INDICATORS OF COMPROMISE ASSESSMENT

Indicators of compromise (IOC’s) are observable artifacts on a network or operating system that gives high probability of a computer intrusion. IOC's are part of incident response and forensics process to get the early warning signs in case of a potential attack and gives you time to respond to them effectively.

Isecurion's security team analyzes your environment to understand the potential threat landscape you can be exposed to and help you establish the indicators of compromise through your SIEM program or ad hoc analysis of IOC's in your environment through comprehensive scanning and analysis

Increased visibility of your environment and potential threat activities
Early detection of threat actors in your environment
Increased response time and minimal impact
Increased efficiency of your incident response Program
Identification of potential threats already existing in your environment
Assurance to client and business partners that you have an effective incident response program

Indicators of compromise program mainly focuses on two Types of Assessment. Our first type of assessment is basically focused on helping organizations establish indicators of compromise applicable for their environment. The second type of assessment is performed by conducting a thorough scanning of the environment to identify potential indicators of compromise. Our methodology for security Assessment is based on is based on the following approach.

Environment Review

We do a comprehensive review of the client's environment to analyze and create list of IOC's that are applicable for their environment
Network Topology Review
Baseline Network Traffic Review
Understand network and systems security policies
Identify ingress and egress points

Establish IOC

We help in segregating IOC based on their application to the environment and categorizing them under
Network
Systems
Application
Malware domains.

Network Domain

Unusual Outbound Network Traffic
Geographical Irregularities
DNS Request Anomalies
Mismatched Port-Application Traffic
Suspicious c2c traffic

System

Anomalies In Privileged User Account Activity
Suspicious Registry Or System File Changes
Suspicious listening ports

Application

Increased file transfer
Swells In Database Read Volume
Large Numbers Of Requests For The Same File

Malware

Struxnet malware IOC
Flame Malware IOC

We provides comprehensive report detailing applied IOC's for your environment, details of threats and remediation action.

APT Assessment

Advanced Persistent Threats (APT) is a threat in the form of a highly skilled motivated attacker with determined objectives to cause Intellectual property, reputation and financial and data loss for the targeted organization. To pursue its objective APT operates over an extensive period of time on the targeted organizations environment by resisting its sophisticated security mechanisms.

Isecurion’s APT Assessment helps in identifying, containing and eradicating these sophisticated threats from your environment. We also help organizations in identifying the missing controls and provide them support to build necessary defensive controls and expertise against such attacks in future.

Helps organizations access their preparedness against APT attacks.
Identifies existing vulnerabilities and control gaps that can be used for APT attacks.
Enhancing your existing policies, processes and standards and match them against Industry best practices.
Quick response in proactively identifying and containing such attacks.
Assurance to client and business partners that your environment is secure against APT attacks.
Get comprehensive report of findings and recommendations for clients and business partners.

We use a methodical approach in analyzing the APT lifecycle and conducting a series of analysis in each phase to identify, contain and eradicate the APT. The methodology covers the following categories detailing the APT lifecycle phases and necessary analysis conducted by our team.

Initial compromise

In this phase the attacker usually uses spear phishing or watering hole attacks through zero-day exploits and malwares for initial compromise.
RRN Technologies team helps in investigating such attacks and identifying potential breach due to such attacks .We also provide support in verifying the effectiveness of email and web content filtering systems which are first level of defense against such attacks.

Establish Foothold

In this phase the attacker basically establishes backdoor or covert channel to outside network for getting additional payloads and C2C operations. RRN Technologies team helps in identifying such covert channels .We also provide support in verifying the effectiveness of additional security controls for defense against such attacks.

Escalate Privileges

In this phase the attacker basically tries to elevate its privileges using 0-day or unpatched exploits. RRN Technologies team helps in identifying potential indicators of privilege escalation and tests the effectiveness of additional security controls like SIEM and change monitoring controls for defense against such attacks.

Internal Reconnaissance

In this phase the attacker does information gathering for high value targets and critical data flow in the Network. RRN Technologies team helps in identifying potential indicators of compromise and tests the effectiveness of security controls for defense against such attacks.

Move Laterally

In this phase the attacker expands its control on high value targets and critical data and begins data harvesting RRN Technologies team helps in identifying potential indicators of compromise through data movement to unauthorized mediums and correlate events to identify the potential threat.

Maintain

In this phase the attacker configures it control to maintain access on the compromised systems for extensive control on the network over long periods of time. RRN Technologies team helps in identifying the compromised systems and eradicating the threats

Complete Mission

In is one of the important phases in which the attacker begins exfiltration of the data through covert mechanism, bypassing the security controls. RRN Technologies team helps in identifying these covert channels and cleaning them. We also provide support in establishing stronger control to mitigate such attacks in future. The effectiveness of defending against any APT attacks is mainly dependent on clients own Information Security, Data Protection, SIEM & Security Incident Management training and awareness Programs.

Top