red team assessment
Consectetur purus ut faucibus pulvinar. Magna fermentum iaculis eu non diam phasellus.
monitoring and detection
The Challenge The client had worked with a number of organizations to customize their SIEM system, some improvements had been made, however during penetration testing a wide variety of activities were not detected. Subsequent review with the SOC highlighted a large number of gaps in where the SIEM was currently receiving data from, and the analysis being conducted. The CSO and his team agreed that action was needed, however purchasing a new system was out of the question. The problem was exacerbated due to a large outsourcing contract for first line "eyes on glass" monitoring. To maximize the return on that contract the SIEM needed to be working effectively. The Solution OccamSec worked with the client's security team to obtain as much detail as possible on the technologies in place, what data was being collected, how it was being analyzed, and what was being done with it. A number of tabletop exercises were held with business personnel and technical staff to flush out potential issues, and identify the coverage that was being provided to critical assets. The potential for the current technology was assessed and OccamSec identified a number of quick wins, the key issue being how the data would be analyzed (most devices will produce some kind of a log file, so getting data from a source is usually not the issue, the problem is how to discern actionable information from it). Our team helped implement an initial round of modifications. Testing was undertaken to ensure these worked as planned, the process was then repeated. Ultimately in an 8 week project the client gained a massive improvement in their monitoring capabilities. No new software was purchased, and the transition to the outsource monitoring provider was successful.
Duis aute irure dolor in reprehenderit in voluptate. Sit amet dictum tempus imperdiet nulla.
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia.
Leo duis ut diam quam nulla porttitor massa id neque. Rhoncus dolor purus non enim praesent elementum facilisis leo vel.
application penetration testing
Auctor urna nunc id cursus metus. Turpis massa tincidunt dui ut ornare lectus. Sit amet dictum sit amet justo donec.