Cyber Quick Win Package - Proposal
Overview
An assessment package of essential quick win tasks and services for any size business. This package starts from the outside of your network and makes it's way into your network. By taking this approach the most common attack pathways are assessed and the essential information about how your network is vulnerable to malicious actors will be quickly learned so that the risk can be mitigated by following the recommendations in the final report. For a formal quote, please fill in the blue form below and I will send you the quote based on the information provided. You can also book a free introduction meeting to discuss it further and if need be we can customize the package to your specific needs.
Objectives
Provide an assessment of the most obvious attack pathways that a malicious attacker would use to gain entry into your network, elevate privileges and execute malicious activity. Document the findings for the organizations IT / Security Team to use and guide them in their immediate priorities.
Goals
Mitigate the risk of a Cyber attack against an organization by taking a pro-active approach to identifying, assessing and mitigating common attack pathways a malicious actor would use to compromise the organization and disrupt the confidentiality, integrity and/or the availability of the network.
Rationale
There are obvious pathways that an attacker will take when trying to gain access to a network. By mapping out these pathways in alignment with the Mitre Attack Framework, a selected few quick win tasks are done in order to gain insight into how vulnerable an organization is to these commonly used attack pathways based on known tactics and techniques.
Technical Approach
This engagement will be managed and executed by “Cyber Freelancer” (the business name) and specifically Paul McDonogh (the owner). Paul will utilize his technical skill and ability based on 27 years experience to gain as much information as possible of the risk exposure an organization is facing. Using four "Quick Win" assessment activities, Paul will utilize specialized tools, professional tools and open-source tools to gather the required information so that the objective and goal as outlined above are realized.
Assessment Deliverables
1. External Vulnerability Scan
-
Identify all vulnerabilities on your internet exposed services - Up to 10 Public IP Addresses.
-
Identify exploitable vulnerabilities for priority remediation.
-
Review Internal vulnerability reports.
3. Assess Active Directory
-
Assess elevation of privileges pathways
-
Run a specialized tool to determine ASD Essential 8 Maturity Level and Application Control policies effectiveness.
5. Business Report
-
List all adverse findings.
-
Advise on pathway to remediate findings.
-
Advise on priorities to continue uplifting the security posture of the organization.
2. Perimeter Firewall Policy review.
-
Review Inbound Firewall Rules
-
Review Intrusion Prevention/Detection (IPS/IDS) Policies
-
Review top 10 busiest outbound firewall rules.
-
Review outbound internet connections for Command and Control (C2C) traffic.
-
Review Firewall Configuration
4. End-Point Testing
-
Assess EDR and/or Anti-Virus is working as expected - Sand-Boxed
-
Assess EDR and/or Anti-Virus alerts and advise on response procedures and process.
-
Run a specialized tool to determine ASD Essential 8 Maturity Level and Application Control policies effectiveness.
Conclusion
I look forward to working with you and your organization and supporting your efforts to improve your Cyber Security posture. I am very confident that I can meet the requirements of this proposal.
For a quote, please fill out the form below or if you want to discuss it further we can schedule a conference call by booking a free introduction meetings or by emailing me at: paul@cyberfreelancer.com.au
Thank-you