Network Vulnerability and Cyber Security
Any computer network can breached in two basic ways: an outside agent can attempt to gain access electronically via the internet or some other network, or an insider agent steals data or compromises security from within the organization. Regardless of the type of data breach, the fact remains that with a properly structured security arrangement and plan in place, the breach probably would not have occurred at all, and if it did, the ramifications would have been far less severe and costly.
GDF has years of experience mitigating all types of cyber attacks – from inside and out, and we’ve evolved a methodology which combines preventative measures along with rapid breach response tactics. And it all begins with a comprehensive vulnerability assessment.
Network Vulnerability Assessment
GDF starts by performing a thorough assessment of the equipment, software, and processes of your entire IT system. We analyze your IT resources, intellectual property concerns and map your threat landscape. We dig into the particular concerns of your organization – the things about your company that might be especially valuable or vulnerable. Are there regulatory compliance issues involved? Is litigation anticipated and/or imminent? Have employees been trained in even basic data security fundamentals? Is there a feasible and coherent plan in place should a breach or intrusion occur which can be immediately and effectively implemented to contain the damage? What measures are currently in place?
Planning for Secure Data
The next step is to design a secure perimeter, as well as a segmented infrastructure, designed to protect critical assets and information targets. GDF looks at issues of access and procedure to determine effective measures to lock down and secure all equipment – from flash drives to servers. Personnel, however, remain the source of insider threat issues. GDF has developed C-All User Activity Monitor|Recorder software as a means of addressing the number one cause of security breaches. C-All monitors and records user activity both on and off network, and is an excellent deterrent and investigatory tool for dealing with insider cyber threats.
Design and Document a Risk Management Policy
It is essential that everyone involved in managing or accessing digital data be on the same page from a security and response standpoint. A detailed risk management policy that connects the dots and lays out the procedures to be followed for everyone involved is imperative. One of the greatest advantages of choosing GDF to implement an E-DEFENSE program is that we are also experts in incident response, which is essential to meeting regulatory requirements and successfully responding to the inevitable.
Monitoring Assets and Personnel
Vigilance is a key ingredient to safeguard against data ex-filtration from both insider and outsider threats. By designing a robust monitoring and prevention infrastructure, we help you put that infrastructure in place, allowing your vigilance to be effective and responsive.
Even the most secure assets can get compromised by new or unknown exploits and attacks, or by a “trusted” user with legitimate access to your data (Wikileaks’ business model is based on this fact). A solid response plan to stop the leak quickly and respond to affected assets (clients, employees) is critical. Businesses with solid response plans can and do recover from breaches, and they are also the ones prepared to stand up and respond to regulators, their clients and the public.