IntelliSecurity

Don’t stay an easy target. Be confident with the IntelliSecurity Education on how to navigate todays Security Landscape and use our tools to stay protected.

In today’s technology environment it is essential to have a proper cyber-security strategy in place. There are so many bad actors out there constantly looking for vulnerabilities that they can exploit for their own gains. Understanding the risks will give you the confidence to make the right decisions on the security offerings that are required for your business.

Any good cyber defense strategy is based on a multi layered approach to preserve security integrity from. The best practice in security is to have a Defense in Depth (DiD) approach to provide protection in the event one of the other layers are breached. IntelliComp’s cyber defense is not only designed to ensure security but to also help organizations achieve compliance in HIPAA, ISO 27001/27002, PCI -DSS, GDPR, and other important security standards. The tools and strategies we offer are specifically chosen to protect against areas of high risk or areas where proper security measures are lacking.

The Five Laws of Cyber Security

(Source: Forbes.com – Written by Nick Espinosa)

1. Every Vulnerability Will Be Exploited. No Exceptions

Humans spend their entire lives looking for shortcuts. While one person was envisioning a secure banking system, another was planning how to rob it. There will always be someone looking to take advantage of the system in some way. Finding ways around everything for both good and bad purposes is so ubiquitous today that we even have a term for it: “Life Hacking”

2. Everything Is Vulnerable In Some Way

Technology was designed to be convenient, and the race to market often results in corners being cut. Security was never planned for originally and constantly requires the IT team to keep updates current, as emerging threats are discovered. We see this over and over as hardware vulnerabilities that have been around for years are discovered; and massive organizations are breached with astronomical results from a missed patch. Considering the Government Intelligence agencies that are invested in finding these vulnerabilities, basically guarantees that they will be found.

3. Humans Trust; Even When They Shouldn't

As a person, we get comfortable with what’s familiar. Wi-Fi in our favorite coffee shop that we feel is our safe space is actually insecure. Trying a new app on our trusty phone. Clicking on a link from a friend or colleague even when we’re not expecting an email from them. Training ourselves to be suspicious and “practicing safe cyber” will mitigate a large part of the what the hackers can exploit…our trust. It sounds weird to say we need to combat trust, but we do if we’re going to survive against the nonstop hacking that takes place.

4. Innovation Breeds Exploitation

We are by nature a curious species, as new technology come out there will always be people looking for new ways to break it. This by itself results in vulnerabilities discovered that were never known before. Additionally, technology companies reuse existing tech to be “efficient” and help meet deadlines; both hardware and software that was never patched with the latest security. This leaves the new technology vulnerable to already found exploits that are easily located in the online MITRE Database

5. When In Doubt; See Law #1

This one isn’t a cop-out. Every single law written here comes down to the simple fact that no matter what the concerns or problems are with regard to cybersecurity, they all stem from a vulnerability of some kind. If we ever forget this, we are doing nothing but asking for trouble. Our ability to properly defend ourselves comes from understanding that human nature makes these laws immutable. When we start thinking like a hacker is when we can actually stop them, so here’s to hacking the future together for our own security.

IntelliSecurity Services

The MITRE ATT&CK™ framework is a comprehensive outline that is used by all major security organizations to identify a threat and the techniques for a successful breach. (Source attack.mite.org)

Below we have outlined the framework with the various security solutions we offer to mitigate at each step

Initial Access

A central authority for user accounts provides the ability to manage and control all user accounts and required permissions for each user with Role Based Access Control system.

Windows Active Directory: Local on-premise Windows Server.

Microsoft 365 Azure AD: Cloud based Azure Active Directory

OneLogin Access Management: Cloud Based Directory with the ability to sync to Azure or Local Domains for user control and providing Multi-Factor Authentication

DUO Security: Cloud Based security provider enables the ability for a single platform to be used across multiple applications providing MFA and single sign on for easier user management.

Execution

Most systems are breached via email through a phishing attack against the organization. Even if only one person clicks the link or puts in their password, it can give the attacker full access into the organization’s most sensitive data. The human element is the most unpredictable and the hardest to protect against. That is why it is crucial to provide social engineering testing and training. Fake phishing emails are sent out to test the vulnerability of each user. Reports are then generated to see which employees require training to rectify the situation. Each training session is different and teaches employees ways to keep the organization protected.

Persistence

Our SOC uses their tools to track and examine every packet sent in and out of the network. The sensors analyze every packet as well as firewall logs and any other relevant information to find malicious packets before they enter the system. Our SOC is constantly reviewing this information to stop the transfer of anything malicious.

Privilege Escalation

Privilege Escalation is the process used when malware or an unauthorized user or system executes a procedure that allows them to gain more rights than they’re initially supposed to have.

Endpoint Anti-Virus: With our AV product running and managed from a central pane of glass, our team ensures that your systems are monitored for patterns that match these types of behaviors, and to alert, quarantine, and clean, any detected compromising software.

Security Baseline Policies: Following each systems manufacturer baseline policies, enhanced with our own internal security standards, we work to restrict administrative rights to specially designated accounts that need it and follow a strict process for granting additional rights when required. Be sure to let us know if there’s a specific industry standard you need to meet so we can adjust our processes.

Controlled Software Access: We can bring in additional services to provide a whitelist approach to any software that must run, or to design an approval process for any new software installs, simplifying requests to the help desk.

Defense Evasion

If there is any stored data that is sensitive in nature, then encryption should be applied to make sure only authorized users can access it. Both locally-stored and cloud-stored data should be encrypted, making the data unrecognizable to anyone not authorized to access it. We implement the best encryption algorithms, which are essentially impossible to breach, to make sure the data is secure. This is also used to send emails with confidential information.

Credential Access

Our Threat Hunter is used for advanced breach detection and remediation. It tracks every change made to every endpoint. The changes are then reviewed to find any auto-runs, which is used to execute malware. Any suspicious auto-runs are then manually reviewed by our analysts at their SOC (Security Operations Center). If they spot anything malicious our team quickly removes it from the systems.

Discovery

Discovery is where malware sits on the network and starts examining the environment so they can see where best to attack next.

IntelliSecure Breach Detection: With our award-winning EDR service enabled, our partner Huntress will be doing active threat hunting on your endpoints looking for malware that was able to avoid the standard Anti-Virus engines.

Lateral Movement

Ransomware is some of the scariest forms of malware and that is why we make sure extra protection is in place. We know how most ransomware functions and therefore target those areas to see if there are unusual signs of an attack. Once we spot it, we immediately remove it from the system before it can execute.

Collection

Command and Control

Command and Control is the classification assigned to the procedures used by the malware when its communicating to their “evil” home server.

Perimeter UTM Firewall: With a fully licensed UTM, security services will be enabled that will detect intrusions and implement mitigations. Communication to C2C servers will be identified and blocked.

Endpoint Web Filtering: With Umbrella security on the endpoint devices enabled, web traffic will be analyzed for malicious activity and blocked based on the policies defined.

Exfiltration

Impact

“From IT support to the purchase and installation of our new phone system they have been there for us. Their understanding of and expertise in the IT and telecommunications field is impressive and they are driven to resolve all of our company’s needs.”

Let’s Connect

We’re here to help you. Contact one of our specialists today!