Embed Size (px)
Citation preview
CYBER RESILIENCE & INCIDENT RESPONSE
www.nccgroup.trust
Introduction
The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable accidents, but now organisations are facing a multifaceted set of cyber security threats.
The consequences of a successful cyber attack are well known, so having an effective program of risk reduction and response is no longer optional.
Today’s attacks are rarely random, rather they are targeted at organisations or industries with the aim of achieving specific goals. These attacks are intended to cause financial or reputational damage, or to steal confidential information, and can come from hostile nation-states, organised criminal enterprises or disgruntled employees.
Such attacks require the public and private sectors to take a different approach to their cyber security posture and strategy.
As attacks are often tailored to evade or subvert the particular defences of the organisation under attack, conventional technical security measures are often ineffective. This is why it has become critical for organisations to understand and remediate the threat in the context of their business and take action to improve their cyber resilience.
NCC Group’s Cyber Resilience and Incident Response services help you prepare, assess, maintain and respond to the threats you face.
Drawing on the experience of our cyber risk professionals, incident response experts and technical security consultancy teams, we help clients to:
• Understand their current cyber posture
• Contain and mitigate any breach
• Understand ongoing risk and develop a strategic roadmap to improve overall cyber security maturity
Cyber Resilience and Response 2All Rights Reserved. © NCC Group 2016
Cyber resilience goes beyond risk management and tactical technical solutions, taking a holistic view of preparing organisations for the reality of cyber incidents.
Cyber Resilience and Response 3All Rights Reserved. © NCC Group 2016
Review
Prepare
MaintainRespond
Assess
What should your organisation do?
Cyber Resilience and Response 4
Believing that an incident could happen at any time will enable better preparedness.
Accepting that cyber incidents will happen, means that your organisation will be ready to respond when a breach occurs or is detected. By being ready your organisation will understand the best course of action to take to return to business as usual.
To ensure comprehensive coverage, cyber resilience must be embedded in an organisation and become an everyday consideration, not just a one-off project. It is important to adopt the mindset that while total security is unachievable, risk is manageable when an eventual breach is planned for.
Improving your overall security posture may seem like a daunting task. Our Cyber Resilience and Incident Response framework enables you to develop a strategy to suit your organisation. Our framework takes you through the key areas you need to consider to put together an approach that works for you.
Our services range from executive engagement and strategy development, through to education and awareness, incident management and remediation.
With a global team of over 400 experienced consultants we are on hand to help organisations plan for and respond to a variety of cyber risks. Our strength in depth and unique set of skills means we can respond to incidents of all sizes, even those with challenging timescales and diverse technical requirements.
With best-of-breed solutions, tools and the expertise of our intrusion response specialists, we are constantly evolving our capabilities to meet our clients demand for robust cyber security.
All Rights Reserved. © NCC Group 2016
Executive Steps to Cyber Security
Cyber and Incident Response Strategy & Planning
Board Level Training
Cyber Security Capability Assessment/Health Check
Policy Maturity Review
Sophisticated Simulated Attack (Red Team)
Investigative Protective Monitoring & Logging Review
Cyber Security Diagnostics
How we can help
Cyber Resilience and Response 5
Prepare Assess Maintain Respond Review
Host, Network & Forensics Readiness Training
Ongoing Consulting and Managed Services
Proactive Network Monitoring
Incident Response Management
Investigate & Remediate
Impact Understanding & Quantification
Managed Services
Malware Analysis & Reverse Engineering
Host Forensics & Network Monitoring
Mitigation & Recovery Assistance
Log Analysis
Information & Threat Intelligence Sharing Partnerships
Post Incident Analysis: Threat Impact & Loss Review
Lessons Learned: Action Identification & Knowledge Dissemination
All Rights Reserved. © NCC Group 2016
Proactive Risk Management
Your organisation’s cyber risk strategy must be driven from the board level. Focusing on technology is not enough, security must be an integral part of your core business governance strategy.
Proactive risk management enables you to integrate cyber security into every aspect of your organisation.
Embedding cyber security into the organisational governance and control framework of any business is the starting point for the design, development and delivery of a forward looking strategy.
NCC Group’s Cyber Resilience services will help you to develop an understanding of your current capabilities, the threats faced and vulnerabilities present, with the goal of developing a cyber-resilient organisation.
