Avertium Retainer Eligible Services

 

Threat Intelligence Reporting

Threat intelligence is evidence-based information of the motives, goals, and resources of an emerging or existing threat. Avertium's Cyber Threat Intelligence (CTI) Unit develops Threat Intelligence Reports (TIRs) to provide context regarding adversaries and other threats to the cyber security landscape.

Avertium's Cyber Threat Intelligence Unit (CTIU) actively hunts for and conducts research on emerging threats and threat actors to continuously improve our services and threat detection capabilities, and to help our clients better understand the threat landscape and individual profiles of threat actors. Avertium issues a weekly Threat Intelligence Report that features a specific threat from a current topic such as ransomware, cryptojacking, malware, phishing, worms, etc. The CTIU also develops TIRs that feature specific threat actors who are actively exploiting vulnerabilities. Threat actor specific reports contain the following:

  • A general overview of the threat or threat actor

  • Details regarding the threat actor(s) like their name, country, origin, motivation for an attack, capabilities, etc.

  • Tactics, techniques, and procedures

  • Indicators of compromise (file hashes. malicious domains/URLs, etc.)

  • Avertium's recommendations for prevention/mitigation

  • Avertium's related protection and services for customers

  • Supporting documentation for information provided

Another aspect of threat intelligence Avertium provides its clients comes in the form of Flash Notices. A flash notice is an emergency communication vehicle used to deliver information to Avertium's customers, as well as internal staff, about active threats. Those threats include information about vulnerabilities found within software and servers that are being exploited in the wild. The notice has a general turnaround time of between 24 and 48 hours. These notices are typically one page but can be longer depending on the threat.

A typical Flash Notice includes:

  • Overview of the threat

  • CVE identification number and attack vector

  • Indicators of compromise (file hashes, malicious domains/URLs. etc,)

  • Avertium's recommendations for prevention/mitigation (patching, command)

  • Avertium's related protection and services for customers (EDR/MDR, Zero Trust, etc.)

  • Supporting documentation for information provided

Activities

  • Ongoing research on emerging threats, threat actor behavior, and various vulnerabilities.

Deliverables

  • Weekly Threat Intelligence Reports.

  • Flash Notices for critical vulnerabilities.

 

Attack Surface Analysis

With well over 50% of breaches involving third-party vendors, an Attack Surface Analysis is an essential element of an organization's overall security program. Avertium's Attack Surface Analysis (ASA) focuses on your organization's and its third-party vend0ors' threat landscape including technical, financial, and compliance-based risk. Avertium's ASA service assesses your vulnerability and risk, including weaknesses introduced through your third-party vendors, to possible data exposure, system compromises or other cyber activities, and provides you with valuable actionable insights to protect your systems, brand, and reputation.

Our ASA Service measures your risk posture, benchmarks security performance against industry peers, and provides mitigation strategies to improve your risk scoring, then clarify and effectively reports security status in an easily digestible format appropriate for executive leadership. This arms you and your CISO or CIO with compelling and actionable information to drive strategic initiatives to reduce risk and susceptibility to ransomware and mature the organization's overall security posture.

Activities

Twice annually, Avertium will:

  • Configure Avertium's ASA platform to collect data for the Client's domain and up to four (4) third party vendors' domains. 

  • Perform the data collection and report generation from OSINT sources including internet-wide scanners, hacker forums, and the dark web.

  • Debrief Client on the potential security risks.

Deliverables

  • In a one-hour review, an Avertium consultant will apply the Avertium Methodology, along with deep expertise to explain the results of the following reports and help to apply them to your business.
     
    • Strategy Report - contains detailed remediation recommendations to improve Client's risk score and reduce the risk of an attack.
    • Technical Report - Benchmark's the Client's organization's data breach index (DBI) against peer organizations and details technical attack surface findings.
    • Ransomware Susceptibility Report - Benchmarks Client's Ransomware Susceptibility Index (RSI) against like organizations and provides detailed findings on susceptibility to ransomware attacks and identifies which vendors are most prone to ransomware.

Special Note

Avertium's Attack Surface Analysis provides information that may include system vulnerabilities and sensitive data exposure such as leaked usernames, passwords, social security numbers, financial data, and other personally identifiable information (PII) related to Client, your employees, and/or your third-party vendors.

 

Incident Response Tabletop Exercise

A tabletop exercise is an excellent tool to use to help prepare for a cyber incident by identifying the proper steps to take in the event of a successful attack. 

