cyber security handbookdrive.smsam.net/cyber_security_handbook.pdf · famous lockheed martin cyber...
TRANSCRIPT
2
Cyber Security Handbook
PRACTICAL AND
REALISTIC STEPS TO
SECURING YOUR
ORGANIZATION
AGAINST CYBER
ATTACKS
By: Sunday McDickson Samuel (SMS)
Copyright © 2018
SMSAM SYSTEMS LTD
3
1 CONTENTS
2 Executive Summary ............................................................................................................................. 4
3 VIPDDR Framework ............................................................................................................................. 5
4 Phases Of The Revised Cyber Attack Kill Chain ................................................................................. 6
5 Programs Implementations Of VIPDDR Framework ......................................................................... 7
5.1 Cyber Threat Intelligence (CTI) Program. ................................................................................... 7
5.1.1 Anti- IP Hijacking – AIPH. .................................................................................................. 7
5.2 Breach Exposure Program (BEP) ................................................................................................ 8
5.2.1 Active Directory Integration ............................................................................................... 8
5.2.2 Empower your Fraud Investigators .................................................................................... 8
5.2.3 Corporate Exposure Alerts. Be the First to Know .............................................................. 8
5.2.4 Automate ATO Prevention into Your Existing Workflows ................................................ 8
5.2.5 Enforce Stronger Passwords ............................................................................................... 8
5.3 Email Authentication and Security Program (DMARC) ............................................................ 9
5.4 Cloud Security Program (CSP) .................................................................................................... 9
5.5 Insider Threat Program (ITP) ..................................................................................................... 9
5.5.1 Threat Intelligence Gateway (TIG). ................................................................................... 10
5.5.2 Browser Isolation Technology (BIT). ................................................................................ 10
5.5.3 Visibility Fabric Architecture (VFA) .................................................................................. 11
5.5.4 Active Directory Security Program (ADSP) ...................................................................... 12
5.5.5 Software Defined Perimeter (SDP) .................................................................................... 13
5.5.6 Adaptive Authentication Platform (AAP).......................................................................... 13
5.5.7 Network Access Control (NAC).......................................................................................... 14
5.5.8 Real Time Threat Detection, Prevention and Remediation Platform ............................ 14
5.5.9 Data Loss Prevention (DLP) .............................................................................................. 15
5.5.10 Anti-DDoS Program ........................................................................................................... 16
5.5.11 Privileged Access Management (PAM) ............................................................................. 16
5.5.12 Mobile Security Program (MSP) ........................................................................................ 17
5.5.13 Cyber Education ................................................................................................................. 17
5.6 Endpoint Security Program (ESP) ............................................................................................. 18
5.7 Breach Attack Simulation (BAS) Program ................................................................................ 19
5.7.1 Breach & Attack Simulation (BAS) .................................................................................... 19
5.7.2 Compromise Assessment Services ( CAS) ........................................................................ 23
5.8 Compliance Management & IR ................................................................................................. 24
5.8.1 Incidence Response (IR). .................................................................................................. 24
6 Components and Recommended Solutions ...................................................................................... 25
7 About SMSAM Systems Limited ....................................................................................................... 26
4
2 EXECUTIVE SUMMARY
Securing an organization against devastating cyber breaches should NOT be a science project,
neither should it require an assemblage of elite high end PhD holders in cyber security
specialty to accomplish. It is POSSIBLE to STOP BREACHES with minimal overhead, both
in human resource and its attendant financial outlay when compared to the actual cost of a
breach. As an aftermath of a breach, not only is an organization’s brand suffers, the careers of
senior management staffs also suffers!
At SMSAM SYSTEMS, we’ve done the hard work by creating the first of its kind cyber
security framework, domesticated for ALL types of organizations in Africa. This framework is
holistic, realistic, scalable and patently implementable (Pain-free) and comparable to ANY
global cyber security standards, i.e. NIST! The scalability and ease of implementation of this
framework is unrivalled, as it provides for phased implementation known as Programs of
VIPDDR.
5
3 VIPDDR FRAMEWORK
VIPDDR Framework is a Cyber Security framework designed specifically for Organizations
operating out of Africa. Its mission is to drastically reduce organization’s exploding attack
surface (internal and external), leading to a breach proof infrastructure. This framework seek
three (3) main objectives, i.e. DISRUPTING, FRUSTRATING and SLOWING DOWN
an adversary’s attack path as captured in the Lockheed Martin Cyber Attack Kill Chain.
Adversaries could be any of the following, Nation-State, Hactivists, Cyber criminals
and Disgruntled Insiders.
While cyber adversaries have different TTP’s, motivations and attack vectors, etc. it’s an
incontrovertible truth that they all possess identical attack paths as aptly captured in the
famous Lockheed Martin Cyber Attack Kill Chain. This framework integrates with all elements
of an organization’s entire infrastructures, i.e. Endpoints, Networks and Applications
(On-Premise and Cloud enabled).
A single cyber attack involves MANY steps, so organizations often have numerous
opportunities to visualize, predict, isolate, prevent, detect and respond to these attacks, while
in progress.
When meticulously and religiously implemented, it guarantees a BREACH PROOF
infrastructure! It’s expedient to understand that a huge difference exists between a
compromise and a breach. A compromise does not automatically leads to a breach when the
right approach is taken. While compromise is inevitable, breaches can be stopped- and that’s
what I tried to explain in this e-book.
With this framework fully implemented, you disrupt the core mission of the adversary, which
is to steal your data, hurt your reputation, brand, and make unavailable your services amongst
others.
Here at SMSAM SYSTEMS, we’ve revised the original attack kill chain methodology to reflect
the fluidity and sophistication of today’s adversary’s TTPs (Tactics, Techniques, &
Procedures) at causing monumental operational disruptions in the enterprise.
Organizations should not solely focus at stopping malware but ultimately STOPPING
BREACHES, which is the motivation behind VIPDDR Framework.
6
4 PHASES OF THE REVISED CYBER ATTACK KILL
CHAIN
Phase 1: Reconnaissance – The first stage is identifying potential targets that satisfy the
mission of the adversaries (e.g. financial gain, targeted access to sensitive information, brand
damage). Once they determine what defenses are in place, they choose their weapon, whether
it’s a zero-day exploit, a spear-phishing campaign, bribing an employee, or some other.
Phase 2: Initial compromise – The initial compromise is usually in the form of adversaries
bypassing perimeter defenses and gaining access to the internal network through phishing,
watering hole attacks, drive-by-downloads, credential theft, etc.
