IT assets are no longer exclusively within the known perimeter of the organisation. As more and more data and systems are moved into the cloud the secure perimeter has been fractured and the risk of compromise and attack becoming far greater. Remote working and mobility has compounded these security risks resulting in the emergence of critical but diverse security technologies. ITC continues to work meticulously with our clients to ensure their infrastructures are highly secure, yet agile and responsive enough to meet the business demands.
Whilst technologies individually perform critical functions, they all generate a mountain of events, logs and alerts (‘noise’) sometimes making it difficult to see the wood for the trees at an operational level. At ITC we have developed our unique and simple 5 Steps to Security Model to contextualise, summarise and prioritise this ‘noise’ allowing us focus on the most important assets. ITC delivers meaningful and actionable reporting in real time, enabling informed decisions to be made more quickly.
ITC’s 5 Steps to Security Model is fundamental to the successful delivery of our NetSure360° Security Management Service. Our refreshing approach to infrastructure security focuses on the critical assets of your business using our straightforward ‘5 Steps to Security’ programme which is simple and structured way of identifying genuine and potentially damaging intrusions. These simple steps help our clients manage risk, inform the business and build appropriate recovery plans against potential likely scenarios
Logging is not security, however both real time and forensic security analysis require quality time synchronised logging from multiple platforms. We see a move away from infrastructure centric logging, which has been dominant until recently, towards ubiquitous logging – the centralisation of logs from multiple platforms including infrastructure, servers and applications.
Ideally logging platforms should offer adequate long-term storage, have the capability to process logs from the required multiple sources, have an element of fault tolerance in the event for instance of a Wide Area Network (WAN) outage, and be centrally searchable.
With the multitude of systems on any enterprise network, identifying and processing each and every potential security alert against each component is a difficult if not impossible task. For this reason ITC builds an asset model of the customer’s estate to reflect both geography and topology, but also business critical or vulnerable systems. This includes internet facing applications or revenue generating systems such as order processing or manufacturing automation systems.
The asset model will be utilised along with vulnerability data (see implement vulnerability assessment) to contextualise and prioritise security alerting.
Vulnerability assessment is the process of scanning servers, infrastructure and applications for known vulnerabilities. It is used to drive prioritised remediation through patching and upgrade and also to enable security alerts to be appropriately scaled. If we know a device is not vulnerable to a specific threat, there is no need to set the klaxon off when we observe that threat against it; rather we can just log the event.
Now that we have logs from everywhere, an asset model and vulnerability data, we are in good shape to define our security ‘use cases’. This goes above and beyond the alerting from individual security devices, what chain of events will drive an appropriate alert which can be investigated.
Some examples of security use cases might include the identification of privileged access or escalation in the front office, VPN access by users already logged on internally, brute (check) forced login attempts across multiple similar systems, intrusion prevention device alerting that corresponds to a threat against a vulnerable system
ITC has a growing library of security use cases built for general use and in some cases for specific markets such as the recent DDOS threats against financial services organisations.
With the solid base identified above, we believe that any use case that can be articulated on a piece of paper can be coded and delivered as part of the SIEM system.
Many organisations such as Digital Shadows, HP, Cisco, McAfee or the open source ArcOSI provide rich real time threat data which they can derive and consolidate from their multiple security endpoints, both internal and customer located.
This data can consist of sites with known bad reputations, current high-risk attack sources or specific attacks, and new malware in the wild etc. ITC recommends consuming threat data from as many sources as possible.
An example of how this data can be utilised is the identification of traffic from or to known Malware (Botnet) command and control sites which can be indicative of Advanced Persistent Threat (APT) infection within the enterprise.
ITC believes you have to take a risk-based approach to deliver appropriate security. Our Information Security Risk Management consultants can help you through the full lifecycle of risk management stages to ensure you know what the right things to do for your business are, how to implement them and also how to run them effectively.
ITC believes you have to take a risk based approach to deliver appropriate security. Our Information Security Risk Management consultants can help you through the full lifecycle of risk management stages to ensure you know what the right things to do for your business are, how to implement them and also how to run them effectively.
One of the most common questions in Security. ITC can take the output from audits and health checks and compare the results against a large data set of other organisations. This can be further filtered to industry vertical or control area to give you the most relevant view.
Depending on your starting point, ITC can take a high level approach to help you understand key risks quickly, or go straight in to defining and delivering customised risk management frameworks. Our end to end approach will help you understand underlying risks in terms of threats, impact areas and levels and also your real world exposure to the threats.
We use a wide range of techniques to test the effectiveness of controls, from infrastructure & application penetration testing to highly customised phishing tests.
