How safe do you want to be?
When it comes to protecting your investments, your customers and your staff do you want the basics or do you want to be able to withstand a significant level of adversary?
Now ok that’s a bit provocative and truth be told we love the idea of cyber essentials. Cyber essentials is a common standard that provides a solid foundation, it covers 5 capability areas which are:
- Malware Protection
- User Access Controls
- Secure Configuration
Cyber essentials is actually not easy to achieve, it has a hard stop requirement which requires you to patch all your devices where a critical vulnerability is known by the vendor within 14 days of release. This not only covers Operating systems and applications but also mobile devise. At the rate IOS releases come through you are going to need to speedy manual work or realistically you need to have a mobile device management solution (we use Microsoft Intune at PwnDefend).
So when we look at cyber essentials it covers 5 areas and asks ~35 key questions. So it’s a great starting baseline, and Cyber Essentials Plus also takes Cyber Essentials (which is a self-assessment which is reviewed) and adds a third party assessment. The core element to that is a vulnerability scan of the network and a build review.
So it’s a great baseline, a great entry point but it has it’s limitations, it doesn’t cover areas such as:
- Specific Configurations to help defend against known attack vectors used by human operated threat actors such as ransomware gangs.
- It doesn’t look at data protection outside of device encryption.
- It doesn’t go into the intricate details about active directory security, azure security or system control reviews.
So I might sound odd, on one hand I think it’s great as a starting point, but people should be aware it is just that. It’s a stepping stone to an increased strength security posture. But what if we wanted to go further?
Combating Modern Day Cyber Threats
Business of all shapes and sizes these days face a broad range of cyber threats which include:
- Business Email Compromise (BEC)
- Scams & Fraud
- Insider Threats
- Human Error
- Crypto Mining
- Data Theft
- Ransomware and Extortion
Seeing the broad range of threats with the realization of how poorly defended a large number of networks are can be concerning. When we look at the ransomware landscape you just need to open the mainstream news, let alone the security news and threat intelligence services to know that ransomware is a major global problem.
To this end we’ve designed services to build on top of the foundations of Cyber Essentials and to enable you to have:
- Better awareness of your technology landscape and your attack surface
- Greater control strength against common attack vectors
- Increased network visibility
- Improved response capabilities
Common Network Environments
Ok so every environment is unique so this is a generalization, but we’ll paint the picture of a common environment and scenarios we see all the time. Most organizations at their core operate an active directory domain (a forest or multiple forests etc.). As such we are going to focus here on the most common types of environments which include:
- Active Directory Domain Services
- Exchange Hybrid or Exchange Online Deployments
- SharePoint Services
- Line of Business Application Services
- Database Services
- Windows Servers and PC Devices
- Perimeter Firewalls
- Backup Services
How do we do it?
Our key principal of this services is that we want to know your network better than you know if yourself! To achieve this we run a range of activities, these include:
- Active Directory Audit and Security Review
- AD Operational Health check
- AD Security Review
- Network Discovery
- Vulnerability Scans and Assessment
- Attack Surface Mapping
- Sensitive Asset & Data Discovery (Crown Jewels Analysis)
- An active directory secure operations review
- Endpoint Security Review
- Firewall Audit
- Risky Egress Testing
- C2 Connection Testing
- Common Data Exfiltration Services Setting
- AD and Network lateral movement testing
- Monitoring, Detection and Response Testing
- An AD Password Audit
- And more
The key part here is we do a deep and thorough analysis of your environment which is focused on understanding your network and looking at common TTPs used by cybercriminals and looking for known weak configurations, risky deployment scenarios and simulating real world attack methods.
Going beyond just an assessment
Ok so far you may be saying, that’s great and you would love to know about all these things, but there’s bit of a challenge. Most organisations are already under significant business pressure to deliver new business functionality, keep services running (availability is key) and deliver critical functions such as end user support and enabling digital line of business transformation efforts. So we take this service a step further, we introduce managed remediation.
How does this work? Well what we do is a create a virtual security and remediation task force. We work with your teams to create an augmented task force that works with your change policies and processes to deploy agile yet controlled changes to improve your security posture. From areas such as group policy configurations, active directory secure configuration deployment, DNS hardening, LAPS and endpoint hardening. This way we not only give you visibility but we also enable you to fix the issues, improve your security posture yet keep your staff focused on delivering those new business solutions whilst we take care of some the foundation repairs for you.
Focusing on delivering security outcomes
We aren’t saying finding the misconfigurations, vulnerabilities and weaknesses is easy, it’s not, but the real challenge is actually enabling the change in manner that is:
- In line with your business
- Is in a controlled manner
- Helps protect against the commodity threats and the advanced persistent ones
The key here is to deliver security outcomes, enabling your business to operate safely and securely without causing additional security friction.
The core principles
So in short this service is:
- Focused on delivering business security outcomes
- Analyses and Understands
- Delivers Controlled and Managed Change
- We’ve got the tools, knwoeldge, experiance and motivation to drive change
- We’ve got years of experiance not only delivering projects but also managing change to enable security outcomes.
- We’ve got the war wounds, so we know where to tread carefully and how to deploy remedial activities in a safe and controlled manner
- We love to share our knowledge and experiances to enhance your teams capabilities, the more we share the better we support and enable your business
If you have a Windows Enterprise network that’s built on the foundations of Active Directory domain services and you want to have a guided security programme that not only identifies the issues but also remediates them, please contact the team and we will arrange a call where we can get to know you and your business, after all, it all starts with people, even in the digital security world.