admin, Author at OnDefend

” When I first got into the field as an admin, I was informed that one of our Domain Admin accounts was a user called ‘hdesk’ and the password was ‘help’ and everyone in the company was aware of it. And I mean EVERYBODY! You can imagine how that went over at our security audit. Suffice to say, it was changed shortly after that.” – Daniel Lowrie, IT Pro TV

” I once got a call from one of our vendors telling us they found the entire code of one of our critical applications including secrets in clear text in an open GitHub repository. The developer thought the GitHub repo was secure by default. This became an escalated incident of course but also a great opportunity to educate developers on secure coding practices. ” – VCISO Carlos Rodriguez

” Client had serious concerns regarding the physical security controls of their main campus. My team was engaged to attempt to breach the primary building with no stated limitations.

The client’s facility was a large campus comprising multiple buildings supporting various corporate functions and operations. Upon completion of the reconnaissance phase, it was determined that we’d attempt to scale the first story of the target building via grappling hook and climbing gear.

Literally picture Batman & Robin slowly walking up the side of a building and that is exactly what we looked like, minus the costumes.

Upon gaining a successful foothold with the grappling gear and securing the belay lines, we began our single-story ascent. Within minutes, we noticed the beam of a flashlight slowly approaching our position and with the belay lines dangling on the ground, there was no mistaking what we were up to!

This is where the story gets good, so the security guard, Chad, approaches us and demands we come down. Once back on the ground knowing full well that our cover was about to be blown, we throw caution to the wind and tell Chad at least most of the truth, that we’re here on a consulting engagement. Fully expecting Chad to raise the alarm to call the police, we were in total shock when Chad said “Okay, cool, but please be careful not to damage the building.

Um, wait what? Chad never asked us for identification, a get of jail free letter or even our names!

So once the coast is clear, we return to our superhero’s scaling that daunting first story wall. Upon reaching the summit a solid 12-15 feet above ground, we stumble over the perimeter wall and discover an exterior glass door leading into an employee break room, adjoining what turned out to be the primary data center!

Once inside, we were successful in gaining access to pretty much the entire facility without being challenged again by Chad.

The irony of this cyber horror story is that the client was a security firm and the lack of any semblance of security awareness by their security officer underscores the fact that even security companies are vulnerable to the same tactics & techniques that malicious threat actors utilize, regardless of their target or intentions.” – Todd Salmon, Cybersecurity executive and former CISO

” During a recent Ransomware attack, we noticed threat actors stealing administrative credentials and logging on to security portals to disable EDR products within their environment. They used a weakness and privileged access management to uninstall security agents without the victim’s knowledge, until after the security incident had occurred. These attackers were even responding towards threats in the portal to avoid suspicion. Eventually they locked out the customer from their own security portal and executed Ransomware within the environment taking the company down.” – Josh Nicholson, DeepSeas VP

” One that I remember really vividly, we did some work with an insurance provider a property insurance company and we demonstrated that in the web app they put on the Internet for all their policyholders and their agents to use that it was possible to sign up for a free account, gain access to other people’s information, and then actually act as a not only an agent but actually somebody for the company to create our own claim, approve our own claim and mail ourselves a check. All that happened 5 vulnerabilities we found in the web application.” – Ben Finke, OnDefend CTO

Whether you need a Ransomware readiness assessment or advanced email phishing training, OnDefend can provide any professional service your company may need. Check out a full listing of our services here: Services > OnDefend

Many believe a cybersecurity company is filled with a bunch of people furiously typing while wearing hoodies (not completely untrue) but there is so much more!

We’re introducing you to different employees within the OnDefend company to encourage others to explore a career in cybersecurity.

Name: Ben Finke

Title: CTO, OnDefend

Name: Zac Hardy

Title: Senior Project Manager, OnDefend

Name: Lauren Verno

Title: Vice President of Communications, OnDefend

Name: Chris Freedman

Title: CEO, OnDefend

Name: Billy Steeghs

Title: COO, OnDefend

OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world threats. From ensuring compliance with industry standards to building out mature security programs our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit OnDefend.com.

Security Monitoring Validation was built out of a need from our customers to see how long it would take their security controls to detect an attack and then how long it would take for their 3rd party provider to respond.

We quickly found the need was not a singular event. A recent survey found the average response time for MSSPs to security incidents is 3 hours. However, the study also found that 20% of MSSPs take more than 12 hours to respond to security incidents.

