Huntress ITDR in Action

How Bryley stopped a session-hijacking attack

Not all cybersecurity tools are equal – and there are a lot, so Bryley evaluates potential partners to offer an effective mix of security and value. This evaluation process helps us identify partners who provide reliable performance and whose products integrate well with our existing solutions.

We’re excited about the analysis and alerts that our partner Huntress’ Identity Threat Detection and Response (ITDR) has provided us. With several Bryley clients’ systems the ITDR has shown itself to be an invaluable tool in helping provide protection, especially as cyber-threats have evolved. The tool has helped Bryley successfully detect and stop session hijacking (see below), unwanted logins and password theft before any of these caused significant damage.

ITDR is a technology-approach similar to EDR (Endpoint Detection and Response – protects endpoints, like a laptop, for example). ITDR’s role is to continuously monitors and protects your identities and email environments within Microsoft 365 against cyber-threats.

Understanding session hijacking

A network can be thought of like a movie theater. You buy a ticket (session token) to prove you’ve paid for entry. But what if a thief steals your ticket while you’re getting popcorn? They could watch the movie pretending to be you – like attackers invading networks by stealing session tokens to access accounts without needing user names and passwords.

In a recent case Bryley’s ITDR system flagged suspicious Axios activity and intervened to prevent a potential breach. Axios is a normally benign javascript library that can be exploited for session-hijacking attacks.

Huntress’s rapid response brings Business Continuity

When a threat is detected Huntress immediately alerts our staff with critical information needed to lock down compromised accounts right away. Our rapid intervention in the Axios case prevented what could have been a serious security incident. By blocking access from suspicious VPNs and unusual foreign locations, we’ve successfully prevented data exfiltration, stopped malicious impersonation attempts and maintained business continuity for our clients.

The power of layering

If it became a real issue, movie theaters could cut down on ticket theft by also checking IDs (which is a form of multifactor authentication), using short-expiration tickets (equivalent in cybersecurity to forcing a session timeout [typical when you’re logged into a bank website]) or issuing tickets that had pictures of the correct attendees (in cybersecurity this is known as token binding – connecting a session to a browser, for example, so a criminal can’t use their device in that session).

Theft is a real issue in computer networks, so cybersecurity depends on multiple defensive layers.

Essential best practices

Technology will never be enough to create a secure environment. The most sophisticated security tools can be undermined by poor practices and people’s mistakes. The strongest enterprise-grade firewall can’t protect against an employee using “password123” or clicking a bad-enough link. This is why comprehensive policies and procedures are as crucial as using advanced security tech. Critical operational policies include:

• Principle of Least Privilege (PoLP)
• Strong passwords
• Proper user account management
• Session limits and timeout policies
• Ongoing security education – most important, because people tend to relax their practices as their security education recedes into the past

Huntress ITDR supported by comprehensive security layering, provides Bryley clients with powerful 24/7 protection. By detecting threats early and maintaining multiple defensive layers, Bryley helps businesses operate more securely and confidently.

To speak to Bryley’s Roy Pacitto about a business-continuity approach to cybersecurity for your organization, please complete the form, below, schedule a 15-minute, no-obligation call. Or you can email Roy at RPacitto@Bryley.com or reach him by phone at 978.562.6077 x217.