Insurance Security Case Studies & Forensics Analysis

The following Case Study & Forensics Analysis is for a global International Insurance company

• Client: Major International Insurance Firm

• Incident: At 11:00 pm the corporate network went down.

  • Users could not log onto the network via SSO and Active Directory

  • The entire corporate central authentication systems where not working

  • Without a way to authenticate email services where inaccessible

• Additional information shared:

  • The client is a large insurance firm with a prominent public profile.

  • The breach was initially suspected to be a targeted attack.

  • Multiple media sources had written accounts of a specific group’s sophisticated hacking capabilities.

• Actions taken during the Forensics Analysis:

  • An Incident Response and Forensics Analysis Team was deployed to the client site within 4 hours.

  • All available evidence was imaged and backed up.

  • Logs were gathered from the internal/external web servers, firewall, routers, IDS/IPS, Windows event logs.

  • Evidence files obtained from server hard drives were analyzed.

  • All collected logs were correlated and analyzed.

  • Services and processes on the effected computers were analyzed.

  • Windows Server, Router and firewall configurations were analyzed.

  • Every step of the investigation was documented in detail.

• Results:

  • The CyberSecOP team discovered a sophisticated botnet with command and control software installed.

  • The botnet changed the security policies on the servers preventing authorized users from logging in.

  • The botnet was a brand new form of malware, and no public information was available until 12 days later.

  • The root cause of the vulnerability was determined by the CyberSecOP team to be due to a mis-configuration of the firewall.

  • The CyberSecOP Team provided an analysis report and recommendation on root cause remediation.

  • The CyberSecOP Team assisted the client with the root cause remediation process and restored the network and email operation.

  • Based on the evaluation, The CyberSecOP team concluded this instance was not the result of a targeted attack.

CYBER SECURITY CISO SERVICES 

• Cyber Security CISO Digital forensics services

• Cyber Security CISO Vulnerability and risk assessments

• Cyber Security CISO Internal and external penetration testing

• Cyber Security CISO Policy and plan development

• Cyber Security CISO Configuration management, design, and remediation

• Cyber Security Consulting Enterprise security architecture design and re-design

• Cyber Security CISO Malicious code review

• Cyber Security CISO Computer Security incident response

• Cyber Compliance Operations

• Cyber Security Consulting Engineering and architecture design

• Cyber Security Consulting Operations management

• Cyber Security Consulting Application and software security assurance

• Cyber Security Consulting Insider threat and APT assessment

• Cyber Security Consulting Social engineering (targeted phishing)

• Cyber Security Consulting IT risk management and compliance

• Cyber Security CISO IT Network Security Consulting