By leveraging OnDefend’s breach & attack simulation solution, BlindSPOT, our professional services team is able to safely simulate ransomware, supply chain, and other adversarial tactics every month to prove a third-party security provider or internal defense team will detect, respond, and alert to real- world cyber-attacks within the organizations selected time frame.

A customer success example:

Problem: What is our mean time to detect (MTTD) and mean time to respond (MTTR)?

Background: This customer was concerned about reports of similar organizations’ internal network defense teams and outsourced 3^rd party MSSP’s providers response to cyber-attacks, which resulted in critical delays and sometimes complete response failures.

Actions Taken: BlindSPOT was used to perform the service Security Monitoring Validation where various threat actor attack vectors are simulated on an environment to validate, their real-time detection, alerting, and response readiness as if it was a real event.

Result: The attack simulation report revealed the EDR was missing attack activity, when the EDR did successfully detect an attack, the logs were being directed to the EDR’s own console rather than the SIEM. The MTTD for the attacks that were logged was 5 hours. Following remediation of the of the misconfigurations the MTTD was 2 minutes.

A Note from the CTO

We’ve been hard at work on all things BlindSPOT and wanted to share just a few of the highlights with you.

As you’ll see in this update, the BlindSPOT team continues to build out new features and functionality that make conducting Breach and Attack Simulation style testing easier, while reducing the time and friction to get to the results. A lot of the features and changes you’ll notice when using the platform came directly from the feedback of our customers, so thank you, and keep it coming.

Simulation Library Updates

Our Simulation Library has been completely redesigned to make it easier to find the simulations you need to test your defenses and train your team. The new look and feel makes it easy to find and start campaigns, and you can even create your own favorites list for suture workshops.

Simulation Builder Updates

Our beta release of the Simulation Builder is getting better every day, thanks to your feedback (please, keep it coming)!

The new interface makes it easy to add new steps to your simulations and to create or modify existing steps.

New Security Tools Catalog

We’ve updated our security tools area to give you a better view of your current tools and to suggest new tools that you may want to consider.

If you want to stay in the loop about what’s happening at OnDefend & BlindSPOT, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.

For more than 25 years, the Jacksonville Business Journal has identified the fastest growing companies on the First Coast.

This list has tracked companies that boomed during the good times, that grew even when the economy shrank, that stand as an example of what ingenuity, hard work and creativity can lead to.

This year’s list of honorees are drawn from a range of industries, including real estate, transportation, technology and manufacturing.

As a group, the Fast 50 honorees saw their revenue grow by more than $2 billion collectively over the past three years.

OnDefend made a significant leap up the rankings this year, taking home the coveted 14th spot, a one-position improvement from last year.

Founded in 2016 by Co-Founders Chris Freedman & Ben Finke, OnDefend started as a service company but has quickly become a leader in the SaaS space with their attack simulation tool, BlindSPOT.

In this interview with the Jacksonville Business Journal, Freedman explains what this milestone means to the company.

It is about to be busy season for cyber security providers around the world. From non-stop conferences and awards to new vulnerabilities and cybersecurity awareness month. Let’s get started.

OnDefend Insights

It’s likely one of the most common questions our in-house red team gets asked, “how did you become an ethical hacker?” In today’s job market it seems as if entry-level cybersecurity jobs are non-existent, but how do you become a seasoned professional without the experience? OnDefend senior tradecraft engineer Ryan Tucker created a how-to guide on becoming a hacker, and his advice to others on growing their careers.

A recent report revealed less than a quarter of CISO’s are participating in business strategy and decision-making processes within their organization (I know what you’re already thinking, that doesn’t shock you at all.) Here’s what you might not have expected, the report showed cybersecurity budgets are increasing but there was a catch to receiving that budget. You can read the full report here.

Breach & Attack Simulation or BAS technology is at peak interest according to Gartner’s 2023 security operations hype cycle. BAS technology provides automated and consistent assessment of an enterprise’s threat vectors. Frequent automated BAS assessments also enable organizations to detect gaps in their security posture due to configuration errors or reevaluate priorities of upcoming security investments.

⭐️ Can be offered as a one-time attack simulation or a fully managed service
⭐️ Competitively priced compared to other BAS products
⭐️ Allows for customized payloads, C2 integrations, and stakeholder reporting

Cybersecurity Roundup: Top Stories from the Digital Frontlines

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer’s corporate account.

