Information Assurance Philosophy- Green Hat

 

Cyber Security and Information Assurance

 


The MILE2 Cyber Security team has extensive experience defending networks and information systems by securing deployed systems, conducting vulnerability assessments/penetration tests, responding to computer security incidents, mitigating risk, and analyzing threats.
MILE2 is on the cutting edge of IA through Information Assurance professional organizations, ongoing education and live fire exercies, in-depth research and analysis of the latest security trends, tools, and threats. MILE2 regularly develops course content, globally recognized cyber security certifications, presentations, white papers, and blogs on topics such as IA basics, DIACAP and penetration testing methodologies and processes, secure virtualization, and Multiple Independent Levels of Security (MILS) architectures.


Main Key Skill sets include the following:
1. Certification and Accreditation
2. Critical Infrastructure Protection
3. Incident Response
4. Malware Analysis
5. Virtualization Security
6. Disaster Recovery and Business Continuity


Mile2 Complete Information Assurance Services & Cyber Security Capabilities
• Security Operations Center Management
• Cyber Security Exercise support – Red Team/Blue Team
• Computer Emergency Response Team (CERT) support
• Industrial Control System (ICS) vulnerability assessment and remediation
• Development of IA requirements and strategy for information systems, networks and government systems
• IA test plan development and Test Readiness Review (TRR)
• On-site or Remote IA testing; penetration testing, secure coding and vulnerability assessments
• Vulnerability remediation
• Risk assessment and mitigation
• IA engineering recommendations, process improvement, and training for Cyber Security best practices
• Incident Response and IA Clean Up
• Malware Removal
• Disaster Recovery and Business Continuity practices
• Business Impact Analysis

 

1. Certification and Accreditation
MILE2 has a dedicated Information Assurance (IA) team with the expertise necessary to guide any hardware or software system through the complete Certification and Accreditation (C&A) process. We are capable of managing C&A projects from initiation through Authority To Operate (ATO) approval and can provide you with complete support, including assessment, strategy, testing, and remediation, in order to ensure complete protection. MILE2 can address all C&A requirements of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP). Our Information Assurance analysts and engineers can offer you expertise in standards and policies affecting DoD and other software and systems accrediations.

 

2. Critical Infrastructure Protection
Today’s complex and interconnected critical infrastructure are vulnerable to a variety and growing sophistication of threats from organized crime, Nation States, terrorist organizations, and malicious insiders armed with zero-day exploits, logic bombs, and the capability to gain and maintain persistent access to compromised systems. The MILE2 team brings together the important skillsets and the experience necessary to protect critical infrastructure levels of assurance.
Specific services that the MILE2 team can provide to support the protection of critical infrastructure are:
1. Penetration testing and vulnerability assessment
2. System hardening
3. Secure software development
4. Project and program management
5. Incident response

 

3. Incident Response
The MILE2 team takes a four-phased approach to handling computer security incidents and approaches
incident response with the goals of identifying the threat, preserving evidence, and rapidly restoring services.

Phase 1: Preparation
Preparation is key to successful incident response. The MILE2 team maintains detailed checklists and a
fly-away incident response kit based on industry references and best practices such as:
• NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response
• NIST Special Publication 800-61: Computer Security Incident Handling Guide
• Incident Response: Investigating Computer Crime by Kevin Mandia
• Windows Forensics and Incident Recovery by Harlan Carvey
The MILE2 team customizes our checklists to meet the needs for each of our clients.


Phase 2: Detection and Analysis
One of the most difficult components of incident response is identifying that an incident indicator has
occurred. An incident indicator can be thought of as a symptom of an incident. These can be obvious, such as a web server crashing, or antivirus software alerts detecting a worm. But often, they are more subtle, such as degradation of service, a variation in traffic flow, or phishing emails.
Once an incident is identified and reported to the MILE2 team, we first categorize the incident so we can better assess how to handle it. Common types of incidents include denial of service, malicious code,
unauthorized access, inappropriate use, leakage of sensitive or classified materials, or any combination of these. Depending on the nature of the incident, the MILE2 Team selects the best tools to capture and analyze system data, including volatile data, in a forensically sound manner to maintain evidence for possible future prosecution.


Phase 3: Containment, Eradication, and Recovery
The next step is to contain the incident to prevent further impacts, remove the source of the incident, and return to operations. Containment can be a delicate process. If your system is being hacked, you may want
to proceed carefully so as not to alert the hackers that you are aware of their presence until you can collect information on them. However, you also want them out of your system as quickly as possible and with as little impact as possible. In other instances, disconnecting a computer from the network may trigger further damage by malicious code on that computer. The MILE2 response team is prepared to determine the most appropriate containment strategy for each incident while minimizing impacts to the system and maximizing forensic data preservation.
The next step is eradication. When all the needed data has been saved, we can begin to eradicate the cause of the incident. The steps taken here vary based on the type of incident. It may be simply changing
passwords or removal of infected files. Or, it could be as complicated as completely rebuilding a system.
Due to the nature of the Advanced Persistent Threat (APT), sophisticated attackers may leave behind
undetected malware on compromised systems. To combat this threat, MILE2 scans for these threats
and will establish additional monitoring capability to detect this threat. If needed and available, the system will be restored with a clean backup. Modifications will also be made to address the vulnerability exploited to cause the incident. Finally, the system will be returned to a secure operational state. When conducting incident response, the MILE2 team communicates with all stakeholders on the status of the response and impact to effected systems.