Phase 3: Command & control – The compromised device is then used as a beachhead into
an organization. Typically, this involves the adversaries downloading and installing a remote-
access Trojan (RAT) so they can establish persistent, long-term, remote access to your
environment.
Phase 4: Lateral movement – Once the attacker has an established connection to the
internal network, they seek to compromise additional systems and user accounts. Because the
attacker is often impersonating an authorized user, evidence of their existence can be hard to
see.
Phase 5: Target attainment – At this stage, the attacker typically has multiple remote
access entry points and may have compromised hundreds (or even thousands) of internal
systems and user accounts. They deeply understand the aspects of the IT environment and are
within reach of their target(s).
Phase 6: Exfiltration, corruption, and disruption – The final stage is where cost to
businesses rise exponentially if the adversary is not defeated. This is when the adversary
executes the final aspects of their mission, stealing intellectual property or other sensitive data,
corrupting mission-critical systems, and generally disrupting the operations of your business.
7
5 PROGRAMS IMPLEMENTATIONS OF VIPDDR
FRAMEWORK
5.1 Cyber Threat Intelligence (CTI) Program.
The first phase of any cyber attacks begins with a reconnaissance process, and this takes
places outside of your firewall or perimeter, typically on the Internet or Web. We have 3
categories of the Web as follows;
• Surface Web - Part of the web that is indexed and accessible via any web
browsers, i.e. www.smsam.net
• Deep Web - Part of the web that is NOT indexed but accessible via any web
browsers through some form of authentication, i.e. your Internet or online banking
page.
• Dark Web- Part of the web that is neither indexed nor reachable by a web browser
and has all of its communication encrypted. It can only be assessed by special
applications such as TOR (The Onion Router), I2P amongst others.
The Dark web is a repository of all that is bad on the web, there you find all sort of illicit
stuffs, i.e. drugs, pornography, exploit kits, sales of crimeware (malware, DDoS kits, etc.).
Having visibility into such platform help your organization in foiling targeted cyber attacks
right before it begins. Adversary’s infrastructures used in launching Phishing, Malware,
and other insidious campaigns can be DESTROYED right before they hit an organization.
Targeted and opportunistic attacks on your brand and employees are discovered at the
early stage, thereby arming you with right defenses in thwarting them.
Visibility into the adversary’s domain via finished and automated cyber threat intelligence
gives you the motivation to take the battle straight to them rather than staying back waiting
behind your firewall to be pummeled before reacting.
5.1.1 Anti- IP Hijacking – AIPH.
Any organization connected to the Internet may become the victim of an IP hijack.
Government agencies, critical infrastructure companies, financial organizations
and other companies that provide external users with access to sensitive
information are especially vulnerable.
IP hijacks have become a commonly employed technique by hostile governments
and criminal organizations. The attackers impersonate to the victim on the
Internet, allowing eavesdropping, recording and manipulating of Internet traffic.
The attacker can implement various man-in-the-middle attacks against the
attacked organization and its users, even when strong encryption is used.
In recent years, there have been reports of IP hijacking of nations and large
companies. Among the companies suffering attacks are: Amazon, JPMorgan Chase
& Co., Google, Bank of America, Twitter, Apple, HSBC Hong Kong, Yahoo, and
Time Warner Cable.
Protection from IP hijack attacks: IP hijack attacks are a growing security
risk. Under such attacks a network is susceptible to MITM attacks, espionage,
Trojan penetration, and more. BGProtect detects and mitigates hijack attacks:
8
o Detecting hijack attacks regardless of the hijack technology: data plane
manipulations, BGP, DNS.
o No installation at the customer site.
o The system gives full information about the hijack location and where the
traffic is hijacked to.
o Full solution: detection and then mitigation or counter‐measures with our 24/7
SOC.
o Can send alerts and data to existing SIEM systems.
o Can scan the entire Internet in a few hours
5.2 Breach Exposure Program (BEP)
Our BEP gives tou the visibility into which accounts of your employees has been
compromised and leaked to the dark web. Check www.spycloud.com , type in your
email address, you would see the details of employees credentials already leaked, and the
we do on a continuous basis.
Just so you know, Verizon data breach investigation report in its 2017 edition reported that
over 85% of the cyber-attacks to organizations were caused by stolen credentials. These
are the benefits of our Breach Exposure program.
5.2.1 Active Directory Integration
Our Active Directory Monitor blocks criminals from getting access to your
business’ accounts through leaked credentials. How does it do this? The tool snaps
into your SpyCloud watchlist through our API, runs locally in your environment,
and constantly compares new stolen credentials to your Windows domain users.
5.2.2 Empower your Fraud Investigators
Supercharge your cyber threat hunting by adding the SpyCloud Investigations
dataset to your toolset. In no time, you’ll be able to more easily track the Tactics,
Techniques and Procedures (TTPs) of the adversaries performing fraud in your
environment.
5.2.3 Corporate Exposure Alerts. Be the First to Know
The use of stolen credentials to break into sites isn’t particularly new or
sophisticated—but it works. It’s not surprising to hear that one reused password
can easily jeopardize millions of accounts. At SpyCloud our team of researchers
discovers and recovers stolen credentials, then immediately notify you when we
find a match. Reduce your ATO exposure time from months to minutes
5.2.4 Automate ATO Prevention into Your Existing Workflows
Our API allows you to integrate SpyCloud’s breach data with fast, high-volume
access. Fortune 1000 security teams, security vendors, and any organization that
has online accounts can leverage our API to power solutions in:
▪ Proactive account protection for customer and employee credentials leaked on 3rd party sites.
▪ Vendor integration to provide value added services ▪ Online brand and retail fraud/ATO investigation ▪ Integration into SIEM and internal detection tools
5.2.5 Enforce Stronger Passwords NIST’s new guidelines on password strength published in Special Publication 800-
63B now recommend that all applications with user accounts “compare the
9
prospective secrets against a list that contains values known to be commonly-used,
expected, or compromised.” NIST recommended this extra check due to the
modern success rate of brute force and credential stuffing attacks.
5.3 Email Authentication and Security Program (DMARC)
Email is the vector of choice for initial intrusion. Over 95% of the breaches recorded so far
begins with an email. Reduce your attack surface by completely DESTROYING the
infrastructures. Used by the attackers in launching their attacks. With DMARC
implemented to the REJECT face, you made it in impossible for your domains to be
leveraged for spoofing. Below are amongst the benefits of implementing a DMARC
program;
a. Protect against email spoofing.
b. Unrivalled visibility into usage of your domain for email communication.
c. Improve trust and simplify email processing.
