|
Cyber Security Services The service offering is a holistic approach; however, each of the four individual services can be sold and delivered. Additionally, the engagements will be sold on a short term (transactional), long term (staff augmentation) or retainer basis. Below is a description of the four individual services and an overview of the complete solution. Live Media Analysis - In order to provide reliable and immediate incident response, live memory on a potentially compromised machine needs to be analyzed immediately to identify open network sessions, open ports, running processes, alternate data streams and other critical data necessary to develop a mitigation response. Our consultants are trained to discover essential elements of system data, such as: Running Processes; Passwords; Rootkits & Trojans; Active Ports and Data Streams; and Registry Information. In order to provide the best and most comprehensive support to our customers, we use industry recognized open source tools, internally developed tools and commercially available licensed software to provide complete memory analysis. Digital Media Analysis - After identifying a compromised system, it is essential to perform an immediate computer forensic analysis of all the digital media devices, to include, internal hard disk, external hard disks, USB devices (MP3 players, digital camera) and other digital media formats (DVD, CD, etc). Our consultants are expertly trained on industry recognized computer forensic software, Access Data FTK and Guidance Software EnCase. All forensic handling, acquisition and analysis is conducted and documented with proper chain of custody and in a forensically sound, court approved methodology. We do this to protect the data and our customers in the event the data is required for prosecution, litigation or for law enforcement use. We have a full service digital media analysis and computer forensics lab in our DC Metro office. Here we have full data acquisition, restoration and analysis capabilities using modern computer forensic hardware and software. The lab is protected by two form access controls and each customer's data and equipment is stored in an individual safe or independently locking safe drawer. Access to all customer stored data is done using proper chain of custody forms as well as through two person integrity, where no one individual has the ability to open any one combination. Network Intrusion Analysis - Our consultants are trained to conduct network intrusion analysis in an investigative and intelligence gathering fashion. This proprietary methodology allows our consultants to be extremely successful despite the infrastructure differences encountered from customer to customer. We will collect and monitor all necessary computer, network and security system log files in order to determine nefarious and targeted attack activity. Additionally, our consultants are fluent with several cutting edge products, such as, NetWitness, Silent Runner, Cloud Shied DPI and Netscout Sniffer, in order to provide best in breed cyber security response. Malicious Code Analysis - Once the systems have been analyzed to identify malicious code (malware), immediate analysis will need to be conducted in order to determine back channel communication information, open ports, registry changes and loaded drivers. This information will provide immediate support for network defense activities and mitigation control development for the enterprise. As with the digital media analysis, we include a full analysis of collected malicious code at our Malware Lab at no additional cost to the customer. With this, we will identify any key information on how the malcode works based on ports used, drivers loaded, file modifications, injected libraries, called API's and any other traffic indicators. Thorough analysis is conducted using commercially licensed Ida Pro from Hex Rays. With this product, we thoroughly test open source and develop custom plug-ins for Ida Pro to provide fast, through and reliable analysis for our customers. This collection of industry leading cyber security services is designed to create a holistic cycle to appropriately and completely mitigate network intrusions. By performing these four actions immediately in order to collect actionable intelligence that will provide enhanced situational awareness, greater mitigation controls and a tighter computer network defense posture. We provide additional deep dive analysis to assist our customers fully understand the scope and impact of the intrusion. |
