Insurance Security Case Studies & Forensics Analysis

• Client: Major International Insureance Firm
• Incident: At 11:00 pm the corporate network went down.
  • Users could not log onto the network via SSO and Active Directory 
  • The entire corporate central authentication systems where not working 
  • Without a way to authenticate email services where inaccessible 
• Additional information shared:
  • The client is a large insurance firm with a prominent public profile.
  • The breach was initially suspected to be a targeted attack.
  • Multiple media sources had written accounts of a specific group’s sophisticated hacking capabilities.
• Actions taken during the Forensics Analysis:
  • An Incident Response and Forensics Analysis Team was deployed to the client site within 4 hours.
  • All available evidence was imaged and backed up.
  • Logs were gathered from the internal/external web servers, firewall, routers, IDS/IPS, Windows event logs.
  • Evidence files obtained from server hard drives were analyzed.
  • All collected logs were correlated and analyzed.
  • Services and processes on the effected computers were analyzed.
  • Windows Server, Router and firewall configurations were analyzed.
  • Every step of the investigation was documented in detail.
• Results:
  • The CyberSecOP team discovered a sophisticated botnet with command and control software installed.
  • The botnet changed the security policies on the servers preventing authorized users from logging in.
  • The botnet was a brand new form of malware, and no public information was available until 12 days later.
  • The root cause of the vulnerability was determined by the CyberSecOP team to be due to a mis-configuration of the firewall.
  • The CyberSecOP Team provided an analysis report and recommendation on root cause remediation.
  • The CyberSecOP Team assisted the client with the root cause remediation process and restored the network and email operation.
  • Based on the evaluation, The CyberSecOP team concluded this instance was not the result of a targeted attack.

Cyber Security CISO Services 

• Cyber Security CISO Digital forensics services
• Cyber Security CISO Vulnerability and risk assessments
• Cyber Security CISO Internal and external penetration testing
• Cyber Security CISO Policy and plan development
• Cyber Security CISO Configuration management, design, and remediation
• Cyber Security Consulting Enterprise security architecture design and re-design
• Cyber Security CISO Malicious code review
• Cyber Security CISO Computer Security incident response
• Cyber Compliance Operations
• Cyber Security Consulting Engineering and architecture design
• Cyber Security Consulting Operations management
• Cyber Security Consulting Application and software security assurance
• Cyber Security Consulting Insider threat and APT assessment
• Cyber Security Consulting Social engineering (targeted phishing)
• Cyber Security Consulting IT risk management and compliance
• Cyber Security CISO IT Network Security Consulting