Avertium consultants will prepare for and facilitate a tabletop exercise to test Client's existing Incident Response (IRP). The exercise will take place remotely with up to twenty (20) designated IT staff members and other personnel selected by the Client. The purpose is to test the incident response team on their understanding of how to handle an incident and their ability to follow the documented plan.

Avertium may use the guidance and scenario information gathered from the following sources:

  • Department of Homeland Security (DHS)
  • United States Computer Emergency Readiness Team (US-CERT)
  • Federal Bureau of Investigation (FBI)
  • SANS Institute
  • NIST

Activities

  • Avertium and the Client will have one thirty-to-sixty minute planning call to understand the organization's business environment in preparation for developing the scenario(s) for the tabletop exercise.

  • Avertium will prepare one to three incident scenarios that would trigger the IRP in preparation for conducting a remote tabletop exercise.

  • Avertium will conduct a three-to-four hour remote tabletop exercise with up to twenty (20) participants using the prepared scenarios. Avertium will walk the participants through the steps they would take in response to the scenario and incident information that is provided during the test exercise to identify any areas of improvement for the IRP.

Deliverables

  • A three (3) to four (4) hour tabletop exercise.

  • Written recommendations for improving the current IRP

 

Incident Response Plan Review

An incident response plan is a set of written instructions for detecting, responding to, and limiting the effects of an information security breach/event. Our analysts will work with Client to review or update an existing plan or draft an effective new plan that will mitigate the duration and impact of a breach.

Efforts to support the incident response plan update will not exceed the number of retainer hours purchased and identified herein. Any additional hours required to support the project can be purchased at the agreed upon hourly rate and will be added in a separate SOW.

If travel to Client location(s) is required and approved by Client, reasonable, documented, and preapproved transportation expenses will be reimbursed at the actual cost, to include economy class airfare and local transportation. 

Activities

  • Review the Client's current incident response practices.

  • Review documentation supporting any extant incident response processes (policies, etc.).

  • Document key findings from the review process.

  • Identify any regulatory requirements that affect the IR Plan (breach reporting, customer notification, etc.)

  • Identify (if applicable) pivot points within the IR Plan for imitation, escalation/de-escalation processes, contingency plan execution, breach reporting, return-to-normal processes, and post-incident review and update processes.

Deliverables

  • Report of review findings and recommendations for
    improvement.

  • Debrief client of the findings and recommendations.

 

Semi-Annual Threat Briefing

Avertium's Cyber Response Unit (CRU) has a long history of dealing firsthand with threat actors of all types and it has its finger on the pulse of the challenges you could be facing today. The CRU is continuously learning how cyber criminals gain unauthorized access to systems and data, what techniques they use, and how they adapt to and circumvent tighter controls. This services gives you the benefit of what the CRU is learning, from both extensive research and in the trenches, in a way that is actionable for you and your team.

Activities

  • Gather relevant threat intelligence Avertium has curated this month and over the past year.

  • Summarize key learnings from the latest digital forensic and incident response engagements.

  • Prepare a current and relevant threat briefing for Client, including:
     
    • Who the current active threat actors are.
    • What vulnerabilities are being exploited in general and for companies like yours.
    • What tools and techniques are currently being used to exploit companies like yours.

Deliverables

  • A one hour briefing conference call to review the prepared findings.

  • Recommendations on actions the Client can take to  improve their security posture and reduce the risk of being compromised.

  • A copy of the findings and recommendations. 

 

NIST CSF Security Assessment

Avertium will assess the organization's infrastructure to include systems, architecture, processes, and procedures. Additionally, Avertium will interview key technical and administrative personnel to determine gaps between NIST CSF recommendations and the organization's current operations.

Avertium will follow compliance guidance from NIST CSF, which is broken down into five functions: Identify, Protect, Detect, Respond, and Recover, and includes the following control categories:

  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management & Access Control
  • Awareness & Training
  • Data Security
  • Information Protection Processes and Procedures
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communication
  • Analysis
  • Mitigation
  • Improvements
  • Recovery Planning

The results of the assessment are used to identify deviations in the organizational control environment from what is recommended by the NIST CSF. Avertium will recommend guidance where gaps are identified in order for the organization to achieve compliance.

Activities

Avertium will perform the following tasks to evaluate the organization's compliance with NIST CSF control guidance:

  • Perform a gap analysis utilizing the NIST CSF control set.

  • Produce a gap analysis report that compares the baseline technical controls in place today and NIST CSF control requirements.
     
