Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Introduction
The world of technology moves quickly, and in the case of cyber threats, the threat landscape has changed almost completely in the last decade. Where once the biggest threats were opportunistic attackers and preventable accidents, attacks are increasingly targeted at specific organisations, with the aim of achieving specific goals.
Those goals might be to cause financial or reputational damage, to steal confidential information, or to advance a political cause and the attackers might be hostile nation-states, organised criminal enterprises, political “hacktivists” or disgruntled employees.
Such attacks require both public and private sectors to take a different approach to their cyber security posture and strategy. The consequences of a successful cyber-attack are well known, so having an effective program of risk reduction and response is no longer optional.
Targeted attacks are often tailored to the particular defences of the organisation under attack, rendering conventional technical security measures ineffective. For this reason, it is now critical for organisations to have an understanding of how the new threat landscape relates to their own unique circumstances, and to take action to improve their cyber resilience.
NCC Group’s Cyber Resilience and Incident Response services help you prepare, assess, and maintain your cyber security systems, and respond to the threats you face.
Drawing on the experience of our cyber risk professionals, incident response experts and technical security consultancy teams, we help clients to:
• Understand their current cyber posture
• Contain and mitigate any breach
• Understand ongoing risk and develop a strategic roadmap to improve overall cyber security maturity
Cyber Resilience and Response 2All Rights Reserved. © NCC Group 2015
Cyber resilience goes beyond risk management and tactical technical solutions, requiring a holistic view of systems and processes to prepare for the reality of cyber incidents.
Cyber Resilience and Response 3All Rights Reserved. © NCC Group 2015
Review
Prepare
MaintainRespond
Assess
What should your organisation do?
Cyber Resilience and Response 4
Believing that an incident could happen at any time will enable better preparedness.
Accepting that cyber incidents will happen means that your organisation will be ready to respond when a breach occurs or is detected, allowing you to take the correct course of action to return to business as usual.
To ensure comprehensive coverage, cyber resilience must be embedded in an organisation and become an everyday consideration, not just a one-off project. It is important to adopt the mindset that while total security is unachievable, risk is manageable when an eventual breach is planned for.
Improving your overall security posture may seem like a daunting task. Our cyber resilience and incident response framework enables you to develop a strategy to suit your organisation. Our framework takes you through the key areas you need to consider to put together an approach that works for you.
Our services range from executive engagement and strategy development, through to education and awareness, incident management, and remediation.
Our global team of over 400 experienced consultants are on hand to help organisations plan for and respond to a variety of cyber risks. Our strength in depth and unique set of skills mean we can respond to incidents of all sizes, even those with challenging timescales and technical requirements.
With best-of-breed solutions and tools, and the expertise of our intrusion response specialists, we are constantly evolving our capabilities to meet our clients’ demand for robust cyber security.
All Rights Reserved. © NCC Group 2015
Executive Steps to Cyber Security
Cyber and Incident Response Strategy & Planning
Board Level Training
Cyber Security Capability Assessment/Health Check
Policy Maturity Review
Sophisticated Simulated Attack (Red Team)
Investigative Protective Monitoring & Logging Review
Cyber Security Diagnostics
How we can help
Cyber Resilience and Response 5
Prepare Assess Maintain Respond Review
Host, Network & Forensics Readiness Training
Ongoing Consulting and Managed Services
Proactive Network Monitoring
Incident Response Management
Investigate & Remediate
Impact Understanding & Quantification
Managed Services
Malware Analysis & Reverse Engineering
Host Forensics & Network Monitoring
Mitigation & Recovery Assistance
Log Analysis
Information & Threat Intelligence Sharing Partnerships
Post Incident Analysis: Threat Impact & Loss Review
Lessons Learned: Action Identification & Knowledge Dissemination
All Rights Reserved. © NCC Group 2015
Proactive Risk Management
Your organisation’s cyber risk strategy must be driven from the board level. Focusing on technology is not enough; security must be an integral part of your core business governance strategy.
Proactive risk management enables you to integrate cyber security into every aspect of your organisation.
Embedding cyber security into the organisational governance and control framework of any business is the starting point for the design, development, and delivery of a forward-looking strategy.
NCC Group’s cyber resilience services will help you to develop an understanding of your current capabilities, the threats faced, and the vulnerabilities present in your systems, with the goal of developing an organisation that is resilient to cyber threats.
Cyber & Incident Response Strategy Planning
If you don’t have an in-depth security strategy, then you need to know where you should focus your investment and what your security priorities should look like in the short, medium, and long term.