CISA confirms the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles. According to CISA director Jen Easterly Mduge was brought on to “shape a culture of security by design that is foundational to every security team, every C-suite, and every board room in the country.”

Leading cybersecurity agencies from the UK, US, Australia, Canada, and New Zealand have discovered that the Sandworm cyber actor used a new mobile malware, “Infamous Chisel,” to target Android devices used by the Ukrainian military. They have previously connected Sandworm to Russia’s GRU Main Centre for Special Technologies (GTsST), indicating state-sponsored involvement in these cyberattacks.

The patch didn’t work. The FBI warns that Barracuda Email Gateways continue to be vulnerable despite attempts at a recent solution to the zero-day bug. According to the FBI, the fixes are considered “ineffective” and that it “continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit.”

OnDefend in the News

BlindSPOT

We have some very exciting news on the BlindSPOT front that we will be announcing next month, from simulation library updates to a new security tools catalog. In fact, there is such a steady flow of updates, we figured the BlindSPOT section should have a page of its own. Consider this your foreshadowing to the big announcement next month. – Ben, OnDefend CTO

Anybody else feel like we just scratched the surface? That’s because we did. Stay tuned for this bi-monthly newsletter, for all of OnDefend’s latest and greatest.

If you want to stay in the loop about what’s happening at OnDefend, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.

JACKSONVILLE, Fla. –For the past five years, the Jacksonville Business Journal has honored some of the men and women whose technology leadership has helped local organizations grow, deal with challenges and shape the future.

We’re glad to have this opportunity to spotlight these leaders and their accomplishments, and we look forward to seeing the impact they and their organizations have on the community in the future.

Company: OnDefend

Title: Co-Founder and CTO

How has your leadership helped your organization grow? Hard work, consistency, curiosity, a positive attitude, and a desire to grow. All qualities that are needed to ensure an organizations growth. I will start by saying, the product and services our company offers has such an important need in every sector of business. A good product, like BlindSPOT will naturally lead to business growth but it was the above attributes that led to this product being built successfully and my continued desire to grow to teach others about it.

As the BlindSPOT product has gained new capabilities and we’ve expanded the content available we’ve added new customers, allowing us to reinvest that into more development and content capacity. Over the years our company has grown in employee count, financial revenue, and brand awareness. My willingness to continue to teach others and continually push the envelope has led us to where we are today and I know will only push is further to come.

What is your greatest career accomplishment? I’ve been very fortunate to work on several amazing projects and with some amazing people over my career, but in 2021 we were asked to help secure the upcoming FIFA World Cup in Qatar. In cybersecurity you’re not always allowed to mention the companies or organizations you’re working with for security reasons. This was one of those projects that for well over a year, my team worked tirelessly to make this event a success. It was one of those projects that if we did not do our job correctly, one of the most famous sporting events in the world would be in trouble. The OnDefend name was at stake, and we knew we had to get it right. In cybersecurity, no news is good news. The fact, that a cyber-attack on a global stage didn’t hit the news means we did our job correctly. To know that our company has reached a level to be selected for that kind of project and pull it off successfully is something I could have only dreamed of when I started my career.

Summer is wrapping up and “out of office” replies are slowly disappearing. Here’s an update on some of what OnDefend was up to while you we’re away.

Three CISO Problems Solved: Demonstrating Your Security Programs Value to Leadership

It was an exciting conversation between former CISO/cybersecurity executive Todd Salmon and OnDefend CEO Chris Freedman, as they discussed how to prepare for some of the most common questions security leaders face today. Including, how to prepare for industry specific threat actors, validating your security controls effectiveness, and responding to a real-world breach. Missed it? Check it out here 👇🏻

OnDefend Insights

Pentests are one of the most requested services we get at OnDefend. The purpose of these tests are not to cause harm, but to understand the potential weaknesses in the system. COO Billy Steeghs created this one-stop shop for pentesting in “understanding network penetration testing: it’s significance, requirement, and compliance.

We are lucky to have some of the most qualified and highly skilled red teamers at OnDefend. One of their jobs? Threat-Hunting. Our director of offensive security Joe Brinkley aka The Blind Hacker breaks down the importance of threat-hunting, the process, and what characteristics every threat-hunter should have.

OnDefend In The News

OnDefend has once again been named one of the fastest-growing companies on the first coast! 🎉 For more than 25 years, the Jacksonville Business Journal has identified the fastest-growing companies on the First Coast.