5.4 Cloud Security Program (CSP)
Most organizations are being cagey in adopting cloud-computing initiatives despite its
immense benefits. The principal factor often cited is the inherent risk and security issues
associated with such move. Our cloud security program provides a platform that gives
surgical and unparralled visibility coupled with layered security from best of breed of
technologies in a single platform and across your entire cloud applications (IaaS, PaaS
and SaaS).
By far the most popular enterprise cloud application today is Office365. Our Cloud
Security Program is the first of its kind in the industry that secure every components of
Office365, i.e. Email, SharePoint, OneDrive, Skype for Business, Teams, etc.
CSP offers layered security model for enterprise cloud applications by providing AV,
Sandboxing, Predictive Anti-Malware, DLP, Encryption, SIEM Integration, Shadow IT,
Anti-Phishing solutions with over 200+ components based NLP, AI and ML based
algorithms, amongst others. Deployed without ANY form of infrastructural changes to
your network, i.e. No MX or DNS record changes, No Proxy configuration, No Agents, No
Appliances to install – all managed via a SINGLE pane of glass GUI and less than
10minutes!
5.5 Insider Threat Program (ITP)
One of the major concerns of organizations we’ve spoken to is INSIDER THREATS.
Aside Cyber Adversaries such as Nation-Sates, Hactivists and Cyber Criminals;
Disgruntled Insiders are the biggest threats facing organizations of all sizes. From my
interactions with stakeholders in the Information Security space, there is real sense of
helplessness at curbing this menace. Well, things have now changed with our
comprehensive Insider Threat Program – ITP.
Disruptive technologies have now made it possible to PREVENT and MITIGATE the
calamitous impact of disgruntled insiders activities. Below are Eight (8) components
recommended for the Insider Threat Program (ITP).
10
5.5.1 Threat Intelligence Gateway (TIG).
No one connects their site to the Internet without deploying multiple security tools
that include a firewall, IPS, antivirus, DLP, and often a SIEM to tie them all
together. Hackers are not invisible, they leave traces as they penetrate the network
and extract data. Yet, every day we see another headline announcing another major
but preventable breach. Why?
Because the constant barrage of security alerts from those devices overwhelms the
teams that operate them, making it impossible to find the “needle in the haystack”
needed to detect the critical traces of an intrusion or data breach before it’s too late.
ThreatARMOR’s TIG makes that haystack smaller by automatically applying an
always-on threat intelligence feed to your network, eliminating traffic to and from
known-bad sites and untrusted countries. By blocking traffic from phishing sites,
malware distribution sites, botnet controllers, hijacked networks, and unallocated
IP addresses; ThreatARMOR reduces up to 80% of the malicious and invalid traffic
that generates security alerts. This saves operations teams from the impossible task
of tracking down all those alerts.
Leveraging cloud-based security validation and scalable management,
ThreatARMOR doesn’t use signatures so there are no false positives. All blocked
sites are supported with clear on-screen proof of malicious activity such as malware
distribution or phishing, including date of most recent confirmation and even
screen shots.
With over a decade of malware and security testing expertise, Ixia’s Application
and Threat Intelligence (ATI) Research Center keeps the threat feed up to date,
individually validating every single blocked site every day and updating every
ThreatARMOR appliance every 5 minutes with the latest threat intel.
Since network availability is critical to your business, ThreatARMOR is built for
resilient and failsafe operation. Features such as dual-redundant power supplies
and Ethernet interfaces with built-in bypass modes ensure network availability on
both the 1GbE copper and 10GbE fiber interfaces. Below are some of the benefits
that a ThreatARMOR TIG offers:
• Reduces threats by blocking all traffic to and from known-bad sites and
untrusted countries.
• Improves operational efficiency by reducing the number of security alerts.
• Blocks outbound Botnet communication from infected internal systems.
• Improves the ROI and boosts the performance of your network security infrastructure
5.5.2 Browser Isolation Technology (BIT).
The threat level for organizations continues to escalate, with some media outlets
calling 2017 “the year of the hacker.” From high-profile breaches of government
agencies and prominent enterprises, to the massive WannaCry ransomware
campaign, attackers kept IT teams on their toes.
CTOs, CISOs and CSOs continue to evaluate new strategies and technologies to
maintain their vigilance against these threats. Chief among them is remote
browsers, a.k.a. browser isolation, which Gartner has identified as one of the top
technologies to have. As Gartner noted, “browser-based attacks are the leading
11
source of attacks on users,” and browser isolation keeps malware off the users’
system, “reducing the surface area for attack.”
Why You Need Browser Isolation.
Many security breaches and incidents can be traced back to web browser
vulnerabilities, and new malware attacks targeting browsers continuously emerge.
One example is malvertising, which is growing faster than online advertising, and
is being used to deliver ransomware and other malware. In the case of “drive-by
downloads,” website visitors don’t even have to click on the malicious ad – just
loading the website can infect the browser. Browser isolation technology can help
eliminate this threat.
As Gartner noted, isolating the browser away from the endpoint keeps malware off
the end user’s system, even if the browser is infected. Browser isolation doesn’t just
give organizations safe internet browsing, but also protects them from many
phishing and spear-phishing attacks: When a user clicks on a malicious email link,
the website opens in a secure browser and any malicious processes take place in an
environment that’s isolated from the organizational infrastructure.
Think of it like an isolation ward in a hospital for contagious patients. The patient
can still communicate with others without putting them at risk of infection, but the
germs remain sealed in the ward, until they’re eradicated when the chamber is
disinfected. Similarly, browser isolation contains viruses away from the endpoint
and allows only a safe data stream onto the user device.
The web has become an integral part of our daily routines. From the time we wake
up in the morning, to the time we go to bed at night, many of us have spent hours
on the web doing our jobs, or simply checking stocks, weather, and news. When we
visit well-known sites, as we’ve done for many years without issue, we have an
underlying belief that these sites are safe. After all, these are reputable brands.
What could possibly go wrong?
Unfortunately, attackers are taking advantage of the ubiquity of the web and
people’s trust to infect users’ devices and propagate malware. Some of the most
notorious attacks in 2017, including the WannaCry and NotPetya ransomware
attacks, leveraged the web to ensure the widest impact and do the greatest harm.
Much of the security industry is focused on monitoring and controlling the online
behavior of visitors to websites. But much of the damage wrought by
cybercriminals happens behind the scenes, as websites connect with so-called
“background sites” to carry out a user’s requests. Our researchers found that every
time a user visits a website, that site calls on an average of 25 background sites for
content—say, to fetch the latest viral video from a content delivery server or grab
ads to display from an ad-delivery network.