Our security strategy advisory service is based on four objectives:
1. Getting the basics right
2. Identifying and protecting what matters most to your business
3. Strengthening leadership and governance
4. Pioneering security as a business enabler
Cyber Security Capability Health Check
Our Cyber Security Capability Health Check helps organisations understand their risk posture and ability to defend against internal and external cyber threats. By taking a holistic view of people, processes, and technology, the health check enables organisations to understand their enterprise cyber security capabilities and highlight areas of risk in the context of the overall business. Actionable findings backed up with practical recommendations will enable your organisation to prioritise areas for remediation and result in your organisation becoming more vigilant and resilient in its approach to managing cyber threats.
Policy Maturity Review
Your organisation’s ability to manage cyber threats and vulnerabilities relies heavily on the existence of robust and mature security policies which define the security standards of your organisation in relation to staff behaviour, business, and technical processes. Keeping security policies aligned with your business direction and the evolving security threat landscape is challenging and, if not done correctly, can lead to data loss, breaches, and other security incidents.
We have the experience and capability to review your organisation’s existing security policies to ensure they reflect business and technical processes. We have the expertise to help you develop new policies which will be mature enough to address compliance gaps and meet industry best practice.
Cyber Resilience and Response 6All Rights Reserved. © NCC Group 2015
Prepare Assess Maintain
Sophisticated Simulated Attack (Red Team)
Performing a simulated attack on your organisation can be very valuable, allowing you to assess its susceptibility to a breach, its level of user awareness, and its detection and response capabilities. Our methods include open source intelligence gathering to identify targets, phishing campaigns to gain access to company credentials or systems, and the use of simulated malware (with harmless payloads) to retain access.
Alternatively, we can generate traffic on your internal network, originating from a simulated compromise, to assess your current ability to detect suspicious activity. We tailor our programme to the needs of your organisation, designed to identify and highlight gaps and ensure the robustness of your overall security posture.
Investigative Protective Monitoring & Logging Review
Would your current infrastructure and capabilities allow you to support investigations into an attack in a timely, accurate, and sufficiently deep manner? NCC Group’s cyber incident response and defence operations experts can review your organisation’s current capabilities, any gaps against particular threat types and your current level of maturity.
Cyber Security Diagnostics
Our consultants will undertake a broad review of your cyber security controls and capabilities to enable you to understand your risk posture and ability to defend against internal and external threats. The review will take a rounded view of people, processes, and technology, to understand areas of vulnerability and prioritise areas for remediation.
Training
People are the weakest link in cyber security. If your organisation lacks relevant training and cultural awareness then technology will be of limited benefit in preventing or responding to cyber attacks.
We offer tailor-made training and awareness programmes relevant to your sector and level of maturity. From executive table top scenarios to phishing awareness our courses and experience are an important part of any risk reduction program.
Our technical training is intended for individuals who will undertake incident response activities within a particular organisation and centres around first responder activities for host forensics, network traffic investigations and malicious code analysis (malware).
Ongoing Consulting and Managed Services
As part of your organisation’s ongoing programme of improvement, our consulting and managed services teams provide a broad range of capabilities and offerings as needed, on top of your regular security assessments.
Cyber Resilience and Response 7All Rights Reserved. © NCC Group 2015
Prepare Assess Maintain
Cyber Resilience and Response 8All Rights Reserved. © NCC Group 2015
Incident Response
Even the best-prepared organisations still get attacked, and responding to those attacks is a crucial aspect of cyber resilience. NCC Group’s cyber incident response services provide step-by-step expert guidance to help you keep control of the situation.
Incident Management and Response
In the aftermath of a security incident you need a quick response and accurate insight. With our dedicated Incident Management and Response team, we help you find out what happened and how.
With our rapid incident response capability, we focus on helping your organisation to regain control of your systems and information promptly following a security incident.
Through a combination of evidence protection and forensically-sound investigation, our consultants can:
• Determine how the breach occurred, by understanding the initial vector of attack and compromise.
• Determine the capabilities and activity of a threat actor, and the extent of infiltration.
• Identify (where possible) who may be responsible.
• Categorise what was taken and when, to enable you to understand the loss.
Our 24-hour response team provide timely and accurate advice on how best to deal with a breach as soon as it is discovered.