Cyber & Incident Response Strategy Planning
If you don’t have an in-depth security strategy, then you need to know where you should focus your investment and what your security priorities should look like in the short, medium and long term.
Our security strategy advisory service is based on four attributes:
1. Getting the basics right
2. Identifying and protecting what matters most to your business
3. Strengthening leadership and governance
4. Pioneering security as a business enabler
Cyber Security Capability Health Check
Our Cyber Security Capability Health Check helps organisations understand their risk posture and ability to defend against internal and external cyber threats. By taking a holistic view of people, processes and technology, the health check enables organisations to articulate their enterprise cyber security capabilities and highlight areas of vulnerability and risk in the context of the overall business. Actionable findings backed up with practical recommendations will enable your organisation to prioritise areas for remediation and result in your organisation becoming more vigilant and resilient in its approach to manage cyber threats.
Policy Maturity Review
Your organisation’s ability to manage cyber threats and vulnerabilities is heavily reliant on the existence of robust and mature security policies which articulate the security standards of your organisation in relation to staff behaviour, business and technical processes. Keeping security policies aligned with your business direction and the evolving security threat landscape is challenging and, if not done correctly, can lead to data loss, breaches or other security incidents.
We have the experience and capability to review your organisation’s existing security policies to make sure they reflect business and technical processes. We also have the expertise to help you develop new policies which will be mature enough to address compliance gaps and meet industry best practice.
Cyber Resilience and Response 6All Rights Reserved. © NCC Group 2016
Prepare Assess Maintain
Sophisticated Simulated Attack (Red Team)
Performing a simulated attack on your organisation to assess its susceptibility to a breach, its level of user awareness and its detection and response capabilities is very valuable. Our methods include open source intelligence (OSINT) to identify targets; phishing campaigns to gain access to company credentials or systems; and the use of simulated malicious-like payloads to retain access.
Alternatively, we will generate traffic on your internal network, originating from a simulated “compromise” to assess your current ability to detect suspicious activity. We tailor a program designed to identify and highlight gaps and ensure the robustness of your overall security posture.
Investigative Protective Monitoring & Logging Review
We perform a technical deep-dive exercise intended to answer the question ‘do we have the requisite technical infrastructure and capabilities to be able to support investigations in a timely, accurate and sufficiently deep manner?’. NCC Group’s cyber incident response and defence operations experts review what your organisation has today, any gaps against particular threat types and your current level of maturity.
Cyber Security Diagnostics
Our consultants will undertake a broad review of your cyber security controls and capabilities to enable you to understand your risk posture and ability to defend against internal and external threats. The review will take a rounded view of people, processes and technology to understand areas of vulnerability and prioritise areas for remediation.
Training
People are the weakest link in cyber security. If your organisation lacks relevant training and cultural awareness then technology will be of limited benefit in preventing or responding to cyber attacks.
We offer tailor-made training and awareness programmes relevant to your sector and level of maturity. From executive table top scenarios to phishing awareness our courses and experience are an important part of any risk reduction program.
Our technical training is intended for individuals who will undertake incident response activities within a particular organisation and centres around first responder activities for host forensics, network traffic investigations and malicious code analysis (malware).
Ongoing Consulting and Managed Services
As part of your organisation’s ongoing program of improvement our consulting and managed services teams provide a broad range of capabilities and offerings on an, as needed, as well as program basis.
Cyber Resilience and Response 7All Rights Reserved. © NCC Group 2016
Prepare Assess Maintain
Cyber Resilience and Response 8All Rights Reserved. © NCC Group 2016
Incident Response
Knowing how to respond to an attack is one of the most important aspects of cyber resilience. NCC Group’s Cyber Incident Response services provide step-by-step guidance and expert skillset to help you keep control of the situation.
Incident Management and Response
In the aftermath of a security incident you need a quick response and accurate insight. With our dedicated Incident Management and Response team we help you find out what happened and how.
With our rapid incident response capability we focus on helping your organisation to promptly regain control of your systems and information following a security incident.
Through a combination of evidence protection and forensically-sound investigation, our consultants can determine:
• How the breach occurred by understanding the initial vector of attack and compromise.
• The capabilities and activity of a threat actor to determine the extent of infiltration.
• Identify (where possible) who may be responsible
• Categorise what was taken and when to enable you to understand the loss.