CTO Ben Finke answers the age-old question, “Can cybersecurity be solved” to Forbes. In this article, Ben takes a historian’s view on how the security arc closed in a hypothetical future to see how we might approach this problem in our present. *Hint, “uncovering a company’s security control blind spots” is just one component.

Back to the basics. ONE click caused a small business owner to lose social media accounts to internet hackers. OnDefend VP of Communications Lauren Verno shares insights with her former news station. An excellent share for your non-technical friends, co-workers, and family!

Better Together

BDO Digital, OnDefend, and Cyber Defense Magazine team up to introduce “How to Build a Resilient Cybersecurity Program.” In this webinar the three security leaders discussed everything from building a security stack that’s the right size for your company, how to compete in today’s market, and how to focus on the risks that are most likely to impact your organizations.

Going deep with DeepSeas’ Josh Nicholson for an episode of Cyber Security America. In this conversation between OnDefend CEO and SafeGuard Cyber CEO Chris Lehman, the discussion revolves around the “top five crucial aspects that the CISO communication should be aware of.”

BlindSPOT

We are thrilled to announce that the Blindspot team has opened the Simulation Builder into Beta, empowering you to create your very own simulations. Now, you have the freedom to design and test simulations during the draft phase. By simply having an agent running, you can instantly observe and evaluate the results in real-time within your window. Whether starting from scratch or using an existing simulation as a foundation, the possibilities are endless.

To streamline the scoring process, we have introduced the ability to perform bulk updates on simulation actions. Now, you can conveniently assign a status (No Evidence, Logged, Alerted, Blocked) and allocate a security tool to each item. This enhancement ensures faster and more efficient scoring, especially for large campaigns.

As part of our commitment to providing top-notch features, Blindspot now enables you to send Cobalt Strike beacons from within the platform. These beacons can be activated by our agents on your endpoint. Subsequently, from your Cobalt Strike server, you can execute commands seamlessly. Once you’ve completed your operations, the Cobalt Strike logs can be converted into a Blindspot Campaign, facilitating seamless reporting.

Anybody else feel like we just scratched the surface? That’s because we did. Stay tuned for this bi-monthly newsletter, for all of OnDefend’s latest and greatest.

We get this question a lot – how does someone become an ethical hacker? Let’s start by saying that almost everyone has a different story but here’s our advice on some good places to start.

First, cybersecurity in general is a field that rewards actual hands-on experience as much as anything else. You’ll need to bring along your curiosity and your determination (the path to success is paved with failures you’ll learn from) and relax in the realization that you are going to be constantly learning.

These two paths play an important role in how you will capitalize on the knowledge and expertise you are going to gain.

Most formalized training paths involve certifications. There is a wide spectrum of cybersecurity certifications. Some are well-established ones that have been around for a longer amount of time, and they may have differing levels of respect between technical practitioners and hiring managers. New certification and training programs pop up frequently, and while they may not be as well-known they frequently offer more contemporary and practical content. Your own selected path is likely to be managing a balance between the value of a recognized certifications and the benefits of up-to-date, actionable knowledge.

Some certifications can provide a significant advantage during job applications. They act as credentials that can help an applicant stand out to hiring managers and secure interviews, making them a valuable addition to a resume. In fact, often these certifications are used to filter resumes before a hiring manager even sees them.

It’s a cliché, but like many cliches there’s truth to it – you can pass lots of certification tests and still not be able to do the actual work. There’s no better way to learn how to do the actual work then to do the actual work! One of the best ways to begin building your skills is to participate in Capture the Flag (CTF) competitions and experiences. These CTFs are essentially puzzles requiring you to learn and apply specific techniques in order to achieve the outcome. Most CTFs also include a training guide on how to complete the challenges (once the competition is over of course) so that you can see how the creators thought the challenges could be solved.

One of the challenges in the cybersecurity industry is the often-heard phrase, “you need experience to get experience”. Companies prefer to hire those with proven experience, creating a challenging situation for newcomers. By earning certifications and participating in practical exercises like CTFs, one can gain a semblance of ‘real world’ experience, making them more attractive to potential employers.

Here is a list of certification and training:

These are just a fraction of the training and certifications available in the cybersecurity space but are the ones usually in reach for people just getting started.

A new report reveals less than a quarter of CISO’s are participating in business strategy and decision-making processes.

