|
One of the key
ingredients of the security process is the
“methodology” to process the On Demand Scan for
end client or corporate. Each externally exposed
device is an “asset” for the corporate and these
assets can be attacked by malicious intended
agents. Our job is to protect these assets by
identifying vulnerabilities in timely fashion.
Our methodology is focused on corporate assets
and capable of addressing wide range of asset
base which includes operating systems, firewall,
routers, switches, web/application servers,
mail, DNS etc. Here is a walk down to our
methodology and approach for complete security.
Corporate Assets
Footprinting
– First step of scanning process is to identify
corporate asset base. It is one of the critical
steps, we are having our methodology and tools
to query open records, DNS servers, search
engines etc. to collect and identify assets for
the corporate. This asset base is to be verified
by the corporate before going for next phase.
This gives a bird eye view to geographically
spread corporate assets over Internet. This
helps us to scope out other activities as well.
Asset Discovery
– In this phase we
focus on discovering all live assets of the
corporate. Traditionally, one can use ICMP to
detect the liveliness but it is not enough to
get accurate results. We are having various
other means to identify asset position such as
TCP or UDP scanning with flags manipulation or
limited port exposure.
Exposure mapping for an
Asset
– Each identified asset will be critically
reviewed for posture mapping. Before identifying
threats it is imperative to determine asset’s
exposure. Following steps are required to
complete this step.
Port Scanning –
Scanning for all TCP/UDP open ports
Services Discovery
– Identifying protocol and services running on
open ports
Banner Detections
– Enumerating to identify version and type of
services through banner grabbing. We have
technology to identify disguised banners as well
for some critical services.
Threat Profiling and Risk
Identification
– On the basis of asset posture we run threat
profiling on the asset to build test cases. Each
set of open ports and services mapped to list of
required security tests to identify possible
risks associated with the exposure.
Vulnerability Detection
– We perform various security tests against
target assets on the basis of threat profile.
All tests are performed and their results are
analyzed in automated fashion to reduce false
positives.
Vulnerability Validations
– Our team analyzes detected vulnerabilities and
validates them for the reporting purpose. This
is where human intellect and security know-how
comes into action. This makes our service more
comprehensive over simple automated scanning
products and services.
Mitigation Strategies
– On the basis of found vulnerabilities our team
builds and suggests a comprehensive
recommendation to mitigate identified threat.
This will be consolidated for each of the
detected vulnerabilities.
Policy Compliance Mapping
– If corporate is looking for compliance measure
and they have signed in for those services then
we map results with compliance standards like
ISO/BS, PCI-DSS, HIPAA and SOX. This helps
auditors to identify loopholes and remediate
them before actual audits.
Reporting
– Finally,
comprehensive report will be generated and
passed to the clients. Each client will have
assigned project leader from our side and if
needed one can setup a call to go over reports
and findings.
This is the way
each cycle of On Demand scanning finishes. This
helps corporate to stream line their strategic
security and can have tight control over all
critical assets. It is on going process and
depending on their need number of scans can be
asked by the client. |