Our 24-hour response team provide timely and accurate advice on how best to deal with a breach as soon as it is discovered.
Investigate & Remediate
We provide comprehensive investigation services using appropriate experts in gathering, analysing and presenting digital evidence. Our consultants have experience of a wide range of investigations, including traditional laboratory-based forensic analysis, network forensics, covert monitoring, live host and memory forensics.
Impact Understanding & Quantification
We work closely with you to investigate a breach to help answer the question of ‘what happened?’ and thus allow you to understand the impact on your organisation while also quantifying any losses.
Managed Services
Our Cyber Defence Operations network sensors are deployed as part of a managed service, in which traffic on your network will be automatically monitored around the clock, with any unusual traffic compared to our extensive intelligence databases. Combining our own intelligence with industry-wide knowledge and that privately shared from partners, we identify indicators of compromise and unusual network traffic quickly and accurately.
Respond
Cyber Resilience and Response 9All Rights Reserved. © NCC Group 2016
Malware Analysis & Reverse Engineering
We have a dedicated malware investigations laboratory which enables us to analyse malicious code.
Our team of consultants will reverse-engineer the malware, to discover exactly what its effect is and what damage it has already done to any affected systems. Using sandboxed virtual or physical machines, configured to the same specification as client machines, our experts analyse the malware’s behaviour, allowing clients to secure their estates effectively.
Host Forensics
We provide you with cyber forensic investigation capabilities using appropriate experts in gathering, analysing and presenting digital evidence.
We collect forensic images of hosts, getting a forensically-sound copy of all data in both storage and volatile memory. Our consultants then analyse any information found, using industry-standard tools and platforms. We provide you with an accurate picture on what happened and when, in support of a broader investigation.
Network Monitoring
Sensors are deployed on your networks and managed by our Security Operation Centre (SOC) through a secure connection and is used to perform live monitoring of unusual and potentially malicious traffic, such as intrusion attempts, data egress, and malware command and control traffic. Using secure systems and in-house developed software, we analyse your network traffic in real time, allowing our experts to recommend countermeasures to block malicious traffic while tracing the source.
Mitigation & Recovery Assistance
We provide you with knowledge and support in the eradication of a threat actor from your environment and in the subsequent effort to bolster your defences. This is a blended service consisting of high-level management combined with investigation, analysis, protective monitoring, advice and planning.
Log Analysis
Our consultants quickly and reliably assess available logs, as well as any intrusion detection and prevention systems already in place. We compare any traffic to previous attacks held in our intelligence databases to discover the extent of any compromise, malware infection or exfiltration of data. This service enables us to provide you with recommendations to prevent further attacks.
Respond
Cyber Resilience and Response 10All Rights Reserved. © NCC Group 2016
Post Incident
Post incident, all stages of the Cyber Resilience and Incident Response framework are revisited to ensure an ongoing program of improvement. The information gathered is fed back into the process and is used to further strengthen your security posture.
Information & Threat Intelligence Sharing
NCC Group believes that keeping your management informed of current, relevant facts around incidents is vitally important. During every investigation, we appoint a technical account manager who works closely with you and your management, ensuring that lines of communication are open at all times. The technical account manager provides detailed status reports, enabling you to make business decisions based on the threat intelligence that has been gathered.
All of our reports contain details aimed at technical audiences and comprehensive summaries aimed at management, providing your managers and executives with a full picture of their current security status.
Threat Impact & Loss Review
We help you understand the impact and loss suffered as a result of a breach. Through a full review we will assess both the business and technical impact and the arising losses.
Post Incident Analysis & Lessons Learned
Many organisations are unaware of what steps they need to take to minimise the risk and impact of security breaches. Our team of highly qualified consultants offers advice, training and guidance in all areas of systems security, including:
• Ensuring that your organisation’s staff are fully aware of their cyber security responsibilities.
• Proactive network monitoring tools and solutions.
• Establishing security and storage rules for the handling of evidence.
• Delivery of training to key staff ensuring adherence to evidence handling procedures.
• Providing guidance in the guide of a documented, real-world example that everyone can run through in advance.
• Ensuring that all parties, including legal, are confident that the processes in place are correct.
Prepare Assess Maintain Respond Review
NCC Group - your global cyber security partner
www.nccgroup.trust@nccgroupplc
All Rights Reserved. © NCC Group 2016
