcyber Attack Timeline which complements the Threat Map by providing a visual storyboard of the chronological order of events from the time of the intrusion to all of the stages throughout the attack life cycle up through data exfiltration, which hopefully doesn’t happen to your customer! Subscribe to our blog for an update when it goes live.
To get your free Live Threat Map, sign up for your free account here: https://www.rocketcyber.com/pricing