  • Develop recommendations that can be used as a guide for remediating control gaps.

Deliverables

  • Executive Summary

  • Detailed Analysis of Control Compliance

  • Remediation Recommendations

Scoping Note

Before submitting the Work Order for this service, the application must be scoped by Avertium to determine the number of hours required for the assessment. Please contact your Account Executive to schedule a scoping call.

 

External Network Penetration Test

Avertium's External Network Penetration Test services are performed against public facing networks in support of Client's goals to validate security controls and compliance with multiple compliance frameworks.

Penetration Testing can be used to identify, document, and test a vulnerability or security risk within a designated set of IT IPs, assets, applications, websites, and devices. Penetration testing includes the manual or automated exploitation of the identified vulnerability and the manual gathering and identification of vulnerabilities within the targeted environment.

Our security professionals developed a methodology that is constantly updated with new techniques and approaches. It consists of a three phased approach, including:

  1. Phase - I: Planning and Preparation (Pre-Assessment)
  2. Phase - II: Assessment (Penetration Testing)
  3. Phase - III: Reporting, Clean-Up, and Destroying Artifacts (Post-Assessment)

The Planning and Preparation phase begins with verifying client goals for the assessment and validating target scope. A well-defined Rules of Engagement process will also be introduced. The assessment team will perform Open-Source Intelligence Gathering (OSINT), and network mapping to understand the target network architecture.

The Assessment phase continues with performing host and service discovery. Vulnerability scans will be performed and analyzed to develop attack paths and scenarios. Configuration weaknesses and vulnerable systems are then exploited to gain unauthorized or privileged system access. Manual testing is also performed to not only validate scanning results, but also to discover issues the scanners may not detect. Throughout the test, we work with you to identify appropriate target systems and to keep you up to date on the attack's progress

The Reporting phase documents all discovered vulnerabilities and the affected systems and includes recommendations for remediation. Findings will be prioritized based on severity and ease of exploitation. This phase can be thought of as the most important phase, as it presents the client with actionable items that can be used to further secure their networks and applications.

Although we use this framework as a guideline for managing our penetration testing engagements, our methodologies are heavily tailored and consider the maturity level, industry, threat landscape, and overall need of the client.

Activities

Avertium will:

  • Validate external Client technology environments against simulated real-world threats.

  • Determine the effectiveness of currently implemented security controls and whether they are commensurate with security best practices.

  • Provide recommendations for lowering risks and improving security posture.

  • Provide one retest to verify the success of remediation efforts. The retest must be completed within 60 days of the initial report. The retest will not test new IP addresses for new vulnerabilities that may be present but will be focused on previously scanned systems and vulnerabilities. Avertium will provide a memo that details the results of the retest.

Deliverables

  • Report that includes details around the scan findings, potential solutions, and potential impact to the business should vulnerabilities not be remediated.

 

Internal Network Penetration Test

Avertium's Internal Network Penetration Test services are performed against internal networks in support of Client’s goals to validate compliance with multiple compliance frameworks.

Penetration Testing can be used to identify, document, and test a vulnerability or security risk within a designated set of IT IPs, assets, applications, websites, and devices. Penetration testing includes the manual or automated exploitation of the identified vulnerability and the manual gathering and identification of vulnerabilities within the targeted environment.

Our security professionals developed a methodology that is constantly updated with new techniques and approaches. It consists of a three phased approach including:

  1. Phase - I: Planning and Preparation (Pre-Assessment)
  2. Phase - II: Assessment (Penetration Testing)
  3. Phase - III: Reporting, Clean-Up, and Destroying Artifacts (Post-Assessment)

The Planning and Preparation phase begins with verifying client goals for the assessment and validating target scope. A well- defined Rules-of-Engagement process will also be introduced. The assessment team will perform Open-Source Intelligence Gathering (OSINT), and network mapping to understand the target network architecture.

The Assessment phase continues with performing host and service discovery. Vulnerability scans will be performed and analyzed to develop attack paths and scenarios. Configuration weaknesses and vulnerable systems are then exploited to gain unauthorized or privileged system access. Manual testing is also performed to not only validate scanning results, but to discover issues the scanners may not detect. Throughout the test, we work with you to identify appropriate target systems and to keep you up to date on the attack's progress.

The Reporting phase documents all discovered vulnerabilities and the affected systems and includes recommendations for remediation. Findings will be prioritized based on severity and ease of exploitation. This phase can be thought of as the most important phase, as it presents the client with actionable items that can be used to further secure their networks and applications.