5.5.3 Visibility Fabric Architecture (VFA)
Our VFA provides intelligent traffic visibility solutions for enterprises, data centers
and service providers around the globe. This technology empowers infrastructure
architects, managers and operators with unmatched visibility into the traffic
traversing both physical and virtual networks without affecting the performance or
stability of the production environment. You want access to data everywhere it
exists in your network, not just where a network switch is located. With a
combination of fiber, copper, and virtual taps, VFA provides you with 100% access
to physical, virtual, public and private cloud traffic with higher reliability than
12
using only SPAN ports. And even during high-volume traffic conditions, Ixia gives
your security and monitoring tools total visibility to network traffic, with zero
packet loss.
You need failsafe security solutions to maximize your defenses and protect network
availability. Whether you experience a hardware or software failure, or just need to
take a tool offline for maintenance, bypass switches can route traffic around any
security tool that is unavailable or route traffic to an alternate device. With the
industry's fastest near-instant recovery, Ixia Security Fabric ensures your security
solutions operate continuously.
VFA uses a powerful, hardware-based processing engine to send the right data to
the right tools, at line rate speed.
5.5.4 Active Directory Security Program (ADSP)
90% of all corporations around the world, including financial institutions,
governments and military entities, are using Domain Networks to manage their
users, applications, and computers.
The Domain Network is a unique form of network, one in which all of the
computers, servers, and applications are connected. The industry is heavily focused
on protecting these resources individually without realizing the security
consequences of connecting them to a Domain environment. When a PC or server
is connected to a Domain environment, it's exposed to all domain resources by
design. It only takes one compromised machine to jeopardize the entire
organization.
In an environment where everything is connected, the rules of attack, as well as
detection and response, are unique and different. Attackers know this, but most
defenders do not. We are here to change that.
Network enumeration is noisy. Instead, the attacker will query the AD on the
compromised endpoint using native commands and receive 100% visibility of the
entire corporate domain. Security tools have not been able to alert on this because
it is the same activity as “normal baseline.” Attackers take advantage of this built-
in capability.
The attacker will steal domain credentials and move laterally inside the
environment as an authorized user completely hidden from security tools like AV,
EDR, UBA, etc. These are the moments when detection is most critical as the
defender begins to lose the fight in the first 15 minutes.
As the attacker plans persistence, the ultimate objective is to achieve Domain
Admin rights. Once the domain is owned, the attacker has free reign to create
unlimited persistence. This often occurs before any exfiltration, damage, or
espionage. The attacker understands tradecraft will be discovered or sometimes
detected. Domain Admin allows free reign across the environment.
In a compromised domain, the attacker can persist for as long as they like by
creating persistency and backdoors everywhere. Reports of compromise lasting
hundreds of days, sometimes years, are common. These have included cases where
attackers deploy and update their own malware. Imagine an attacker with a quality
assurance process and time to do so.
13
5.5.5 Software Defined Perimeter (SDP) This technology is based on a need-to-know model, in which device posture and
identity are verified before access to application infrastructure is granted.
Application infrastructure is effectively “blacken” (a military term meaning the
infrastructure cannot be detected), without visible DNS information or IP
addresses. An SDP technology resolves the security flaw inherent in the main
technology hitherto deployed to mitigate insider threats, i.e. VLAN based Network
segmentation.
Hitherto, organizations had attempted to address the issue of insider threats with
Network based segmentation technologies, i.e. VLANs; unfortunately this has not
been able to effectively address this monstrous menace. Just so you know, ANY
user in a VLAN has visibility into ALL resources in that VLAN irrespective of their
roles or intended access.
It’s also true that you can’t possibly attack what you do not see, so an SDP based
technology provides a platform to REDUCE your attack surface internally. VPN’s
are NOT required for remote access once an SDP based technologies has been
implemented.
Just as with a VLAN technology, VPNs are also notoriously flawed with access
control security.
VPNs' lack of access control functionality makes them impractical in the era of
highly mobile employees and increasing use of contractors and other contingent
workers, and hybrid network architecture. A VPN provides a secure connection to
the network, but the entire network. To limit users to only the applications and
data they're authorized to use, IT has to implement additional layers of security. In
fact, according to the IDC survey, it takes five to 14 network and application
components to add one new external user group to an organization.
When applications are behind the firewall, they need to be accessible to
authenticated end users but invisible to everyone else. When they're in the cloud,
they need to be subject to the same identity protection, multi-factor authentication,
data protection, and other security controls as applications on local servers. Users
need to be able to access critical applications whether they're in the office or
working remotely, on a laptop or on a phone or tablet, as easily as launching a
browser.
This is a tall order—and it's one a VPN can't fill, especially now that the security
perimeter itself typically extends beyond full-time employees to contractors,
business partners, other third parties, and beyond the firewall into the cloud.
A VPN doesn't deliver sufficient control over access requirements of today.
Business needs more: a solution that delivers access to applications but not the
entire network, and also provides multi-factor authentication, blocks unauthorized
users, and makes it easy to provision and de-provision individual users at a click.
5.5.6 Adaptive Authentication Platform (AAP)
It’s a no brainer that 80% of all data breaches involve exploitation of compromised
credentials. To mitigate the exposures on credential thefts, organizations have
deployed 2FA technologies. As we’ve have seen in many of the reported breaches,
most 2FA are vulnerability and easily bypassed.
So, the few organizations with 2FA deployed, only covered basic part of the IT
infrastructures, i.e. initial access to the corporate domain from their windows
14
workstations. Access to many other critical resources (including, VMs, IT
infrastructure, 3rd party appliances, file systems, IoT devices and
more) is done with vulnerable password-based authentication protocols, which
cannot be replaced without complex integration.
Our technology introduces a revolutionary authentication platform, capable of
enforcing adaptive authentication (AI-based) across the entire corporate network
& cloud, without any change to endpoints and servers.
This technology protects even resources that don’t support strong authentication
at all, and works across all corporate environments (on-prem, cloud, multi-cloud,
hybrid), making it the industry’s first holistic authentication platform.
5.5.7 Network Access Control (NAC)
NAC solution is vital to internal / corporate security of any organization as defines
physical network access to the corporate LAN. As with most first generation
technologies, the exploding attack surface of organizations has made current NAC
solutions difficult to scale. No thanks to it chunky deployment models, i.e. folk lift
upgrade of network infrastructures (switches, routers, etc.), yet there aren’t
SCALABLE.
