The Network: Healthcare organization, dozens of servers, several hundred workstations
The Expectation: Lean in house IT staff, supplemented by out sourced experts in local region
The Catch: EventTracker v8 sensor detects that a well known remote access program typically used by the trusted outsourced experts accepts a connection from China.
The Find: Remote server access is convenient, even necessary in this case but as always convenience is the enemy of security.
The Lesson: Carefully implement proper hardening of any remote access solution. Attackers will find every gap and do their best to exploit it