EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Prevention is better than cure in Cybersecurity

Atul Kabra December 9, 2020

 

PolyMon Prevention is better than cure blog

The times of pandemic have taught us one thing (something we knew but never really bothered as much) and that is how critical it is to regularly monitor one's vitals. From a "30-second-hold-your-breath" to "smart pulse-oxymeters", everyone is doing whatever they can, based on the access to tools and resources one has.


Well, believe it or not but in the cyber-world "pandemics" happen all the time. Most of us never get to know of them because we are kept protected by a gamut of products and services our respective organizations have invested in to keep our devices and networks safe. And yet breaches are not unusual.


With remote working transitions, the COVID times have pushed us further from these security layers. Sure, once we get connected to the corporate networks, there is a level of security that gets enforced but the surface on which we are connected through our home/private wi-fi to the secure network has increased. The amount of emails we are reading when not connected on secure networks have gone up. The amount of web we browse when not connected to enterprise security has gone up. With the device often being shared by a family member for school work (as schools are running online), checking travel restrictions in different parts of the country or maybe for streaming Netflix, all of this has opened up a much larger surface of attack for our devices, the same devices that are also used for our professional work and which get connected to main network without any rules of a mandatory quarantine because there is no equivalent mechanism of regular monitoring to see if the 'temperature was high' or 'oxygen levels were low'.

The rise in the cyber attacks in the times of Covid, therefore, does not come as a surprise. At EclecticIQ, we have published the information about such attacks on a weekly basis.

Monotoring Tool PolyMon

Now we are announcing our monitoring tool, "PolyMon". PolyLogyx Monitoring Agent (PolyMon) is a Windows software that leverages the osquery tool and the PolyLogyx Extension to osquery, to provide a view into detailed information about process creations, network connections, file system changes, security critical event logs and many other activities on the system. In simpler terms, it is a tool that will help you monitor the vitals of your system. So for example if there is an EclecticIQ that says that we are witnessing a rise in "RDP brute force attacks", which take place by scanning the internet for RDP port 3389, you could simply fire up the PolyMon tool, navigate to "Socket Events" [that captures all the interesting socket connections on your device] and search to see if: port 3389 is open on your system and if there was a connection made on it.

Not only EclecticIQ but most threat intelligence companies that publish their advisories which contain the TTPs and IoC (e.g file hashes, process names, registry entries, so on and so forth) for the recent most discovered breaches, can now be easily searched for in your computer to come to a conclusion if the system witnessed any kind of breach, or even an attempt.

Attackers often can go after other devices at your home e.g. your router and serve all kinds of unwanted content by manipulating your DNS settings. With PolyMon, you can actually check if the DNS resolutions on your device is happening correctly or not. Simply navigate to "DNS Response Events" tab which shows the URL and what IP address did it resolve to. Then by making use of any 3rd party service (e.g whois) you can make a deduction if the URLs are getting resolved to the right IPs or not.
The software can also be optionally provisioned with a free VirusTotal (link to VirusTotal) API and that will allow it to fetch the reputation of the files created or modified on your system, essentially giving you a personal EDR tool.

Windows operating system by itself generates a series of logs in its event log. And while it has a nice user interface to it (called Event Viewer), searching logs of importance out of it can be problem of 'needle in the haystack'. PolyMon simplifies the job for you again. SANS Institute has published a list of event logs that should regularly monitored as security critical events. With one click on PolyMon you could get all those logs fetched right away from the vast ocean of event logs.

The software allows you to generate the profile of your endpoint that can be shared with a security expert of your organization, should you feel a need to do so. If you are an advanced osquery user, you will find that it gives a very nice way to investigate enormously different kinds of properties of your endpoint, as the underlying engine of the tool is built on osquery. Easy peasy.

Software Download

Here is the best part. All this monitoring data that the software collects, stays locally. On your Device. So yes, you own your data. It is not uploaded on any cloud service. It doesn't leave your system and it will only collect what you ask it to. 

Looks like Christmas did indeed come early. With that, we invite you to try out the latest offering from the stable of EclecticIQ to our DFIR friends, IR friends, MSSP friends, IT friends, and you (the computer user) to try our PolyMon software. As always we invite your feedback, suggestions for improvement, criticism and if nothing else then a general "Hello". Feel free to reach out to us.  

Download the software here.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (121)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo