Does your MSSP provide you with an Egress Communication report?


Don’t know what it is? Read here to learn: 

When the organization’s network is not being filtered and monitored using the organization’s firewall, that exposes the organization to a significant security risk.

In most organizations the firewall is used as a gateway guard to protect the organization’s data and users from malicious traffic and attacks.

To ensure proper security management, it is strongly recommended to strengthen the outgoing traffic and make sure that all of the organization’s outgoing communications uses services & ports that are familiar and approved.

Here are some of important services that is recommended to monitor and should be blocked: 

22 SSH
23 Telnet
59 DCC
119 NNTP
135 RPC
137-139 Netbios
161-162 SNMP
445 SMB
1433-1434 MSSQL
3306 MySQL
3389 RDP
9001 & 9030 TOR Relay Server

CyRay is providing its customers with the following report in order to give the organization the ability to review the findings and decide if the communication poses any risks or not. This allows for accurate real-time monitoring, improves incident response, and helps the SOC operation personnel and platform managers take appropriate actions.

Cyray’s clients get a full coverage of all outgoing traffic, we analyze our customers’ traffic to identify any potential risk, and provide a proactive action plan to our clients allowing them to mitigate it.

Do you think of any more services to add to this list?
You can easily add it and you will get an alert for each communication with the service.

More to explorer

New Deployed Rules

NTFS:   1. Volume Shadow Copy Mount PowerShell Script   2. Code Executed Via Office Add-in XLL File   3. Potential Invoke-Mimikatz PowerShell Script   4.

New Deployed Rules

MSMQ:    1. MSMQ Corrupted Packet Encountered Network Share Object:    2. Protected Storage Service Access   3. Possible Impacket SecretDump Remote Activity

Sign up for our newsletter

Time to market

One-day SIEM integration