CSS Cascade Menu by Css3Menu.com

CSS Cascade Menu by Css3Menu.com

INCIDENT RESPONSE

Cyber Diligence incident response teams are prepared to respond to a multitude of events, from data breaches involving organized criminal groups to counter-intelligence operations involving state-sponsored threats. We have the technical knowhow, experience, and technology to respond to any type of incident. Our specialists can quickly assess the situation and formulate an incident response plan. We can quickly deploy state-of-the-art incident response software and hardware to determine if an intrusion did actually occur. If probable cause exists that the network has been penetrated, we start deploying detection tools to determine what took place and how. We have a step by step incident response playbook to determine which systems are affected, how the attackers gained entry, and to identify their command and control facilities, etc. Once enough information is obtained, the next step is a total containment action where we cut the communication channels to the command and control servers and contain the incident. Next is the total remediation and eradication of the malware on the affected systems, followed by a period of monitoring to ensure that the threat is totally eliminated. We have responded to time-sensitive cases regarding network infiltrations ranging from those based on employee negligence to highly-orchestrated government sponsored attacks .

The human element is quite often overlooked in the IT security equation. Sensitive data can be compromised by insiders and outsiders, either with intent or inadvertently. It is simply not feasible to observe the behavior of every employee, and even the best of intentions can lead to a potential security breach. Our experiences have instilled in us the fact that any threat to an organization must be overpowered and neutralized.

Internal Threats

Perhaps the most serious threat to an organization's crown jewels originates from within. We separate internal threats into two separate categories: professional spies and employees who became rouge at some point. Investigation of authorized users’ unauthorized activity requires special tools and techniques. We have successfully investigated all forms of insider threats regardless of the sophistication of the adversary. When people in the industry speak about APTs, they neglect to mention the possibility of APTs infiltrating organizations not via cyber-attacks, but by placing professional spies as employees. This is an ever-present danger and, on several occasions, our investigations have revealed that we were not simply dealing with employee misconduct, but with a calculated set of actions taken by an extremely skilled adversary.

Our investigators truly have seen it all. We have successfully caught professional spies, as well as exonerated wrongfully accused employees. We have seen an employee working at a research and development section of a company launching attacks from his workstation on other researchers’ workstations to gain access to their programs and models. We have seen an employee installing key loggers to other employees’ workstations. This broad range of situations has made us experienced, skilled, and well-equipped to deal with any form of internal threat regardless of the sophistication of the suspect.

The most typical internal threat, however, is the employee's desire to gain a competitive advantage on the marketplace or to attain a more favorable employment. The theft of intellectual property is a mission that can easily be completed, often by copying someone else’s idea or product, or stealing a company’s crown jewels. Organizations are generally ill-equipped to detect unauthorized activity by an authorized user. The vast majority of internal misconduct simply goes undetected. Those cases that do get detected are generally identified either accidentally, or when it is too late. An employee may have a planned course of action to steal data over a long period of time or, more commonly, begin copying sensitive data near their date of departure from the firm. Theft of intellectual property can reap terrible consequences for an organization, especially if the data reaches a competitor. Our investigators have consistently uncovered evidence of theft of intellectual property and trade secrets where the perpetrator(s) used advanced tools to conceal their actions.

External Threats

Organizations face high-technology threats on a daily basis. There are common attack vectors used in these types of attacks from external threats: phishing attacks involve cloned websites designed [by data thieves] to extract confidential information from employees, social engineering tactics are designed to manipulate employees into disclosing private data, and employee smart phones, used as doors to your network, can be utilized to compromise critical systems. Many a time, firms may be faced with a rather formidable adversary carrying out these attacks. These threats can range from “script kiddies” to organized criminal groups and Advanced Persistent Threats (APTs).

We at Cyber Diligence were combatting APT's far before the term ‘APT’ was created. At the time, we called them "sophisticated adversaries" and our founder Mr. Demirkaya has lectured and published on the subject as early as 2001 warning industry professionals on the growing trend of organized and government-backed adversaries. We have responded to many intrusions where we quickly identified that an APT was behind the attack. The intention of an APT attack is to steal sensitive data rather than cause damage to the network or organization. Usually, APT attacks target organizations with a high volume of sensitive data, such as national defense, manufacturing and financial industries. These attacks are carried out not by lone individuals, but by government entities, criminal organizations, and even terrorist groups; these groups have powerful incentives to infiltrate key business networks. The Cyber Diligence incident response team is quick to deploy our tools and vast knowledgebase to provide an overwhelming reaction to combat these threats. What makes APT's rather formidable is not necessarily the sophistication of their attack tactics but their persistence. If they are discovered and thrown out of the network, they will not give up. They will come back. Unlike many incident response firms, we do not simply disengage after the threat is eradicated. Once we uncover what happened and how it happened, we will deploy countermeasures to insure that it will not happen again. We have the knowledge and technical knowhow to make a computer impenetrable. Such drastic measures are often not needed, however, if necessary, we can secure a network to such a level that no APT will be able to successfully penetrate it.