Security Assessment Services

CTI with its partner, FireEye, and FireEye’s security service division, Mandiant, provides a combination of expertise, technology and targeted, relevant intelligence to help clients understand and resolve specific security challenges. We accomplish this goal by offering five highly focused security assessments.

  1. Incident Readiness Planning Service
  2. Vulnerability Assessment Service
  3. Breach Detection Service
  4. Digital Forensics Service
  5. Security Investment Optimization Service

Incident Readiness Planning Service

We use a comprehensive set of requirements to identify and baseline a client’s current incident response program against industry best practices and practical use. The methodology:

Gap Analysis

  • Determine the maturity level of the existing IR program
  • Overlay plan components with recommended best practices
  • Identify and document gaps in existing processes, skill sets, and tools

Global IR Policy

  • Create or refine existing IR policy
  • Establish executive sponsorship for policy
  • Create communication plan for policy compliance

Threat Detection

  • Establish a comprehensive threat-detection capability
  • Determine incident types and severity levels
  • Define an incident reporting matrix

Roles and Responsibilities

  • Create a roles and responsibilities hierarchy that complies with IR policy requirements
  • Document a communication plan

Incident Handling Procedures

  • Establish incident handling procedures for each incident type
  • Document evidence collection best practices
  • Create a competent chain of custody process

Deliverables

We provide a documented gap analysis of the client’s current incident response program, along with recommendations for skillsets, procedures, and tools to improve their incident response capabilities. We also provides a complete incident response policy and plan for the client, including the documented components described above.

Vulnerability Assessment Service External Network or Internal Network Assessment

The External Network Assessment Service is an end-to-end evaluation of the client’s external or internal network with the goal of illuminating and leveraging vulnerabilities in Internet-facing systems. We begin by discovering hosts, ports, services, and operating systems. Leveraging discovered network and host vulnerabilities, we then attempts to compromise those vulnerabilities, escalate privileges, and propagate through the environment to illustrate the overall impact of a perimeter breach. The Methodology for the Network Assessment Service consists of:

Footprinting (External Network only)

  • Utilize multiple databases to discover and validate network ownership
  • Leverage open source intelligence (OSINT) to identify information that will assist in targeting the environment

Host Discovery

  • Apply industry-standard tools to efficiently discover hosts
  • Exercise various protocols to elicit responses from hosts

Port and Service Enumeration

  • Employ commercial, open source, and custom tools to discover ports and services

Operating System and Software Enumeration

  • Enumerate operating systems and software to analyze and convey the attack surface area

Vulnerability Identification and Exploitation

  • Discover vulnerabilities and misconfigurations in network topology and Internet-accessible systems
  • Use exploitable vulnerabilities to gain access to systems that can be leveraged to access additional systems in the DMZ (demilitarized zone) or internal network or to obtain sensitive information

Escalation and Propagation

  • Identify insecure configurations that allow an attacker to escalate privileges and to propagate toother systems in the DMZ and/or internal network
  • Use these methods to gain further access into the environment to identify and demonstrate additional security risks

Deliverables

We provide a report that details how the organization would stand up against a targeted attack. The report also includes recommendations for mitigating threats and resolving vulnerabilities that can be exploited by a determined attacker.

Breach Detection Service

Using advanced threat detection tools, our cyber-threat investigators analyze servers and end-node environments for indicators of compromise. The Methodology:

Engagement Strategy Planning

  • Identify critical assets
  • Determine end nodes within scope
  • Schedule end node evidence collection

End Node Evidence Collection

  • Deploy tools to capture required evidence
  • Collect and correlate collected evidence
  • Perform initial triage

Compromise Assessment

  • Identify and classify indicators of compromise
  • Perform timeline analysis
  • Document required containment and remediation steps

Reporting

  • Document findings
  • Publish a detailed timeline
  • Provide tactical and strategic recommendations

Deliverables

Our cyber-threat investigators will determine if there are any previously undetected threats in the environment. If any threats are identified, we provide expert advice on containment and remediation efforts. We also provide a detailed cyber-threat assessment report at the end of the engagement documenting the results and recommendations from the assessment.

Digital Forensics Service

We will perform a digital forensics investigation to gather and analyze evidence from a compromise while following proper evidence handling and chain of custody procedures.
The Methodology:

Host triage

  • Determine which digital devices require compromise analysis
  • Isolate those devices and protect them from evidence tampering
  • Scope the effort of device acquisition and analysis

Evidence acquisition

  • Follow required ‘best-evidence’ handling procedures
  • Place all devices in an approved chain of custody process
  • Acquire relevant evidence from each device

Evidence analysis

  • Perform evidence analysis tasks
  • Create an evidentiary timeline
  • Document findings

Deliverables

FireEye digital forensic experts will perform expert forensic analysis on the client’s digital assets and answer the tough questions. Evidence will be handled within an approved chain of custody process, and a detailed forensic report will be delivered at the end of the engagement.

Security Investment Optimization Service

Mature organizations have invested in a collection of security technologies but may not be maximizing their return on investment in those technologies. We study the client’s security technology to focus new spending on solutions that protect critical information assets against today’s dynamic threats. The Methodology:

  • Interview key technology sponsors to understand investment direction
  • Interview technology administrators and conduct hands-on review of products in use
  • Review long term licensing for optimization strategy
  • Assess the client’s security posture against the FireEye proprietary security protection architecture, based on best practices
  • Provide architecture and optimization recommendations

We review the client’s existing security products against the SANS common list of technologies and an exhaustive list of 18 product families covered by NIST 800-53. This review determines which products are consolidated appropriately, used effectively, and cover critical assets. We also reviews each protection measure against a 50+ point technology specifications architecture to determine the extent to which the security technologies are optimized for the client’s specific environment.

We review the client’s existing security products against the SANS common list of technologies and an exhaustive list of 18 product families covered by NIST 800-53. This review determines which products are consolidated appropriately, used effectively, and cover critical assets. We also review each protection measure against a 50+ point technology specifications architecture to determine the extent to which the security technologies are optimized for the client’s specific environment.

Top ↑