Defend your systems against any attack with layered cyber defence measures
Businesses need to be equipped with layered cyber defence tools and ongoing maintenance services in order to strengthen their ability to prevent a cyber incident. That’s why our information security defence strategies are continuously evaluated, updated, and improved– because we want to ensure our clients have the best-in-breed.
Consider other security measures – why have a home alarm system when your door is locked and you have bars on your windows? Because when a cyber criminal infiltrates your system, you need to know about it. Hence why it’s critical to think about layered defences when it comes to information security. Particularly when dealing with the world of cyber crime.
Services on this page
Mini-Pen Testing
Mini-pen tests are effective in finding saved passwords for online services, including executive personal logins, banking information, and supplier accounts. These tests also identify an attackers’ ability to move freely throughout the network after accessing a computer.
Essentially, all of this means that an organization could be a single click away from being fully compromised. Therefore it’s critical your information security and safeguards minimize potential harm in the event of unauthorized access by an attacker.
Unfortunately, organizations don’t know how easy it would be for an attacker to access confidential information. Or how easy it would be for them to move throughout the network environment after compromising a system. That being said, full-blown penetration tests can be cost prohibitive (starting at $10K USD with increases according to the environment complexity).
Organizations should regularly conduct mini-pen tests to identify inadequately protected resources. Such as incorrect permissions, saved passwords unrestricted remote access, etc.
Improve cyber defences and protections to limit damage if an attacker does gain access.
Microsoft 365 Security Analysis
Scans reveal incorrectly configured tenants and temporary changes made by IT for troubleshooting that were never reversed. Consequently, these oversights can pose significant security risks if left unchecked. Therefore, by regularly checking for inconsistencies, ongoing protection can be ensured, and systems can be safeguarded against potential threats while maintaining system integrity. This also means regularly informing management and employees of policies designed to safeguard both the organization. Including scheduled reviews and updates, to ensure continual adherence to compliance requirements.
As businesses evolve and grow, software platforms, devices, employee roles, vendors and clients are introduced or modified.
Inadvertently, these “normal” changes impact the accuracy of existing security policies.
Scheduled reviews of, and updates to, security policies to ensure they are keeping up with the changing business and threat landscape.
Management and employees are kept aware of policies intended to protect them and the business. In addition, scheduled reviews and updates ensures ongoing compliance requirements.
Internal Vulnerability Analysis
Vulnerability analyses reveal issues such as unauthorized devices connected to networks and user account vulnerabilities. Beneficially, the detection of these issues early on enables prompt resolution, mitigating potential security breaches and data compromise. Therefore, vulnerabilities can be identified and resolved without incident, prior to the next scheduled compliance review.
Vulnerabilities can be introduced to a network in a number of ways, including failed automatic updates with no notifications. Including infrastructure equipment such as firewalls, switches, printers, etc., which may not update automatically. Unintentionally, planned changes within a company’s environment can introduce vulnerabilities. As well, administrator password rotation can fail without notice.
Conduct automatic scheduled vulnerability monitoring to identify configuration issues and/or missing security updates.
Ensure the latest security patches are in place – thus reducing your cyber risk, as well as maintain compliance with cyber insurance requirements and any applicable standards.
External Vulnerability Analysis
When we first ran an external scan on ourselves many years ago, we kept finding a device exposed on our network. Alarmingly, it didn’t match any known address nor did the equipment manufacturer match any of our equipment. So we were very concerned.
We successfully tracked the problem to a default “wildcard” record previously created by our domain registrar. As it turns out, we didn’t have a vulnerability because the record was pointing to the registrar’s own resources. But, we were still concerned about possible fraudulent activities tied to our domain. So we removed the rogue record, informed the registrar of their vulnerability, and recommended that they change their default practices.
Organizations may not be aware of how exposed their organization may be from the outside when it comes to their network and cloud resources.
Conduct automatic scheduled external vulnerability monitoring to identify exposures that could create an opportunity for an attacker to access your resources.
Remediate any found vulnerabilities before they’re exploited.
Administrative Group Change Reporting
We immediately investigated alarming alerts for new administrative accounts being created in an organization. Fortunately, they were legitimate because an approved new application had required dedicated admin access. But if the application had not been approved, the account would have been immediately disabled for security purposes. So this example outlines the effectiveness of thorough approval processes and the necessity of dedicated administrative access for certain applications.
When criminals gain control of resources, they then create an administrative account that only they can control. So because they aren’t using a main admin account, they essentially have covert privileges to access data.
Monitor for changes to administrative account groups. Changes made to an administrative account will then be flagged and/or have an alert generated accordingly.
Detected account changes can be investigated and subsequently be disabled if the change was unauthorized.