Vulnerability Assessment and Remediation

Constant changes to networks, systems and applications can leave you susceptible to an attack, even if you are keeping your security controls up to date. CyberDefense provides integrated vulnerability scanning, assessment, and reporting that includes:

1. Schedule scans to run on a recurring basis with the ability to scan some assets more frequently than others
2. Customize techniques used to avoid disruption of critical services
3. Scan assets from authenticated and unauthenticated perspectives

Secure Configurations for Hardware and Software

Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process to prevent attackers from exploiting vulnerable services and settings.

Host Intrusion Detection (HIDS) and File Integrity Monitoring

Not all operating systems, applications or devices come from the manufacturer with robust security enabled. often, they are configured for easy (or easily repeatable) deployment, with the expectation that you will upgrade their access and operational security following their initial introduction to your environment. Unfortunately, attackers prey on those who fail to follow this practice and neglect to secure their networks (i.e. by leaving passwords at the default value). CyberDefense helps with the following functionality:

1. Vulnerability scans of your environment will identify when devices, operating systems, applications, etc. are configured with the vendor default password.
2. File Integrity Monitoring alerts you to when changes of critical system files including network device configurations, Windows registry entries, and any other text-based file that falls under your security policy.
3. Intrusion detection can usually detect potentially exploitable faulty configurations by the way a service communicates (e.g. using telnet instead of an encrypted SSH connection.

Controlled Use of Administrative Privileges

The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.

Log Analysis - Custom Events Fired on Certain Logins

A common mistake of new system administrators and security engineers is the widespread use of administrative privileges. This can be due to apathy or negligence when administrator accounts are shared among teams or admin level access is granted without scrutiny. Also included is the scenario where an administrator is using their admin credentials to perform non-admin tasks such as browsing the Internet or reading email. This is easily combatted by instituting a proper "need-to-know" policy when building or reorganizing your IT infrastructure.

However, for auditing this behavior, CyberDefense will identify when certain logins are used and can alert you to this behavior. Correlation rules could even be written to alert you when a specific login is used on a certain system and, combined with policy actions and custom scripting, take an automatic action to disable that account.