Current offering has been discovered to have inherent security flaws that allow an
attacker or intruder to easily bypass controls hitherto put in place, i.e. ARP
spoofing, IP and MAC address spoofing, amongst others. Here are some of the
features you get with a with our brand of NAC;
a. Does NOT require your switches, AP’s and WC’s to be managed. It can work with whatever infrastructures you currently have.
b. It Works at Layer 2. Does NOT require 802.1x infrastructures. c. No need to configure or setup port mirroring or SPAN. d. Integrated IP Address Management (IPAM). You have inventory of IP
Addresses and its usage report on your network, i.e users and devices using a particular IP, list of reserved IPs, list of available but unassigned IPs, etc. Create a policy to BLOCK all available but unassigned IP Addresses, which hardened your network from end to end, as no device can NOT connect to your network without your knowing!
e. No single configuration whatsoever on your infrastructure. f. Can be used an optional DHCP server. g. Insane visibility into WLAN, Users, Devices, OS’s and any other IP enabled
endpoints without ANY configuration! h. No need for constant querying of Active Directory. Does not require any
form of service accounts. i. Work both on premise and in your cloud infrastructure. Works within a
SCADA and IoT enabled networks.
5.5.8 Real Time Threat Detection, Prevention and Remediation Platform (RTDPR)
Organizations are experiencing an increase in breaches and exploits due to the
evolution of technology that includes BYOD, BYOT, and cloud technology as well
as the sophistication of the threats. This requires organizations to protect the
entire infrastructure, every device, user, and application. Traditional security
products such as next-gen firewalls, SIEMs, and others are not sufficient to detect
and stop the modern cyber security attacks. As the threats evolve, your security
investment should evolve as well.
15
RTDPR was founded on the concept that there had to be a better way to detect
today’s threats – one that works on all forms of today’s advanced threats. Seceon’s
solution is built around detecting the threats and the threat actors by how they
behave. The Platform automatically identifies the risks within an organizations
environment, including zero day, to deliver unparalleled visibility into internal and
external threats. It’s like having a SOC team in the box.
RTDPR detects all form of threats in minutes, not days and allows automated
remediation within seconds. It is a data driven analytics solution that is moving
from reactive approach to cyber security to predictive threat modeling. The
platform provides comprehensive visualization of the threats and most importantly
single line persistent alerts that are listed by criticality rather than generating
thousands of threat indicators as many other platform does. This platform uses
combination of static rules, real time threat feeds, behavioral analytics and
machine learning to correlate various threat indicators and threat that matters.
This can be installed and operational in minutes and requires little or no
provisioning. There are no rules to import and customize, no signatures to pull in,
no complicated filters that need optimization. RTDPR helps security experts by
automating most of the day-to-day cyber security threat indicators monitoring
operation and allowing them to spend their time more in designing cyber security
prevention strategies for real threats that matter rather than mundane work of
threat indicators correlations and figuring out if those are real threats or not
5.5.9 Data Loss Prevention (DLP)
Most Organizations see the implementation of a DLP solution as a massive pain.
Data Loss Prevention is a system which performs real-time data classification
of ALL outbound / inbound transmissions from the Network &/ Devices while
automatically enforcing security policies on security violations including blocking.
The key is to protect the content, not the file. So if the same content resides in
multiple files of different formats, the system must still detect it and enforce an
action on the transmission.
New programs requiring the use of unconventional protocols are becoming
increasingly more prevalent. Furthermore, despite company policies forbidding
the practice, employees frequently utilize peer-to-peer applications. Microsoft
Networks and similar protocols, initially designed for LAN, are perfectly capable of
working over the Internet.
Finally, malicious applications (e.g., viruses and worms) can be utilized to transfer
data across a broad variety of protocols. So supporting just SMTP, HTTP, FTP and
IM is a real limitation and is NOT DLP. It is essential that the DLP system detects
rogue connections or unauthorized encryption, terminates the connection and
provides remediation.
Our Data Protection Solutions are unique in that it addresses threats from both
trusted and un-trusted users. With a unique patent-pending fingerprinting feature,
it is capable of real-time inspection of all protocols (even those that may be
unknown) and optionally stopping data loss immediately; as opposed to just
reporting it.
With a mission to lead in both innovation and customer trust. Our Data Loss
Prevention solution is comprehensive and offers the essential elements of a Data
16
Loss Prevention solution including: accuracy, support for all protocols and file
types, security and scalability.
Our technology provides organizations the overall control and visibility needed to
manage advanced threats, analyze data, prevent data loss, enforce compliance
while protecting the brand and reputation.
5.5.10 Anti-DDoS Program
Distributed denial-of-service (DDoS) attacks are a real-and growing-threat to
businesses worldwide. Designed to elude detection by today's most popular tools,
these attacks can quickly incapacitate a targeted business, costing victims
thousands, if not millions, of dollars in lost revenue and productivity. By adopting
new purpose-built solutions designed specifically to detect and defeat DDoS
attacks, businesses can keep their business operations running smoothly.
DDoS attacks are weapons of mass disruption. Unlike access attacks that penetrate
security perimeters to steal information, DDoS attacks paralyze Internet systems
by overwhelming servers, network links, and network devices (routers, firewalls,
etc.) with bogus traffic.
DDoS is emerging as the weapon of choice for hackers, political "hacktivists,"
cyber-extortionists, and international cyber-terrorists. Easily launched against
limited defenses, DDoS attacks not only target individual Websites or other servers
at the edge of the network- they subdue the network itself. Attacks have begun to
explicitly target the network infrastructure, such as aggregation or core routers and
switches, or Domain Name System (DNS) servers in a provider's network.
The growing dependence on the Internet makes the impact of successful DDoS
attacks-financial and otherwise-increasingly painful for service providers,
enterprises, and government agencies. And newer, more powerful DDoS tools
promise to unleash even more destructive attacks in the months and years to come.
Because DDoS attacks are among the most difficult to defend against, responding
to them appropriately and effectively poses a tremendous challenge for all Internet-
dependent organizations. Network devices and traditional perimeter security
technologies such as firewalls and intrusion detection systems (IDSs), although
important components of an overall security strategy, do not by themselves provide
comprehensive DDoS protection. Instead, defending against the current DDoS
onslaught threatening Internet availability requires a purpose-built architecture
that includes the ability to specifically detect and defeat increasingly sophisticated,
complex, and deceptive attacks.
5.5.11 Privileged Access Management (PAM)
Enterprises often struggle with layering least privilege on servers, applications and
other assets. The need for layering least privilege arises from the concept of
separation of duties. Not all employees should be able to use resources like servers
and applications equally. Deploying accounts with least privilege helps prevent
insider threats, misuse of rights and access and data exfiltration due to breaches.
