INDICATORS OF COMPROMISE ASSESSMENT
Indicators of compromise (IOC’s) are observable artifacts on a network or operating system that gives high probability of a computer intrusion. IOC’s are part of incident response and forensics process to get the early warning signs in case of a potential attack and gives you time to respond to them effectively.
Isecurion’s security team analyzes your environment to understand the potential threat landscape you can be exposed to and help you establish the indicators of compromise through your SIEM program or ad hoc analysis of IOC’s in your environment through comprehensive scanning and analysis.
Increased visibility of your environment and potential threat activities.
Early detection of threat actors in your environment.
Increased response time and minimal impact.
Increased efficiency of your incident response Program.
Identification of potential threats already existing in your environment.
Assurance to client and business partners that you have an effective incident response program.
INDICATORS OF COMPROMISE ASSESSMENT(ICA)
Indicators of compromise program mainly focuses on two Types of Assessment. Our first type of assessment is basically focused on helping organizations establish indicators of compromise applicable for their environment. The second type of assessment is performed by conducting a thorough scanning of the environment to identify potential indicators of compromise. Our methodology for security Assessment is based on is based on the following approach.
Environment Review
We do a comprehensive review of the client’s environment to analyze and create list of IOC’s that are applicable for their environment.
Network Topology Review.
Baseline Network Traffic Review.
Understand network and systems security policies.
Identify ingress and egress points.
Establish IOC
We help in segregating IOC based on their application to the environment and categorizing them under.
Network.
Systems.
Application.
Malware domains.
Network Domain
Network Domain Categories
Unusual Outbound Network Traffic.
Geographical Irregularities.
DNS Request Anomalies.
Mismatched Port-Application Traffic.
Suspicious c2c traffic.
System
Anomalies In Privileged User Account Activity.
Suspicious Registry Or System File Changes.
Suspicious listening ports.
Application
Increased file transfer.
Swells In Database Read Volume.
Large Numbers Of Requests For The Same File.
Malware
Struxnet malware IOC.
Flame Malware IOC.
We provides comprehensive report detailing applied IOC’s for your environment, details of threats and remediation action.
APT Assessment
Advanced Persistent Threats (APT) is a threat in the form of a highly skilled motivated attacker with determined objectives to cause Intellectual property, reputation and financial and data loss for the targeted organization. To pursue its objective APT operates over an extensive period of time on the targeted organizations environment by resisting its sophisticated security mechanisms.
Isecurion’s APT Assessment helps in identifying, containing and eradicating these sophisticated threats from your environment. We also help organizations in identifying the missing controls and provide them support to build necessary defensive controls and expertise against such attacks in future.
Helps organizations access their preparedness against APT attacks.
Identifies existing vulnerabilities and control gaps that can be used for APT attacks.
Enhancing your existing policies, processes and standards and match them against Industry best practices.
Quick response in proactively identifying and containing such attacks.
Assurance to client and business partners that your environment is secure against APT attacks.
Get comprehensive report of findings and recommendations for clients and business partners.
We use a methodical approach in analyzing the APT lifecycle and conducting a series of analysis in each phase to identify, contain and eradicate the APT. The methodology covers the following categories detailing the APT lifecycle phases and necessary analysis conducted by our team.
We use a methodical approach in analyzing the APT lifecycle and conducting a series of analysis in each phase to identify, contain and eradicate the APT. The methodology covers the following categories detailing the APT lifecycle phases and necessary analysis conducted by our team.
Initial compromise:
In this phase the attacker usually uses spear phishing or watering hole attacks through zero-day exploits and malwares for initial compromise. Lemuria Infosec team helps in investigating such attacks and identifying potential breach due to such attacks .We also provide support in verifying the effectiveness of email and web content filtering systems which are first level of defense against such attacks.
Establish Foothold:
In this phase the attacker basically establishes backdoor or covert channel to outside network for getting additional payloads and C2C operations. Lemuria Infosec team helps in identifying such covert channels .We also provide support in verifying the effectiveness of additional security controls for defense against such attacks.
Escalate Privileges:
In this phase the attacker basically tries to elevate its privileges using 0-day or unpatched exploits. Lemuria Infosec team helps in identifying potential indicators of privilege escalation and tests the effectiveness of additional security controls like SIEM and change monitoring controls for defense against such attacks.
Internal Reconnaissance:
In this phase the attacker does information gathering for high value targets and critical data flow in the Network. Lemuria Infosec team helps in identifying potential indicators of compromise and tests the effectiveness of security controls for defense against such attacks.
Move Laterally:
In this phase the attacker expands its control on high value targets and critical data and begins data harvesting Lemuria Infosec team helps in identifying potential indicators of compromise through data movement to unauthorized mediums and correlate events to identify the potential threat.
Maintain:
In this phase the attacker configures it control to maintain access on the compromised systems for extensive control on the network over long periods of time. Lemuria Infosec team helps in identifying the compromised systems and eradicating the threats.
Complete Mission:
In is one of the important phases in which the attacker begins exfiltration of the data through covert mechanism, bypassing the security controls. Lemuria Infosec team helps in identifying these covert channels and cleaning them. We also provide support in establishing stronger control to mitigate such attacks in future. The effectiveness of defending against any APT attacks is mainly dependent on clients own Information Security, Data Protection, SIEM & Security Incident Management training and awareness Programs.