Neocapita Security Consulting
Based on reference threat profiles numbering in the hundreds gathered from industry associations, our own experience with clients, “best practice” threat taxonomies, and published lists from cybersecurity incident response teams; we can advise you on what to look out for and how to control for it. Knowing the cyber terrain helps you navigate it with greater confidence.
We can help to determine which threats are relevant to your organisation and how to mitigate for them. Understanding both the impact and the probability of a threat materialising is part of the experience we bring to the table. We deploy our expertise to think up creative ways to prepare for hundreds of different threat profiles built on years of experience advising clients in both public and private sectors.
Not all enterprise data is created equal. Nor can every piece of data be protected. We can help to systematically identify what matters to your organisation, how to place system and physical controls around it, and monitor its use.
Monitoring access to your resources: data, systems, capabilities, and assets; provides visibility over the things in your organisation that matter. Creating a central repository of log data and securing it is one of a number of steps to develop a resilient monitoring capability.
We maintain a comprehensive database of cybersecurity tools and toolsets and can provide advice on which tools can help with which particular tasks. We can deploy these tools to determine how protected your organisation’s resources are and report back to you with a specific list of vulnerabilities requiring attention. We can even close down these vulnerabilities for you on the spot, if commissioned to do so.
We create sandboxes in which we can simulate an attack or multiple simultaneous attacks, and then see how measures for response and recovery work. We can help to refine those practices and repeat the process until there is assurance that your organisation is prepared.
We can help you define how to respond to a breach. It needs to be cost-effective, and with the right resources on standby to respond quickly. How do you work with partners, government regulators, customers, staff during an incident? How do you communicate during an incident? How do you prevent further propagation of the breach? These are some of the questions we can help answer in a structured and systematic way, based on good practices developed in our experience.
Actioning a technical response requires all parts of the organisation. A forensic examination of logs and devices, preservation of evidence, detecting where controls broke down, and other aspects of a breach, are critical to knowing how to remediate and recover, and how to minimise the chances that the same breach can’t happen again.
Accurately determining the magnitude of a loss is a difficult task, sometimes impossible. Following an incident our first priority is to preserve evidence that can be later analysed, followed by recovery of the system(s) that have been breached – it’s a balancing act. Documenting what happened, based on the evidence is also important, and in cases where a regulatory body may be involved, documenting and reporting the incident may be mandatory.
Recognising the footprints left behind by a digital assailant is difficult. Often there is no calling card except for low-level comparisons of known application images against those compromised, or detailed network protocol and system logs that require expert analysis. The forensic technologies we use allow us to understand how an attack was delivered, the breach made, and systems affected, but it takes expert skill and experience to know what to look for.