THREAT DETECTION ASSESSMENT

The ConnectDS threat detection assessment is a multi layered cyber security assessment that enables you to take a more informed approach to your company’s cyber-security. By having a better understanding of the challenge your business faces in terms of potential cyber threats and data security you can optimise your cyber-security measures, making them more effective and better protecting you and your company.

ConnectDS identified that the majority of security assessments are too niche for SME organisations and do not provide a comprehensive assessment of all required areas. ConnectDS have performed hundreds of security assessments and with our knowledge, we have created a fixed 30-day assessment providing a comprehensive threat detection service to technically evaluate your organisation’s internal and external risks.

Most businesses focus heavily on preventative solutions but have a lack of visibility of what’s happening in their networks, and so don’t understand the user and network activity, and whether they are already in a state of compromise. Our security assessment is a comprehensive layered approach designed to detect threats, policy violations, misconfiguration and vulnerabilities by performing comprehensive security monitoring of all activity over 30 days.

What is CDS:30?

The CDS:30 assessment is a layered approach using a synoptic stack of forensic network security monitoring combined with multiple threat detection engines on an onsite appliance that is monitored remotely by our security analysts. The output of the CDS:30 includes the addition of a comprehensive review, validation of security alerts and threat hunting within the collected dataset.

Our expertise in network forensics is a key differentiation as this level of assessment is typically only available to larger organisations due to the technical specialism and associated costs. These assessments are a fixed engagement designed to fully technically assess an organisation’s current security standpoint and overall resilience against cyber threat.

Recent Findings

The CDS:30 assessment is a specialist assessment with layered security monitoring, to provide unparalleled visibility and actionable insight. The list below details some typical findings from recent assessments performed:

• External data exposure through unencrypted mail Traffic (SNMP/POP3/IMAP).
• External credential exposure through Plaintext and weak encoded passwords to external services.
• External data exfiltration via non-corporate approved cloud storage (Dropbox/Google Drive/OneDrive).
• Internet exposed corporate and admin credentials through plaintext LDAP/AD authentication to/from external services.
• Compromised Mac/Windows/Android devices (both personal and corporate devices).
• Illegal downloads via Peer-to-Peer file sharing (BitTorrent).
• Detection of bloatware and Potentially unwanted programs (PUP’s/Lenovo Superfish).
• External data and credential exposure through unencrypted VoIP (SIP & RTP).
• External data exposure through misconfiguration of NAS storage replicating unencrypted data between corporate sites.
• External data exposure through unencrypted data sync to cloud platforms.
• Vulnerable and unsupported operating systems (XP/Vista/Win7/2003/2008).
• Vulnerable and unsupported software (Flash/Silver light/Quicktime).
• Bypass of corporate security through unapproved remote access software on user devices (TeamViewer/LogMeIn/GoToMyPC).
• Inappropriate business web browsing (Pornography/Gambling/Violence).
• Detection of vulnerable wired and wireless infrastructure devices that can be exploited to provide full network access.
• Detection of exposed “live” corporate credentials that can be used to remotely authenticate and access corporate remote access solutions.
• External open access to corporate CCTV systems.
• External credential exposure through unencrypted authentication to externally hosted websites.

What do we analyse?

• Network Traffic assessment:
  • Implementation Deployment of a network sensor for inspection of all inbound/outbound traffic
  • Full packet capture Forensic capture of all inbound/outbound network traffic.
  • Threat Hunting Granular manual forensic threat hunting.
  • Anomaly detection Profiling of user and network activity to identify trends and anomalies.
  • Threat Intelligence Detection of communication with known bad (blacklisted) hosts.
  • Intrusion Detection Threat detection using an IDS engine running commercial threat feeds.
  • Unsecured Communications Detection of unencrypted Data-in-Motion.

• External Exposure Assessment:
  • Dark/Open Web Analysis and reporting of compromised assets and leaked credentials that can be leveraged to launch an attack against organisations.

• Vulnerability Detection:
  • Asset Discovery Identification of internal/external networks, systems, applications and infrastructure.
  •  Vulnerability Assessment Analysis of identified internal/external assets to detect weaknesses that can be leveraged by attackers to gain unauthorised access.

• Network Perimeter Assessment:
  • Application & Web filtering Technical assessment to measure existing network security controls against potentially unwanted communication.
  • Policy control Technical assessment to measure effectiveness of “acceptable use policy” against network security controls.
  • Threat prevention Emulation of hacking techniques and tooling to measure effectiveness of network security controls

Protect Your Business With A Network Security Assessment

Speak to ConnectDS and discuss how our CDS:30 threat detection assessment can help your organisation gain deep visibility into your internal and external security posture validate your current policies, configurations and technical controls.

Frequently asked questions about our Threat Detection Assessment

Please see below for some common questions on our threat detection assessment, if you would prefer to speak to someone then give us a call and speak to one of our team in our Surrey or London offices.