Attack Surface Analysis

At Digital Locksmiths, our Cyber Attack Surface Analysis takes into account not only your network- and information-security aspects of IT security, but also an open source/human vectors threat assessment of vulnerabilities and points of entry to your organization and its operations. The Digital Locksmiths assessment team consists of a mix of experienced analysts, technologists and subject matter experts in the fields of multi-source analysis, advanced cyber data collection, and information and cyber security.

Here’s how this specialized high-end engagement works :

Component 1: External Open Source Assessment

The objective of this component of the attack surface analysis is to determine the overall exposure of your personnel and operations by conducting enumeration and targeting activities from online sources such as websites and social media to gather information that could be exploitable by malicious actors.

Key tasks during this component include:

1) Enumeration of your personnel in order to identify key individuals within the organization and their relationships;

2) Use of open source intelligence and of publically available resources to determine if sensitive or personal information regarding your staff or activities are exposed in potentially harmful ways;

3) Determine the second and third level social relationships that may be leveraged in order for attackers to expand influence from within, and into your corporation, from external parties.

4) Determine all available intelligence about your network infrastructure available on the internet. This evaluation will map IPs, domains and physical locations of your infrastructure, identifying weak points and points of entry.

Component 2: External Technical Security Review, Architecture Relationship Mapping, and Compromise Detection

Objectives:

1) Assess the controls and baselines in place in your organization to understand what the overall impact of a successful compromise would have on your IT environment, as well as identify gaps against organizational best practices of asset and data management.2) Determine the breadth of your organization’s technical infrastructure by identify key points and technical issues that indicate systemic attributes representing undue security risk and exposure.

Specific tasks during this component include:

Off-site/remote components:

1) Passive enumeration of your technical and service provider assets in order to develop a technical resource map of the organization;

2) S.P.E.C. Monitoring: Existing compromise detection by modification of your organization’s recursive DNS systems to forward requests through our cloud based DNS monitoring and intelligence platforms for traffic analysis.

On-site components:

3) Procedural and operational security gap analysis based upon input and logic testing against your organization’s exposed Internet  resources;4) Exfiltration testing: this will consist of testing for the ability to exfiltrate data from your internal network to Internet hosts across various protocols and ports. This procedure will be used to determine the susceptibility for realized compromises from malware attacks to communicate to various types of Command & Control channels.

Component 3: On-site practices assessment

As part of your attack surface analysis, Digital Locksmiths will conduct an assessment of the security practices, activities and awareness of your organization’s staff related to IT security. While the technical components of the evaluation exercise are important, the human factor is critical in a niche and open organization such as yours. Targeting of a niche organization involves the use of social media, open sources, and communications, in order for attackers to perform social engineering or other infiltration methods.

This component consists of interviews, focus groups and organization-wide surveys of senior staff and employees to ascertain their understanding, views, and practices related to information security, both within the organization and in their communications with partners, grantees and other outside actors. 

Component 4: Final Report

At the conclusion of these activities, Digital Locksmiths will deliver a Final Report to you which will provide,

a) a description of the methodology and tasks employed in this assessment;

b) a Threat Assessment, including an examination of the network and human factors (social engineering, points of entry) that could be exploited by an external attacker to compromise your personnel and operations; and,

c) Remediation recommendations for discretely identified vulnerabilities and architecture weaknesses.

The report will include recommendations on optimum network architecture, staff training, and security practices necessary to protect and mitigate risk over the medium- and long-term, at a level which is cost-effective, sustainable, and does not interfere with your organization’s mission objectives.

What would you rate your organization’s risk in this type of assessment?