Does your MSSP provide you with an Egress Communication report?


Don’t know what it is? Read here to learn: 

When the organization’s network is not being filtered and monitored using the organization’s firewall, that exposes the organization to a significant security risk.

In most organizations the firewall is used as a gateway guard to protect the organization’s data and users from malicious traffic and attacks.

To ensure proper security management, it is strongly recommended to strengthen the outgoing traffic and make sure that all of the organization’s outgoing communications uses services & ports that are familiar and approved.

Here are some of important services that is recommended to monitor and should be blocked: 

22 SSH
23 Telnet
59 DCC
119 NNTP
135 RPC
137-139 Netbios
161-162 SNMP
445 SMB
1433-1434 MSSQL
3306 MySQL
3389 RDP
9001 & 9030 TOR Relay Server

CyRay is providing its customers with the following report in order to give the organization the ability to review the findings and decide if the communication poses any risks or not. This allows for accurate real-time monitoring, improves incident response, and helps the SOC operation personnel and platform managers take appropriate actions.

Cyray’s clients get a full coverage of all outgoing traffic, we analyze our customers’ traffic to identify any potential risk, and provide a proactive action plan to our clients allowing them to mitigate it.

Do you think of any more services to add to this list?
You can easily add it and you will get an alert for each communication with the service.

More to explorer

New Deployed Rules

Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious

New Deployed Rules

Account ManagementOutgoing Logon with New CredentialsRottenPotato Like Attack PatternScanner PoC for CVE-2019-0708 RDP RCE Vuln File EventWebDAV Temporary Local File CreationSCR File

New Deployed Rules

Process CreationMMC20 Lateral Movement Process CreationMMC Spawning Windows Shell Process CreationPotential Arbitrary Command Execution Using Msdt.EXE Process CreationSuspicious MSDT Parent Process Process

Sign up for our newsletter

Time to market

One-day SIEM integration