Phase 4: Post-Incident Activity
Once the response is complete, the MILE2 team conducts a post-incident analysis to assess the response. The team evaluates if required timelines were met, if proper procedures were followed, and that appropriate personnel were notified. Mile2 will also validate the tools used to respond to the incident. The MILE2 team generates a detailed report once the analysis is complete. Finally, the team will hold lessons learned sessions to assess the overall effectiveness of the response and find areas for improvement in future incident responses and in current vulnerability management. If applicable, recommendations will be made for updates to procedures, policies, and training to the client.

 

4. Malware Analysis
In order to better understand the threat to computer systems, the MILE2 Team has experience setting up honeypots such as mwcollect and Nepenthes to capture and analyze malicious software. MILE2 has also set up virtualized environments to analyze malware. Our team has experience with a variety of tools such as Sysinternals Utilities, OllyDbg, idaPro, Wireshark, Tcpdump, and SNORT to analyze malware and suspicious network traffic.

 

5. Virtualization Security
The MILE2 Information Assurance (IA) team is made up of experts in securing virtualized systems. The team has done extensive work and research on threats and vulnerabilities to virtualized systems and developed methods to best secure virtualized systems against these threats around the world. MILE2 has provided detailed presentations on virtualization security at local security meetings and conferences.

 

6. Disaster Recovery and Business Continuity
Business Continuity and Disaster Recovery is a service offering from MILE2's Governance Risk and Compliance (GRC) practice to help organizations ensure the continuity of their business operations and adhere to industry-specific regulatory compliance as well as improve system availability along with integration of IT operational risk management strategies.
MILE2 DR & BC consulting framework not just helps organizations to Assess – Plan - Design - Test, their resilient business infrastructure but also provides a wide range of proactive and event driven managed services to meet their recovery time and recovery point objectives in event of any disaster.
The DR & BCP framework undertakes consulting, green field implementation as well as assessment and review of DR & BCP Services. The tested and proven methodologies coupled with the experience of our seasoned and qualified consultants have helped organizations throughout the business continuity management lifecycle which includes:
• Development, implementation, testing and maintenance of the plan
• Recommendation and proof of concept for recovery options
• Assessments and audits for DR & BCP.
Our experience in DR & BCP consulting is synergized by partnerships with various profound technology vendors and our deep domain industry knowledge has allowed us to develop solutions that help organizations to have an effective and efficient DR & BC plan.



MILE2 Business Continuity and Disaster Recovery methodology 

DR & BCP Services
MILE2 offers consulting services for the various phases of the business continuity program management. The consulting services can be availed for a particular requirement or a phase or for the entire business continuity program management.
Assessment Services
Detailed assessment of existing business continuity controls, undertaking policy and plan reviews, risk and threat assessment and conducting business impact analysis based on industry best practices and standards. Review/Design of DR solution architecture also forms a part of our assessment services.
Implementation Services
MILE2 consultants provide detailed recovery solution design and implement technology infrastructure required for a continuous & seamless operation of critical business functions. This service includes design and development of a customized DR & BC plan that outlines the people, processes, and technologies required to recover and continue your critical business functions after a business interruption or disaster.
Audit Services
MILE2 consultants can undertake internal audits for DR & BCP as per the BS25999 and SAS 70 standards. Facilitation for external audits is also a part of this service offering.

IT and Data Continuity Services
IT and Data Continuity Services helps to maintain IT continuity and recovery of data at the time of disaster.
Hosted DR Solutions
Hosted DR Solution allows flexibility of hosting dedicated infrastructures at captive and MILE2’s Partner locations. Following are the solution offerings:
Vaulting Solutions
• Near site/ offshore vaulting solutions
• Electronic & tape based vaulting solutions
• Monitoring and notification of vaulting systems and sub components
Computing Management
• Management of Virtualized environments
• Facility Management of Hosted environments
• Hardware Capacity Management
Managed DR Solutions
Managed DR Solutions provide flexibility to customers by offering dedicated and shared delivery models (onsite, offshore & hybrid). Following are the solution offerings:
• Global Compliance Management services
• Risk Management
• Compliance Management
• Firewall Management

Technology Management services
• Infrastructure Technology Management
• Availability/ Replication Technology Management
• Data & Backup Management
• Technology Training

Drill Administration Services
• Simulation & Baseline Services
• Drill Scheduling & Co-ordination Services
• Recording and Communication Management
• Issue Control and Change Administration
• End User Training Services

Vendor Management Services
• Triage & Escalation Services
• Integrated Reporting Services

Profile/ Policy Administration
• Technology & Capacity Profiling
• Policy Administration & Enforcement
• Change Management
Business Impact Analysis
• BIA documentation and updating