PAM simplifies the process of layering least privilege. With its simple privilege
management workflows, we helps IT administrators, security teams and IT risk
managers quickly and effectively specify who can do what, when, where from, using
which device and more. PAM helps provide visibility into how much access, rights,
17
privileges any employee has on company assets. This helps guide administrators
on where to focus energy and analyze risky privilege grants in a controlled fashion.
5.5.12 Mobile Security Program (MSP)
BYOD Security has been a constant challenge for many enterprises. Stories of failed
MDM deployments are rampant, with firms struggling to achieve meaningful
adoption. According Bitglass BYOD security survey, one in three organizations
have attempted to deploy an MDM solution, yet a massive 57 percent of employees
refuse MDM for BYOD. The root cause of these failures is an attempt to manage
and control devices that don’t belong to the organization. The goal at the heart of
any BYOD security program is to secure corporate data on devices, not the devices
themselves.
In conjunction with our partner, we’ve taken a fundamentally different approach
to mobile security, one that employs a proactive, data-centric security posture. We
provide an agentless BYOD security solution that is a lightweight yet powerful
alternative to MDM.
The agentless approach means there’s no potential for encroachment on employee
privacy. And no effect on device performance or battery life. Users can keep using
their apps of choice, maintaining a great user experience, while IT gets the security
and compliance required by their organization
Through our partners, we provide customized cyber education solutions for your
specific needs. Whether you’re a company seeking cyber awareness training for
your employees, a university interested in integrating cyber boot-camps or labs
into your school, a government agency looking for advanced cyber training, or an
individual pursuing career improvement – we have the right solution for you.
5.5.13 Cyber Education
We focus on individual behaviors that may put your company and clients, at risk of
cyber threats or crucial mistakes in online research.
Our main solution is comprised of two online programs that focus on cyber security
and cyber intelligence awareness. The security program teaches employees how to
protect themselves, their company, and their clients from hackers and online
criminals trying to exploit their lack of awareness. The intelligence program
teaches them how to improve their online research and access “deep web”
databases to uncover information critical to your business and clients.
FOR GOVERNMENT
Cyber Security Projects for Government Agencies
We’ve got significant experience working with intelligence and security
government agencies around the world. Our team consists of military and industry
cyber experts, among them the trainers and developers of the Israeli elite cyber
units.
At SMSAM , we believe that every client is different, so we analyze your specific
needs, and develop customized and unique solutions tailored for success. Our
solutions are developed by subject matter experts together with education experts
in order to provide the highest level of content, with a proven, accelerated learning
method.
18
MISCONCEPTION ABOUT SIEM
There is general state of confusion around the core objective of a SIEM solution.
While some believe that a SIEM is a panacea for real time threat monitoring on
their infrastructures, others like me believe its NOT!
Often times when I am presenting at conferences across the region, people will ask
me “Is SIEM Dead”? Such a great question! Has the technology reached its end of
life? Has SIEM really crashed and burned? I think the answer to that question is
NO. SIEM is not dead it has just evolved.
They were developed with the goal of helping organizations in the early detection
of targeted attacks and data breaches. But SIEMs have struggled to keep pace with
the security needs of modern enterprises, especially as the volume, variety and
velocity of data have grown. As well, SIEMs have struggled to keep pace with the
sophistication of modern day threats. Malware 15 years ago was static and
predictable. But today’s threats are stealthy, and polymorphic.
SIEMs were a great technology when we were dealing with protecting the known,
with fixed perimeters and signature-based security. But is this reflective of today’s
dynamic threat landscape, with a porous perimeter and workloads moving to the
cloud?
To catch up with the latest reality of cyber threats, traditional SIEM vendors has
had to come with bolted modules, which has astronomically shot up RoI, makes it
very difficult to deploy, management and administer. A new approach is needed,
and that’s the platform we provides. All you’ve wanted your SIEM to do and much
more – with no overhead or chaos that comes with the management of a SIEM.
5.6 Endpoint Security Program (ESP)
Organizations are facing an unpalatable reality: Having consistently invested in endpoint
protection solutions, they feel no more assured or protected. While they are promised 99
percent protection, they feel 100 percent exposed. Rather than simply continuing to add
to the mistakes of the past, it’s time to come at endpoint protection with a fresh and vibrant
approach. It’s time for a new standard in endpoint protection solutions. And that is exactly
what we have created with our ESP..
The universal target for attackers is the endpoint, but endpoints are changing. The modern
workforce is mobile, extending endpoints beyond corporate firewalls and moving
seamlessly between virtual and cloud environments. All of this requires even better
endpoint protection. To be effective, the new standard for endpoint protection must adapt
to this new reality. Aware of the need to protect the endpoint, organizations has hitherto
thrown slew of ineffective technologies at it, ranging from silo’d to disjointed point
solutions which are heavily dependent signature based techniques.
A new approach is required, hence our Endpoint Security Program which provides
amongst other best of breed features but not limited to, IT Hygiene, Next Gen AV (no
signature), Endpoint Detection and Response (EDR), Managed Hunting,
Threat Intelligence, amongst others.
19
5.7 Breach Attack Simulation (BAS) Program
Cyber Security Risk Assessment Services (CRAS). This services leverages global
standards in risk assessment methodology such as NIST 800-30, Mitre Attack,
Microsoft DREAD and CVV3 standards. This service consists of 2 elements,
i.e. Breach and Attack Simulation- BAS) and Compromise Assessment
Service- CAS).
5.7.1 Breach & Attack Simulation (BAS)
Cyber security assessment platform is a SaaS based solution which enables
organizations to test their security posture from an attacker’s point of view at any
time. Attackers like Cyber criminals, malicious hackers, disgruntled employees,
etc. use many different methods to try and breach the organization’s parameters
and bypass security controls.
Now organizations can automatically execute various assessments on themselves
using the different attack vectors, i.e. Email assessment, WAF assessment,
data exfiltration / DLP assessments, Endpoint security assessment,
hopper assessment, web security gateway assessment and immediate
threats assessment,( see detailed descriptions below) and verify that their
security framework is deployed well and that their cyber resiliency is high.
Benefits Brief Overview
• Wide coverage of attack scenarios o Get a comprehensive security assessment of the most advanced, multi-
vector and latest threats.
o Simulate a direct APT (Advanced Persistent Threat) attacks on an
organization or a large-scale sporadic campaign targeting millions of
organizations worldwide.
• Ability to perform On-demand testing o Organizations’ can launch attack simulations from any location, either on-
demand or scheduled for automated periodic testing.
o Shorten testing cycles and expedite remediation time.