Let’s acknowledge the elephant in the room: cybersecurity is still not a main priority for most organizations. It’s not that companies don’t care, many times investing in cybersecurity can seem out of reach, overwhelming, or an “IT problem”, but in today’s current landscape these excuses are no longer an option.

A recent survey of 150 CISO’s by BSS revealed less than a quarter (22%) of CISO’s are actively participating in business strategy and the decision-making processes. Even more staggering, only 1 in 10 (9%) of CISO’s said information security is always in the top three priorities on the boardroom’s meeting agenda.

Cybercrime is a TRILLION-dollar issue, $8 trillion to be exact and that number is expected to grow to $10.5 trillion by 2025 according to cybersecurity ventures. To give you some perspective of how much money that is, combine the worth of Apple, Microsoft, and Amazon… and then double it.

We understand cybersecurity can seem like a huge undertaking and there aren’t any tangible results. It’s a lot like investing in car insurance. You don’t need it until you’re in an accident. That’s how many companies approach cybersecurity, they don’t invest until there’s been a breach but by then the damage is done.

Now, it’s not all doom and gloom. The survey did reveal that investment in cybersecurity is slightly moving in the right direction. 61% of the CISO’s surveyed noted they received a significant increase in funding, averaging between 10-30% more. However, over half of respondents said “they we’re expected to spend their budget on cyber security issues hitting the news headlines, rather than where it’s really needed. “

However, the survey highlighted 78% of the CISO group said high-profile security incidents we’re the reason behind receiving more budget.

I’m not a big fan of scare tactics. I believe it’s important to understand the problem (which can have hints of scary) and then offer solutions.

That’s one of the reasons we saw a use case for BlindSPOT, OnDefend’s proprietary breach & attack simulation tool. It changes the mindset of a company that is historically reactive to cybersecurity incidents and makes them proactive. BlindSPOT consistently tests and tunes an organizations security control throughout the year. That way if an attacker we’re to strike, you would know your companies ready. It’s a lot like prepping for a hurricane. You can’t stop mother nature from striking but you can be prepared with flashlights, water, and rain boots for when it happens.

So, where am I going with all of this? The need to give cybersecurity a seat at the table. Once leadership changes their mind from not if we’re attacked but when, then we can all start doing the real job of protecting against the bad guys. In the end, we’re all after the same goal, right?

There is no doubt plenty of horror stories working in cybersecurity. For cybersecurity awareness month and Halloween, we teamed up with industry leaders and partners and asked them a simple question, “tell us a cybersecurity horror story.”

Many believe a cybersecurity company is filled with a bunch of people furiously typing while wearing hoodies (not completely untrue) but there is so much more!

Name: Ben Finke

Title: CTO, OnDefend

Name: Zac Hardy

Title: Senior Project Manager, OnDefend

Name: Lauren Verno

Title: Vice President of Communications, OnDefend

Name: Chris Freedman

Title: CEO, OnDefend

Name: Billy Steeghs

Title: COO, OnDefend

Security Monitoring Validation was built out of a need from our customers to see how long it would take their security controls to detect an attack and then how long it would take for their 3rd party provider to respond.

A customer success example:

A Note from the CTO

Simulation Library Updates

Simulation Builder Updates

New Security Tools Catalog

For more than 25 years, the Jacksonville Business Journal has identified the fastest growing companies on the First Coast.

OnDefend made a significant leap up the rankings this year, taking home the coveted 14th spot, a one-position improvement from last year.

It is about to be busy season for cyber security providers around the world. From non-stop conferences and awards to new vulnerabilities and cybersecurity awareness month. Let’s get started.

OnDefend Insights

Cybersecurity Roundup: Top Stories from the Digital Frontlines

OnDefend in the News

BlindSPOT

JACKSONVILLE, Fla. –For the past five years, the Jacksonville Business Journal has honored some of the men and women whose technology leadership has helped local organizations grow, deal with challenges and shape the future.

Summer is wrapping up and “out of office” replies are slowly disappearing. Here’s an update on some of what OnDefend was up to while you we’re away.

Three CISO Problems Solved: Demonstrating Your Security Programs Value to Leadership

OnDefend Insights

OnDefend In The News

Better Together

BlindSPOT

We get this question a lot – how does someone become an ethical hacker? Let’s start by saying that almost everyone has a different story but here’s our advice on some good places to start.

Here is a list of certification and training:

A new report reveals less than a quarter of CISO’s are participating in business strategy and decision-making processes.