Continuous Penetration Testing



Similar documents
Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Presented by Evan Sylvester, CISSP

How To Test For Security On A Network Without Being Hacked

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Covert Operations: Kill Chain Actions using Security Analytics

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Shellshock. Oz Elisyan & Maxim Zavodchik

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

ESKISP Manage security testing

How To Choose the Right Vendor Information you need to select the IT Security Testing vendor that is right for you.

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Lumension Endpoint Management and Security Suite

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

CA Vulnerability Manager r8.3

Department of Homeland Security

Protecting against cyber threats and security breaches

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Information Security Organizations trends are becoming increasingly reliant upon information technology in

What is Penetration Testing?

Review: McAfee Vulnerability Manager

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Social Engineering Toolkit

PCI-DSS Penetration Testing

N-Dimension Solutions Cyber Security for Utilities

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

End-to-End Application Security from the Cloud

Qualys Scanning for PCI Devices University of Minnesota

Cisco Security Optimization Service

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Continuous Network Monitoring

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Cautela Labs Cloud Agile. Secured.

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Penetration Testing Report Client: Business Solutions June 15 th 2015

(BDT) BDT/POL/CYB/Circular

Payment Card Industry (PCI) Penetration Testing Standard

Enterprise-Grade Security from the Cloud

Case Study: Security Implementation for a Convenience Store Retailer

Speed Up Incident Response with Actionable Forensic Analytics

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Security. Security consulting and Integration: Definition and Deliverables. Introduction

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

Security Testing for Web Applications and Network Resources. (Banking).

rating of 5 out 5 stars

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Response to Questions CML Managed Information Security

Web Application Security

Penetration testing & Ethical Hacking. Security Week 2014

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Attacks from the Inside

Vulnerability Management

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

Sample Vulnerability Management Policy

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

UBIqube: guide de démarrage. UBIqube : starter guide. Setting up a vulnerability assessment profile. April / 7

White Paper The Dynamic Nature of Virtualization Security

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

Devising a Server Protection Strategy with Trend Micro

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

The HoneyNet Project Scan Of The Month Scan 27

2011 Forrester Research, Inc. Reproduction Prohibited

Caretower s SIEM Managed Security Services

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Devising a Server Protection Strategy with Trend Micro

Information Technology Security Review April 16, 2012

Security Event Management. February 7, 2007 (Revision 5)

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Hackers are here. Where are you?

Web Applications The Hacker s New Target

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

KEY STEPS FOLLOWING A DATA BREACH

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

Security and Vulnerability Testing How critical it is?

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10

Security Management. Keeping the IT Security Administrator Busy

Pentests more than just using the proper tools

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Attack Intelligence: Why It Matters

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Pentests more than just using the proper tools

E-SPIN PCI Compliancy Solution

Metasploit The Elixir of Network Security

About Effective Penetration Testing Methodology

Cyber Security Management

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

FERPA: Data & Transport Security Best Practices

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Transcription:

Continuous Penetration Testing SyCom Technologies

1.0 Continuous Penetration Testing Imagine a service that continuously monitors and reports on any new threats that emerge real time and provides a tactical picture of your current security posture 24/7. It can track existing vulnerabilities, map penetration test findings to actual solutions and monitor projects to ensure that they are delivered and not forgotten. Current penetration testing creates a security posture snapshot once a year. Regulatory compliance often dictates when Penetration Tests should be conducted. An example of regulatory compliance is PCI-DSS, which calls for Penetration Testing once a year and vulnerability assessments quarterly. Penetration Testing is evolving to become more than just a snapshot once a year. New and advanced methods of testing are being employed to help organizations maintain a constant tactical view. The old mantra is test when you change. But what if the world around you changes and thus makes you vulnerable? How do you know when this happens? Your systems could be vulnerable for a full 364 days before the next test discovers a problem. The future of Penetration Testing lies in the detection of a new threat surface automatically. Not only can it test and detect emerging threats and vulnerabilities before attackers can exploit them, but it can produce and send a remediation plan can be available to the CIO within hours. An expansion of this would be to conduct the mitigation overnight, perhaps securing a temporary bandage, until all threats have been reviewed. A combat team consisting of virtual machines, botnet scripts, communications servers, content delivery network and a vulnerability scanner is placed in the battlefield combat arena. Fig 1.1 An example of a combat team in the cloud.