• Immediate results o Self-service model - No middlemen, keeping the you in control without the
need to schedule assessments ahead.
o At the end of each execution a detailed report (management an d technical)
will be produced outlining the vulnerabilities found, their risk scoring and
recommended mitigation.
o Customer has access to the results in an intuitive and easy to use dashboard.
o Reports can be generated by the customer in PDF and Excel format.
• The Platform is a SaaS solution
o Easy and instant deployment through our Plug & Play solution.
o No hardware required.
o No need to manage a large number of agents.
o No additional expenses
• Simplicity
20
o Simplifying the penetration testing procedures, with only a few clicks you
can launch assessments with the unique platform, which has the
knowledge, capabilities, and the experience the world’s leading security
professionals.
• Secure Testing
o All assessments are done in a controlled manner without putting the
organization’s network at any risk.
o Will not interfere with the organization’s employee working procedures and
day-to-day operations.
o The organization’s platform is secured, and all data is encrypted.
Detailed Explanation of the Components of our BAS
1) Email Security Assessment
o The E-Mail Security assessment enables an organization to test its
resiliency and identify vulnerabilities of the companies e-mail systems and
security controls. During this assessment, solutions such as Secure Email
Gateway (SEG), Sandbox, Content Disarm and Reconstruction (CDR) etc,
are tested.
o These tests will simulate different scenarios that resemble very common
attacks methods used today like hiding ransomware, malware and
malicious links in different email attachments.
o The E-mail Security assessment allows organizations to launch a barrage of
different attacks containing threats such as but not limited to
i. Malware
ii. Ransomware
iii. Worm
iv. Payload
v. Exploit
vi. Dummy
2) Web Gateway Assessment
o Our Web Gateway assessment tests an organization’s outbound using
common HTTP/HTTPS protocols to malicious websites, enabling the
organization to test against a large, continuously growing database of
malicious websites and IP address of bot nets etc. During these
assessments, solutions such as Proxy, URL filtering, policies and secure
browsing capabilities are tested.
o The Web Gateway assessment allows simulation of web browsing and
communication to websites in different categories such as but not limited
to:
i) Phishing
ii) C&C
iii) Spam
iv) Download
v) Exploit kit
21
o Our Browsing will also simulate downloading malicious files and browser
related exploits, using highly evasive nation-stage grade Exploit-Kit.
3) Phishing and Awareness Assessment
o The Phishing and Awareness Assessment is intended to help organizations
reduce the risk of spear-phishing, BEC, whaling, fraud and ransomware
attacks. By focusing on raising an organization’s employees’ security
awareness, the tool enables the customer to create and execute simulated
phishing campaigns.
o During these assessments, a number of phishing methods are tested: will
the employee click on a “malicious” link, will the employee open an
“infected” attachment or will the employee provide his\her credentials.
o The customer can use pre-made templates for the assessment phishing
campaigns or to create its own templates with an easy to use management
console at the platform.
o The phishing assessments can target all of the employees in the
organization or target specific employees (Spear phishing).
o At the end of the execution the system will produce a detailed report
showing who “fell to the trap” and has either clicked or exposed further
credentials.
4) Hopper-Lateral Movement Assessment
o Our Hopper’s algorithm gathers common and specific techniques used by
malicious hackers and cyber criminals to move latterly inside the
organizations’ network to reveal potential breach spots of an organization’s
domain network.
o These tests will simulate different scenarios and attack methods that will
test the deployment of security controls such as: EDR, EPP, Honeypots,
IDS, SIEM etc, hence pointing out the internal security resiliency level.
o Our Hopper assessment utilizes various techniques and methods to
laterally move inside the network. Such techniques include but are not
limited to:
i) Exploits
ii) Pass the hash
iii) Privilege escalation
iv) Manually provided credentials
o At the end of the execution the system will produce a network view of the
workstations, servers, databases and network controllers which the tool
managed reaching. For each reached asset, the system will identify the
method in which it has been reached and a recommendation for mitigating
the breach.
5) Web-Application Firewall Assessment
22
o Our Web-Application Firewall Assessment tests an organization’s WAF
configuration, implementation and features, to enable blocking of common
Web Application payloads.
o Our Web-Application Firewall assessment utilizes various techniques and
methods to test an organization’s Web-Application Firewall. Such
techniques include but are not limited to:
i) Cross-site scripting
ii) SQL Injection (SQLi)
iii) Cross-Site Request Forgery
o At the end of the execution the system will produce an executive summary
outlining the security risks and a detailed technical report outlining the
threats as well as mitigation recommendations are offered for each threat
that has been discovered, depending on the category and penetration
vector.
6) Data Exfiltration (DLP) Assessment
o Our Data Exfiltration (DLP) Assessment enables organizations to test their
DLP controls implementation.
o The assessment is comprised of sophisticated exfiltration methodologies
and common used ones in order to try and leak samples of data which is
defined as sensitive to the organization like credit card numbers, Social
security numbers and any other data which you consider sensitive.
o The customer can easily customize the list of sensitive phrases, key words,
regular expressions which it considers sensitive and are monitored by its
security controls.
o At the end of the execution the system will produce an executive summary
outlining the security risks and a detailed report outlining the threats as
well as mitigation recommendations are offered for each threat that has
been discovered, depending on the category and penetration vector.
7) Endpoint Security Assessment
o Our Endpoint Assessment solution allows organizations to deploy and run
real ransomware, Trojans, worms, and viruses on a dedicated endpoint in a
controlled and safe manner. The assessment ascertains if their security
products are tuned properly and are actually protecting their endpoints
against the latest attack methods. The comprehensive testing covers all
aspects of endpoint security, including:
i) Automated behavioral detection - Endpoint Detection and
Response (EDR), or End Point Protection (EPP).
ii) Signature-based antivirus detection.
iii) Known vulnerabilities, including OS patches and third-party
software.
o The assessment results are presented in a comprehensive report in an easy-
to-understand format. This allows the organization to view the security
23
state of each endpoint and take action to update and upgrade endpoints
where necessary. Mitigation recommendations are offered for each threat
that has been discovered depending on the type of attack and phase it
reached in its distribution method.
8) Immediate Threat Notification and Assessment Service
o The intent of the immediate threat module is to enable customers to be
notified of active threats launched by cybercriminals and test their
vulnerability using one of the above modules depending on the attack type.
o Customers subscribing to this service will get a notification when an
immediate threat is active with a link to run the assessment in the platform
tool in order to check if they are vulnerable to the threat.