Although we use this framework as a guideline for managing our penetration testing engagements, our methodologies are heavily tailored and consider the maturity level, industry, threat landscape, and overall need of the client.

Activities

Avertium will:

  • Validate internal Client technology environments against simulated real-world threats.

  • Determine the effectiveness of currently implemented security controls and whether they are commensurate with security best practices.

  • Provide recommendations for lowering risks and improving security posture.

  • Provide one retest to verify the success of your remediation efforts. The retest must be completed within 60 days of the initial report. The retest will not test new IP addresses for new vulnerabilities that may be present but will be focused on previously scanned systems and vulnerabilities. Avertium will provide a memo that details the results of the retest.

Deliverables

  • Report that includes details around the scan findings, potential solutions, and potential impact to the business should vulnerabilities not be remediated.

 

Wireless Penetration Test

Avertium's Wireless Penetration Testing services are performed against Client’s public/private wireless networks, inside and outside of Client’s physical location(s). The objective of the wireless security assessment is to examine the subsystems, components, and security mechanisms composing the system’s infrastructure and identify weaknesses.

Both opportunistic and targeted threats with limited resources are evaluated. It is assumed that the “targeted with unlimited resources” threat cannot be defeated and, therefore, is not considered. The physical location will be evaluated for rogue or unauthorized wireless access points and a site-survey of the location will be conducted. Avertium will perform attacks against the wireless network and associated wireless clients. These attacks can include attempts to circumvent or break the security implementation to gain access, perform man-in-the-middle attacks, malicious wireless network impersonation, or de- authentication attacks.

 

Methodology - Wireless Assessment

Avertium’s Wireless Penetration Testing services are designed to validate customer wireless technology environments against simulated real-world threats. Once services are initiated, our testing team will work with Client to confirm the scope and testing objectives. The services are also tailored to Client requirements and data processing environment.

Our security professionals developed a methodology that is constantly updated with new techniques and approaches. It consists of a three phased approach including:

  1. Phase - I: Planning and Preparation (Pre-Assessment)
  2. Phase - II: Assessment (Wireless Penetration Testing)
  3. Phase - III: Reporting (Post-Assessment)

The Planning and Preparation phase begins with verifying client goals for the assessment and validating target scope. A well- defined Rules of Engagement process will also be introduced. The assessment team will perform an initial review of the wireless network to gain a better understanding of design and currently implemented security controls.

The Assessment phase continues with performing site surveys and targeted attacks against the wireless access points and connected devices. Configuration weaknesses and vulnerable systems are then exploited to gain unauthorized or privileged system access. Throughout the test, we work with you to identify appropriate target systems and to keep you up to date on the attack's progress.

The Reporting phase documents all discovered vulnerabilities and the affected systems and includes recommendations for remediation. Findings will be prioritized based on severity and ease of exploitation. This phase can be thought of as the most important phase, as it presents the client with actionable items that can be used to further secure their networks and applications.

Although we use this framework as a guideline for managing our penetration testing engagements, our methodologies are heavily tailored and consider the maturity level, industry, threat landscape, and overall needs of the client.

Activities 

  • Validate Client's wireless technology environments against simulated real-world threats.

  • Determine the effectiveness of currently implemented security controls and whether they are commensurate with security best practices.

Deliverables

  • Recommendations for lowering risks and improving Client security posture.

 

Web Application Assessment

Avertium will conduct a security assessment of the target web applications. The objective of a security assessment is to examine the subsystems, components, and security mechanisms composing the system’s infrastructure and identify weaknesses.

Avertium uses commercial tools, public domain utilities, proprietary tools, and manual testing techniques based on our extensive experience to examine the security posture of an application using numerous industry frameworks such as the Open Web Application Security Project (OWASP).

OWASP’s security testing categories include:

  • Information Gathering 
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing
  • Client-Side Testing
  • API Testing

Activities

Avertium will:

  • Assess target environment by:
     
    • Conduct an Open-Source Intelligence Gathering effort (OSINT)
    • Performing a network mapping, host, and service discovery effort.
    • Vulnerability scans

  • Test the relative strength and attempt to exploit the application.

  • Avertium will provide one retest to verify the success of your remediation efforts. The retest must be completed within 60 days of the initial report. The retest will not execute the entire suite of test but will retest those areas determined to require remediation. Avertium will provide a memo that details the results of the retest.

Deliverables

  • Report that includes details around the scan findings, exploits, potential solutions, and potential impact to the business should vulnerabilities not be remediated.