Darren Manners Tel: 276 639 9575 dmanners@sycomtech.com This technology will automatically scan an IP address range, take input from various devices and identifying changes in web application security postures, new ports and IP addresses, and emerging threat vectors. This service (CPT) will send emails and simulate an advanced phishing/spear phishing campaign. Simply provide the emails and the duration/time events and an advanced attack will be simulated. Statistics will be provided and our remote botnet will also do post exploitation and gather further credentials/data for post examination and notification. Notifications are sent when a user clicks on the link and is exploited. Detection training is offered to response teams. Tailored training is offered when the user clicks the link. In this scenario, if a user clicks on the link, rather than be exploited, they are told how they were tricked, giving instant feedback. Using the attackers tools against them to protect IT systems and infrastructure, the continuous Penetration Test utilizes botnet technology to report, identify and test systems that attackers currently use to break into them. Expand this with 24 hour monitoring and engineer escalation to some of the industries leading certified Penetration Testers and you have a potential to find the threat before it is exploitable. Other available options include 24 hour monitoring, engineer escalation and remediation services Fig 1.2 An example of a combat team detecting a new IP address SyCom Technology Continuous Penetration Testing 3

1.1 So how does this work? An initial external Penetration Test is performed against an organization. The results are returned to the organization and SyCom Technologies can validate the findings of the initial Penetration Test and assist with remediation. The results are also fed back into our 24-hour network operation center (NOC) where a botnet is created specifically for your organization. The Botnet carries a number of automated Bots that perform various tasks. Ice Hole Ice-Hole is an email phishing program. Ice-Hole is stationed in the cloud. It can send scheduled emails as a particular user/users to a number of predefined emails. It will use a variety of templates and can target users based upon device (i.e. from a smart phone or desktop). It can even carry a payload and if clicked, will create a reverse shell back to the attacker. Then an attack bot will go to work on it. Org Scan Bots Scan Bots automatically scan the IP address range of the organization looking for new IP addresses. It will conduct an initial port scan of the newly found IP address. It will report the new IP address and any new ports discovered to the monitoring channel. Monitor Bots Monitor Bots take the input of the Scan Bots and continuously monitor the organizations securely hosted channel, looking for changes in the external security posture. Threats are passed to the Attack Bots to test. A human is now aware that a new threat exists and begins an initial assessment of the threat. Policy Bots A Policy Bot will be the decider of what to do when queried by an attack bot. Based on the organizations policy, the attack may or may not be filtered through. Attack Bots An Attack Bot will first query the Policy Bot on whether it is allowed to test the newly found threat surface. If allowed, it will automatically launch an attack based upon the service/port and other mitigating information found. It will then pass its results to the securely hosted IRC threat channel. The human operator will monitor the automated attack and begin the threat analysis statement.

Darren Manners Tel: 276 639 9575 dmanners@sycomtech.com Human Bot The human factor is not removed. Although technology can help, a human operator is monitoring the secure IRC channel 24/7. Once the initial testing is completed a human will create a threat assessment. The Service Level Agreement (SLA) will dictate how quickly the report is received in the inbox of the organizations security team. The SLA will also dictate how much depth and threat that SyCom Technologies can perform automatically. SLA s can range from escalating threats to remediation teams as quickly as possible or create a meeting to identify the best course of action based on the new threat data. Response speed can be customized for each organization. The Human Bot can also escalate the threat finding. Confirmation and threat assessment involves more than one Human Bot. As the threat increases so do the level of attention, seniority of engineers and escalation. We pride ourselves at SyCom on our skill set and training. We can provide review by top certified Penetration Testers within minutes, if the SLA allows. The Continuous Penetration Test also conducts a daily vulnerability assessment. The Initial Penetration Test results are stored, and any new vulnerabilities or threats are reported. The organization can request an ondemand scan more than once a week to review changes needed. The test can also be reviewed by a QSA to meet PCI requirements. SyCom Technology Continuous Penetration Testing 5

Fig 1.1 The Initial Creation of the Organizational Botnet

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information