5.7.2 Compromise Assessment Services ( CAS) The first step to any cyber security strategy involves knowing your current security
posture and state. Attackers are often resident inside a network for months,
sometimes years, before being detected using malware to infect endpoints. As
evidenced by the growing number of breaches, existing prevention technologies are
no longer enough to stop all threats from penetrating the perimeter.
Proactive risk assessment strategies such as vulnerability assessments and
penetration tests look for security gaps and vulnerabilities, but they only answer
half of the security paradox; “Can I be hacked?”. They do not answer the more
vital question; “Am I already breached?” Today’s enterprises need to add
compromise assessments to their security practices to proactively verify whether a
network has already been breached to more effectively measure risk, reduce dwell
time and business impact.
Any proactive cyber security strategy needs to include an assessment of your
current security posture and state. Attackers are often resident inside a network for
months, sometimes years, before being detected using malware to infect endpoints.
As evidenced by the growing number of breaches, existing technologies are no
longer enough to stop all threats from penetrating the perimeter.
Since a Compromise Assessment focuses on identifying previously unknown,
successful or ongoing compromises, the tools and techniques used to perform the
assessment must be able to identify post compromise activity, dormant and hidden
malware, malicious use of credentials, and Command and Control (C2) traffic. This
differs from traditional solutions which focus on early detection of attacks, exploits,
malware installation events which attempt to prevent an attack from succeeding or
catching an attack early enough to reduce damage during a breach.
Our networks will always have a degree of vulnerability as organizations struggle
to keep determined attackers out of their networks, and skilled attackers can
successfully remain hidden for months, sometimes years, before being discovered.
Unless you can measure the current compromise state of your network, your cyber
security risk profile is incomplete.
24
5.8 Compliance Management & IR
Depending on your type of organization, you’ll be required to show or prove compliance to
certain industry regulations, i.e. PCI DSS, ISO, COBIT, etc. Here a SIEM technology is
expedient.
5.8.1 Incidence Response (IR).
The best security operation centers (SOCs) are built on efficiency and speed-to-
response. But if you’ve ever worked in a SOC or on a security team, you know it’s
tough to get your security systems, tools and teams to integrate in a way that
streamlines detection, response, and remediation.
One of the most tedious tasks of all is cobbling together alert details to assess if a
security event is a real threat, along with correlating data and coordinating the
appropriate response.
That’s why security tools need to be connected, security processes need to be
efficient and as an industry, we need to start working together. As new technologies
arrive on the scene every day (IoT, BOYD and continued virtualization of all the
things), security teams need a way to become more agile. Security Orchestration is
the ultimate way to drive consistency and reduce incident response times.
Automation replaces cumbersome manual processes with machine speed
response.
25
6 COMPONENTS AND RECOMMENDED SOLUTIONS
To effectively secure your organization against devastating cyber-attacks and its aftermath, we
believe that implementing the VIPDDR Components as highlighted below with all zest and
insane commitment would set your organization on right path. It is recommended to have a
phased approach to the implementation of these components. Also note that our framework
integrates with major elements of your organization’s infrastructure, i.e Endpoints,
Networks, Applications (On-Premise and Cloud enabled) to disrupts, frustrate and
slow-down the adversaries in their attack path.
S/N
Attack Kill Chain Phase
Components of VIPDDR Framework
Program Implementation
Recommended Solutions
1 Reconnaissance Visibility Cyber Threat Intelligence
www.intsights.com
www.spycloud.com
2 Initial Compromise
Isolation Email Authentication and Security (DMARC)
www.dmarcian.com
www.xiacom.com
www.genians.com
www.gttb.com
www.avanan.com
www.ricomshield.com
www.iboss.com
arbornetworks.com
3 Command and Control
Prevention Insider Threat Program
www.safe-t.com
www.seceon.com
www.genians.com
www.gttb.com
www.onionid.com
cronus-cyber.com
4 Lateral Movement
Deception Endpoint Security Program.
javelin-networks.com
binarydefense.com
5 Target Attainment
Detection Compliance Management & Incidence Response
Insider Threat Program
Breach Attack Simulation Program
www.logpoint.com
www.seceon.com
www.secdo.com
www.cymulate.com
6 Exfiltration Response Orchestration and Automation Program
Cloud Security Program
www.secdo.com
www.avanan.com
26
7 ABOUT SMSAM SYSTEMS LIMITED
SMSAM SYSTEMS LTD is a Disruptive PAN African Advanced Cyber Security Consulting firm with a mission to securing all of Africa's digital assets and critical infrastructures against ALL of form of cyber-attacks. Headquartered in Lagos, Nigeria and with presence in many African countries. We deliver on our mission by leveraging on the newly developed cyber security framework by our firm, i.e. VIPDDR Framework. This framework was designed principally for organizations operating out of Africa. Hitherto, other standards and frameworks adopted, due to its insane complexity have in most instances merely focused on COMPLIANCE and did little to securing the entire organization's infrastructures. This framework amongst other things, seeks to DISRUPT, FRUSTRATE and SLOWDOWN the adversaries attack paths as nicely captured in the famous. Lockheed Martin Cyber Attack Kill Chain Model. While we cannot guarantee an intrusion- free infrastructure, the newly designed framework has its endgame in STOPPINGBREACHES! We therefore invite interested organizations and individuals to engage us in a positive conversation on the framework can be implemented as part of their existing cyber security and risk mitigation plans. Our Services focused mainly on three (3) categories of organizations as follows;
1- TELECOMS ORGANIZATIONS. We Particularly focus on helping Telcos in preventing and mitigating the exploitation of inherent security flaws and vulnerabilities found in the SS7/GTP/Diameter signal protocols amongst others, i.e EPC security.
2- SCADA/ICS/OT ORGANIZATIONS. We provide a Platform that enables operational engineers and cyber security personnel to gain control over industrial-networks (Power Grid, LNG Plants, Refineries, etc) detect malicious activities, identify unauthorized changes, troubleshoot problems caused by control device mis-configuration or firmware updates, and address compliance and change management requirements.
3- ENTERPRISE ORGANIZATIONS. This refers to organizations with traditional IT networks i.e. Financial institutions, Government agencies, etc.
Every Successful cyber-attacks is traceable to the successful exploitation of vulnerabilities, i.e.
human or applications. Therefore, for a successful prevention or mitigation against any form
of cyber-attacks, having a surgical visibility across these undisclosed and zero-day
vulnerabilities is mandatory.
Contact Information
Tel: +234 80 999 SMSAM, +234 81 8781 3483, +234 80 2632 5087, +234 80 9999 2009
Email: [email protected] | Web: www.smsam.net