Web App Project Assumptions

  • Client has created a full backup of all systems to be tested and has verified that the backup procedures will enable Client to restore systems to their pretest state in the timeframe required by the business

  • The service necessarily involves the use of network tools and techniques designed to detect security vulnerabilities, and that is is impossible to identify and eliminate all the risks involved with the use of these tools and techniques.

  • The application and/or business manager is fully aware of this testing and is aware of the risks involved.

Scoping Note

Before submitting the Work Order for this service, the application must be scoped by Avertium to determine the number of hours required for the assessment. Please contact your Account Executive to schedule a scoping call.

 

Mobile Application Assessment

Avertium will conduct a security assessment of the target mobile application(s). The objective of the security assessment is to examine the components, and security mechanisms composing the application’s infrastructure, and to identify weaknesses. Avertium utilizes public domain utilities, proprietary tools, and manual testing techniques to examine the security posture of a mobile application using frameworks such as OWASP’s Mobile Security Testing Guide, and the Mobile Application Verification Standard.

 

Methodology - Mobile App

Avertium’s Mobile Application Testing services are designed to validate customer technology environments against simulated real-world threats. Once services are initiated, our testing team will work with Client to confirm the scope and testing objectives. The service is aligned with several frameworks such as Payment Card Industry PCI DSS, Open Web Application Security Project (OWASP), and Open-Source Security Testing Methodology Manual (OSSTMM). The services are also tailored to Client requirements and data processing environment.

Avertium’s Information Security Assessment, Evaluation, and Testing (IASET) services are designed to provide a holistic, point- in-time view of a company’s overall information security posture. We leverage a standard approach developed initially by the National Security Agency (NSA), and the PCI Council’s guideline for Penetration Testing released in March 2015. The OWASP Mobile Security Testing Guide and the Mobile Application Verification Standard are also utilized to help organizations meet industry standard security requirements and provide a method for consistent delivery of information security assessments.

This mobile application assessment will be based on the application architecture and requirements, such as:

  • Standard application with little to no backend architecture
  • Simple user interaction
  • Limited data sensitivity
  • Static or limited user generated content
  • No interaction with third-party applications
  • Limited to no interaction with APIs
  • Operating on standard hardware

Scoping Note

Before submitting the Work Order for this service, the application must be scoped by Avertium to determine the number of hours required for the assessment. Please contact your Account Executive to schedule a scoping call.

Activities

Avertium will assess the mobile application based on the following threat-based categories:

  • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Insecure Authorization
  • Client Code Quality
  • Code Tampering
  • Reverse Engineering
  • Extraneous Functionality

Deliverables

  • Avertium will provide the scanning and penetration testing results categorized by severity levels ranging from low to critical.

 

Threat Hunting Services

Today’s advanced cyber threats come in many forms; from the opportunistic local threat actors to the nation-state sponsored well organized, and everything in between. Many have access to a broad range of intelligence and tools, and they can conduct sophisticated and advanced attacks. These attacks can go undiscovered for several weeks or even months.

Understanding how these threat actors work, the tools they use, and the techniques they employ (TTP’s) allow you to “know your adversary”, discover if they present a threat to your company, and either eradicate them from your environment or prevent them from gaining unauthorized access to systems or data. Staying ahead of current attack trends enables you to protect your critical assets in advance, rather than dealing with the fallout from unauthorized access or a ransomware event.

Avertium offers Threat Hunting as a Service which proactively hunts for threats by leveraging the threat intelligence we gain from researching emerging threats and threat actor behavior, along with the knowledge we’ve gained from threats we’ve seen across our range of services.

Activities

  • Avertium will conduct a one-hour planning session with the client to get the client's input prior to formulating one or more hypotheses from which to develop the plans and methods to determine if there is evidence of IOC's supporting each scenario.

  • Develop the methods to validate or disprove the hypotheses.

  • Conduct the threat hunt.

Deliverables

  • Summary of findings.

  • Recommendations on how to protect against potential threats represented by the hypotheses.

Scoping Note

The number of scenarios that can be addressed during the threat hunting activity is dependent on the complexity of the scenario and the number of hours the client wants to allocate to the threat hunting engagement. Before submitting the Work Order for this service, a planning and scoping call to determine the level of effort, the number of scenarios, and the resulting number of hours to allocate.

* Client must have SentinelOne or Microsoft Defender for Endpoint in production for the target environment prior to requesting Threat Hunting Service