Embed Size (px)
Citation preview
Version: 2 Page 1 of 3
Over 21.8% of web-based malware was NEW compared to the month before
33.6% of malicious domains were not
infected the month
before!
80% of malicious websites were LEGITIMATE sites that were innocently compromised
Malicious Activity Assessment – MAA.
Web Internet Gateway Security
What is a Malicious Activity Assessment (MAA)? An MAA will passively analyse internet traffic at your
gateway for up to two weeks; in this time any threats,
risks, and abuses of internet security will be logged. At the
end of the two weeks a detailed report is created for the
Customer, and a consultant will provide a de-brief on
what has been found, explain the threats, and make
suggestions on improvement.
What will an MAA show me? The risks and threat are numerous, below are some typical findings:
• Infected Clients: Desktop, laptops, or servers that
are infected with Spyware or Malware. Example:
An infected desktop PC that is subject to screen
capturing, keyboard logging or file shadow
copying; this sensitive information is forwarded to
external unauthorised internet parties.
• Botnets. The identification of botnet command and control protocols that are either
originating from the corporate LAN, or where the Corporate LAN has infected hosts.
• Suspicious Client-side (host) Applications. Who (client IP), What, Where and When.
� File Uploads - should staff be moving files from the LAN to the internet?
� IM - Are staff allowed to use IM, and what’s the remit of its usage?
� P2P – Do you endorse file and media sharing?
� VoIP – Should your bandwidth be used for such intensive protocols?
� Gaming – lots of fun, but is it being abused?
� Remote database connections – Should key systems be integrated off the LAN
� Remote Access – is this authorised and to what scope?
� Streaming Media- do you allow media streaming from your LAN?
• Web Site Usage. Top destination domains by usage (hits). Where Category is split
into: Social networking, Webmail, Shopping, Gambling, Recruitment, etc…
How sure are you, that your internal Systems have
not already been compromised?
Version: 2 Page 2 of 3
What reports will I receive? As well as the five reports listed below, the information will be presented and fully
explained with an opportunity to ask questions and focus on key findings, a few example
reports can be seen below,
1) Spyware traffic detection.
2) Potential internet based attacks.
3) Botnet infected hosts.
4) Application usage (usage of internet borne protocols).
5) Browse time by site category.
Version: 2 Page 3 of 3
71% of under-25 year olds have stated they use Facebook
whilst at work.
How will the service be delivered & what can I expect?
Upon receipt of the order, an engineer will call you to run through a pre-visit checklist and
set a date for the site work. At your site the engineer will reconfirm technical parameters
and review your environment for adequacy. Once the technical diligence phase is
completed, the engineer will install a security monitoring toolkit that will passively and
unobtrusively collect traffic passing through the gateway. The toolkit will automatically
detect spyware, malware, botnet, application protocol and web browsing traffic. It will not
stop such traffic and is purely configured to observe and log. After two weeks of being in
place the engineer will make a second visit to remove the tool and collect the results. Within
in a few days of this a report will be created and the results presented to the Customer.
How will the business benefit?
The services will verify if the business is currently compromised
from web internet borne threat, and the associated risk of
confidential data loss, staff productivity, and system abuse. Key
reasons for having the MAA include:
• Ensuring critical and key systems are threat free.
• Understand the volume and impact of malicious activity.
• Validating that the current security measures are acceptable.
• Achieve early warnings to unknown threats and new risks.
• Providing evidential style reports for compliance and industry regulation
adherence.
• Verifying and forensically analyzing a suspected attack or compromised host.
• Identify key areas for improved protection and response.
• Leverage new sources of security intelligence.
• Achieving a proactive rather than a reactive security posture.
Costs: £750
This cost is typical for engagement for a single customer gateway, including two sites visits,
two weeks of traffic collection, report creation and debrief. Travel costs will be charged
additionally where applicable, and there may be a charge for couriering the equipment.
To understand more about the MAA please
Tel: 020 7621 9740 or email [email protected]
