THREAT ASSESSMENTS

The volume of data that organisations work with on a daily basis continues to grow year on year. As a consequence, securing this information is critically important. We continue to see companies hit the global headlines on a daily basis following incidents associated with data loss or breaches.

The impact associated with these incidents is huge, ranging from loss of customer information, loss of business processing capability, loss of Intellectual Property (IP), fines and sanctions from regulatory bodies and reputational damage impacting current or potential business partners and customers.

A direct consequence of this is more and more organisation’s are starting to look at their security posture and think, “what can I do to make myself, the company and its employees more secure?”. This can be a daunting exercise leading onto many false starts and misdirections.

Nettitude has recognized this initiative and has put together a ‘Cyber Threat Assessment’. To assist organisation’s in better understanding their security posture and strategizing a business plan to remove vulnerabilities and reduce the probability of becoming another global headline associated with a data breach.

Request a free quote

CREST-CBEST-STAR

Threat Intelligence

The Cyber Threat Assessment (CTA) would provide a general outline of the information currently available on the internet about a client’s organisation and employees. In order to collate that information, Nettitude will search a variety of information repositories, both publicly available and paid for services, to understand the organisation’s current level of exposure.

Typical information that can be collated and may be used in leverage of a cyber-attack may include:

  • Names of family members
  • Addresses
  • Birthdays
  • Email addresses

Also, company specific data such as the system software that they use, supplier relationships or a list of third parties that they do business with. Some companies will also be mentioned in discussions on the ‘Dark Web’. Those references will be clearly identified, as will the context around which information exists. The net result is a two to three page CTA document with a consolidated overview of the information found, including a general insight into the possible threat actors that could target their specific industry.

Network Activity Review

To fully understand the current network user, application activity and the associated risk as part of the Cyber Threat Assessment, a technical level monitoring of the environment is required. This is achieved by placing a monitoring device within the customer environment. This device listens to the traffic within the environment and can identify all traffic, applications, SaaS use and potential security threats including zero day exploits.

This device will sit on the network for one to two weeks gathering data, it will not impact availability or performance. During this time the customer has full access to the management interface of the device and will be able to start developing a picture around the activity and remediating any urgent issues.

In order to generate the technical report a small statistics file is collected (via the management interface) and provided to Nettitude. No personal identifying information such as employee names or IP address data is held within this file, the report will include:

  • Applications in use, and the potential risks to exposure
  • Specific details on ways adversaries are attempting to breach your network
  • Comparison data for your organisation, versus your industry peers
  • Key areas to focus on for reducing your organisation’s risk exposure

Governance Review

Nettitude will provide an experienced senior security consultant onsite to raise the understanding and profile of risk around their data and systems by assessing the organisations security posture to determine an appropriate strategy and action plan for improvement.

The high level security review will be conducted in order to establish what is important to the organisation, understand how the organisation is currently protecting itself and agreed areas to improve the security posture through technology, process, documentation or business process change and ensure that the right oversight and protection is being enforced, managed and monitored within the company.

The review will look into the following areas:

  • Architecture and network design
  • Firewall rule base management
  • Server build and configuration
  • Data retention and archiving policy
  • Encryption protocols, certificates and secure data transmission over the internet
  • Vulnerability and patching status
  • Network protection and security services (such as IPS/ NTP)
  • Email, mobile services and proxy service configuration
  • User devices (including BYOD)
  • Authentication mechanisms and role based access controls (RBAC)
  • Third party involvement
  • Physical hosting status / responsibilities
  • Activity logging and forensics readiness
  • Procedures (including incident response, acceptable use, user training, risk)
  • Internal testing events / practices

Deliverables and Output

Nettitude will look to present a holistic set of recommendations and remediation advice and guidance for moving forwards. This will be detailed in the form of a roadmap document. This will enable the organisation to prioritise any remediation tasks and work required. Nettitude is always keen to debrief these reports and will always provide clear guidance around the suggested actions. As well as the technical detail and recommendations, Nettitude will provide strong guidance around the overall risk and processes to manage the threats that exist in today’s modern cyber-environment.

All findings will also be presented back to the customer in the form of a strategy debrief. This allows senior management to understand why security should be a focus, for the organisation, what they are currently doing, where their vulnerabilities currently lie and how they may be targeted and most importantly, which controls they should focus on as part of their forthcoming cyber strategy.