Thankfully more attention is spent in this area as its importance is better understood. Sadly, much of the effort does not deliver the expected results due to the way it is delivered. We use leading edge methods to deliver customised, relevant and consumable messages to your workforce. These include interactive websites, smartphone apps and short video flashes. The metrics for comprehension speak for themselves.
We encourage all of our clients to consider the inevitability of a security issue. We will help you focus on realistic scenarios and develop integrated business responses to the incidents – combining the incident investigation phases with effective internal and external communications.
ITC Consultants work with clients to develop detailed policies, procedures and control frameworks based on industry best practice tailored to your risks and regulatory requirements. Once these are established we can then manage subsequent deployment stages.
Clients can select from the above as individual consulting engagements, or they can be delivered as an integrated Information Security Improvement Programme.
This service augments an organisations incident response capability by providing access to ITC’s most experienced engineers and consultants to provide effective triage and remediation advice for security incidents. Where required, this can include the coordination of forensic and investigation activities using specialist resources.
We provide visibility of potential threats to clients by using detailed risk based profiling and bespoke tools to search the Surface, Deep and Dark Web for relevant intelligence. ITC then provide advice on mitigating any threats identified.
Cyber-crime is becoming increasing costly for organisations as they face an alarming rise in targeted cyber-attacks committed by activists, criminals and nation states whose sophisticated methods are now bypassing traditional defences. The latest annual survey published in October 2016 by The Ponemon Institute shows that the UK has the highest cost related to denial of services attacks.
With ITC your organisation can counter these new threats and implement a more proactive, intelligence-led approach to defending against targeted cyber-attack and avoid financial loss associated with disruption, damage or destruction of your key assets. Our approach provides greater situational awareness of adversaries and their tactics through cyber threat monitoring and protection to enable a more proactive approach to defence, to identify a targeted attack.
Consistent with our other services, ITC’s NetSure360° Cyber Threat Management module links to and compliments our unique NetSure360° management suite.
The rules for secure network management have changed, putting many companies directly in harm’s way. Quarterly security audits once deemed precautionary safeguards are no longer enough. Networks and systems need to be tested more frequently in order to give early warnings of any potential vulnerability.
Every Internet-connected network is potentially at risk. Organisations, which may already be using preventative measures such as firewalls, IPSs and VPNs, are turning to vulnerability assessment to ensure total security for their internet-exposed systems. Effective vulnerability management can find the ‘holes’ in your security armour and proactively manage the risk, security and auditing.
Identifying and correcting new vulnerabilities in network devices and systems before they are exploited has become one of the main concerns of Network Managers as quarterly and even monthly security audits with penetration testing no longer provide sufficient preventative protection.
ITC Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations.
Consistent with our other services, ITC’s NetSure360° Vulnerability Module links to and compliments our unique NetSure360° management suite.
IT departments are faced with a dilemma as users and applications are being pulled further apart. On one end you have virtualisation and consolidation efforts that are centralising applications and data into fewer locations, on the other you have users who are increasingly distributed and mobile.
Progressive organisations are today therefore developing ‘Mobile First’ IT strategies which recognise that keeping employees securely connected at all times on any device is the foundation for an efficient and prosperous future business.
In partnership with our sister company Mobliciti, ITC are at the very forefront of mobile IT evolution, enabling organisations to get connected, get control & get content securely to remote & mobile devices.
The insatiable demand for information and communication is increasingly at odds with IT security and business risk. This has led to a whole new generation of Firewalls that according to Gartner are “no longer a commodity”. Expert capability is required to specify and manage next-generation firewalls, keeping up with ever changing threat conditions and vulnerabilities. To remain effective, firewalls need to be monitored, tested and upgraded as new services and applications are integrated. It’s a specialist task, and one that can distract your key people from their true operational priorities.
ITC can design, deploy and maintain a firewall solution installed either on your premises or ‘in the cloud’ and configured by firewall experts, as defined by your company security policy. Furthermore, our advanced firewall solutions also incorporate Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that work in tandem to alert and protect networks from malicious attacks. These systems react in real-time to prevent unwanted activities from reaching your network, whilst still allowing all other authorised traffic to pass undisturbed and unthreatened.
ITC’s NetSure360° managed firewall and advanced firewall service is incorporated into the full suite of NetSure360° services, ensuring all potential threats to your network are mitigated, recorded and reported, forming a key element of your compliance, risk management and business continuity requirements.
As a further demonstration of our capability and pedigree, ITC are delivering virtual managed firewall solutions in the core of British Telecoms, Orange Business Services and Telstra’s networks. ITC’s unique managed service is allowing these three global telecom giants to deliver above market security enabling global firewall consolidation and cost reductions. ITC – Simplifying Management and Controlling Risk.