Do you have a cyber security plan in place? Are you confident it is working? Daily headlines about hacks and attacks are underscoring that organizations of every size should prepare for cyber threats and incidents. The Crypsis team will work with you to evaluate your ability to respond to a security intrusion and identify measures you can take to improve your readiness. These include preparing a Security Program Roadmap, a customized, actionable plan to address your specific security needs and identify threats, as well as an Incident Response Plan to identify and define critical roles, responsibilities, and processes. We will also work with you to create an Incident Response Playbook and train your staff in how to use it in the event of a data breach or cyber attack.
The Crypsis Group was retained by a management consulting firm to help develop a comprehensive plan for identifying and responding to indications of a security breach or an intrusion by a threat actor into the firm’s network. Our experts worked with company executives in pulling together all of the internal information regarding people, processes, and technology that would be essential in responding to an incident, such as the types and severity of incidents that could happen and their relative severity and impact, the roles and responsibilities of key departments and personnel, and guidelines for communicating with internal and external audiences if an incident occurs. The Crypsis team put together a containment and eradication plan with a number of elements, each responding to various types of incidents in terms of how to secure the network, eliminate the attacker from the network environment, repair any damage and inaugurate larger remediation efforts. In the end, Crypsis delivered a detailed “incident response playbook” to the client, which also included processes for documenting what had happened, identifying lessons learned from an incident, and adjusting and enhancing network security protocols and controls going forward. In addition, the plan developed by the Crypsis team included procedures for identifying, classifying, and preserving data from an incident in order to facilitate post-event investigations and any legal or law enforcement actions that take place.
With many years of combined experience responding to cyber attacks and data breaches, the Crypsis team has the know-how to ensure your network architecture keeps current with the ever-evolving security threats. We offer a range of advisory services to fortify your security operations and empower you and your team to respond effectively and appropriately. Our services include a Compromise Assessment, whereby our consultants investigate the extent of the damage to or loss of data and whether the attackers are still gaining access, as well as a Penetration Test, where they try to find vulnerabilities in your network or verify the strength of the network’s defenses by simulating real-world attacks. We also offer a Breach Readiness Review (BRR) to assess the people, processes, and technologies that you already have in place to understand gaps that threat actors can exploit to gain access.
Crypsis was engaged by a Fortune 500 organization that had developed a new and more robust information security program and wanted to test its effectiveness in identifying and preventing network compromises intrusions. Crypsis experts conducted a “Red Team” exercise to assess the client’s new security controls and the in-house team responsible for monitoring the network 24/7. This began with a “Black Box” test of the client’s environment from outside the network, in which we deployed open source intelligence gathering (OSINT) to identify the company’s external network presence, such as employees who access it remotely and the IT products they use to do it. From there, we looked for exploitable vulnerabilities that would allow us to gain a foothold on the company’s internal network. In this case, we were unable to find any, so we then launched a phishing campaign against a targeted group of employees in which we crafted realistic emails with attachments that, when opened, would provide us access to the internal network and allow us to escalate user privileges and move laterally through the network to access sensitive data.
At the conclusion of this Red Team exercise, we were able to validate that the organization’s security efforts were effective with a few exceptions related to the phishing attacks. We provided the organization with an assessment of those vulnerabilities and recommendations for internal training for employees on spotting suspicious emails.
Is your organization living in the cloud? While your cloud service providers work to safeguard their own infrastructure, remote access is likely your responsibility, with each of your internet-connected components offering opportunities for threat actors. Crypsis has a focus on key Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Storage as a Service cloud computing applications, and our experts have operational and security experience in all of the major services such as Google/G-Suite, Amazon Web Services, Office 365, Azure, and Dropbox, among others.
The Crypsis team has responded to a multitude of cloud-driven data breach incidents and we have a deep and ongoing understanding of how attackers leverage weaknesses in configurations with cloud platforms, particularly in their default settings, to obtain unauthorized access and ultimately gain control of a client company’s data. Putting this experience to work for our clients, we know when to use native security features, when to outsource them to a third party, and when to build a customer’s own security features. We also perform gap assessments and develop recommendations on best practices with regard to the security and audibility of the cloud computing systems and applications our clients use.
The Crypsis Group was engaged by a SaaS provider who needed help architecting security design within the cloud with an ultimate goal of securing a FedRAMP certification. Integrating with their team, we partnered with the client to design and deploy security to an Amazon Web Service (AWS) Virtual Private Cloud (VPC)segregating the application into a FedRAMP boundary and protecting their information. To accomplish this, our consultants led sessions with the client to establish the architecture and placement of specific security tools, to determine when to use native AWS features versus third-party security features depending on which was the better application, and how to apply security controls inside the AWS cloud. During the course of our work we supported a FedRAMP audit and ultimately were able to achieve the desired FedRAMP certification.