Investigate & Remediate
We provide comprehensive investigation services using appropriate experts in gathering, analysing and presenting digital evidence. Our consultants have experience of a wide range of investigations, including traditional laboratory-based forensic analysis, network forensics, covert monitoring, and live host and memory forensics.
Impact Understanding & Quantification
We will work closely with you to investigate any breach, to help discover what happened, and allow you to understand the impact on your organisation and quantify any losses.
Managed Services
Our Cyber Defence Operations network sensors are deployed as part of a managed service, in which traffic on your network will be automatically monitored around the clock, with any unusual traffic compared to our extensive intelligence databases. Combining our own intelligence with industry-wide knowledge and data privately shared by partners, we identify indicators of compromise and unusual network traffic quickly and accurately.
Respond
Cyber Resilience and Response 9All Rights Reserved. © NCC Group 2015
Malware Analysis & Reverse Engineering
We have a dedicated malware investigations laboratory which enables us to analyse malicious code.
Our team of consultants will reverse-engineer the malware, to discover exactly what its effect is and what damage it has already done to any affected systems. Using sandboxed virtual or physical machines, configured to the same specification as client machines, our experts analyse the malware’s behaviour, allowing clients to secure their estates effectively.
Host Forensics
We provide you with cyber forensic investigation capabilities using appropriate experts in gathering, analysing and presenting digital evidence.
We collect forensic images of hosts, getting a forensically-sound copy of all data in both storage and volatile memory. Our consultants then analyse any information found, using industry-standard tools and platforms. We provide you with an accurate picture of what happened and when, in support of a broader investigation.
Network Monitoring
Sensors are deployed on your networks and managed by our Security Operation Centre through a secure connection. These sensors are used to perform live monitoring of unusual and potentially-malicious traffic, such as intrusion attempts, data egress and malware command and control traffic. Using secure systems and software developed in-house, we analyse your network traffic in real time, allowing our experts to recommend countermeasures to block malicious traffic while tracing the source.
Mitigation & Recovery Assistance
We provide you with knowledge and support in the eradication of a threat actor from your environment and in the subsequent effort to bolster your defences. This is a blended service combining high-level management with investigation, analysis, protective monitoring, advice and planning.
Log Analysis
Our consultants quickly and reliably assess available logs, as well as any intrusion detection and prevention systems already in place. We compare any traffic to previous attacks held in our intelligence databases to discover the extent of any compromise, malware infection, or exfiltration of data. This service enables us to provide you with recommendations to prevent further attacks.
Respond
Cyber Resilience and Response 10All Rights Reserved. © NCC Group 2015
Post Incident
In the aftermath of an incident, all stages of the cyber resilience and incident response framework are revisited, to ensure an ongoing programme of improvement. The information gathered is fed back into the process and is used to strengthen your security posture further.
Information & Threat Intelligence Sharing
NCC Group believes that keeping your management informed of current, relevant facts around incidents is vitally important. During every investigation, we appoint a technical account manager who works closely with you and your management, ensuring that lines of communication are open at all times. The technical account manager provides detailed status reports, enabling you to make business decisions based on the threat intelligence that has been gathered.
All of our reports contain details aimed at technical audiences and comprehensive summaries aimed at management, providing your managers and executives with a full picture of their current security status.
Threat Impact & Loss Review
We help you understand the impact and loss suffered as a result of a breach. Through a full review we will assess both the business and technical impact and the losses arising from the breach.
Post Incident Analysis & Lessons Learned
Many organisations are unaware of what steps they need to take to minimise the risk and impact of security breaches. Our team of highly qualified consultants offers advice, training, and guidance in all areas of systems security, including:
• Ensuring that your organisation’s staff are fully aware of their cyber security responsibilities.
• Proactive network monitoring tools and solutions.
• Establishing security and storage rules for the handling of evidence.
• Delivery of training to key staff ensuring adherence to evidence handling procedures.
• Providing guidance in the guide of a documented, real-world example that everyone can run through in advance.
• Ensuring that all parties, including legal, are confident that the processes in place are correct.
Prepare Assess Maintain Respond Review
NCC Group - your global cyber security partner
CONTACT US
0161 209 5200 [email protected]@nccgroupplcwww.nccgroup.trust
Cheltenham
Edinburgh
Glasgow
Leatherhead
London
Manchester - Head office
Milton Keynes
Denmark
Germany
The Netherlands
Switzerland
Atlanta
Austin
Chicago
New York
San Francisco
Seattle
Sunnyvale
Sydney
United Kingdom Europe North America Asia Pacific