|
Mycroft Security Consulting
General Approach
The Mycroft Risk Detection service from IT-Defense uses a proprietary methodology to identify threats and vulnerabilities to a customer’s IT infrastructure. Further, Mycroft generates a series of reports that articulate strategies and detailed action plans for removing vulnerabilities where possible and limiting exposure to outside and inside threats.
The Mycroft methodology consists of three phases that focus on understanding a customer’s holistic current information security risks. Mycroft provides a point in time view and action plan for managing subsequent mitigation and remediation activities. Phase one consists of identification of information technology assets, practices and policies. Phase two consists of correlating the assets with known threats, vulnerabilities and security best practices. Phase three consists of visualizing the results of phase one and two and creating a focused action plan.
Phase I – Asset Profiling
The initial phase in the Mycroft methodology is to obtain a baseline of all relevant information pertaining to the customer’s Information Technology infrastructure. During this phase an asset inventory is performed for the purposes of profiling IT assets by function, subcomponents, configuration, criticality and required service level parameters such as availability, information sensitivity and security requirements.
During this phase we also collect information about best practices and policies related to security. Some of these include security architecture, network architecture, continuity strategy and strategy for managing and administration of the asset.
Phase II – Risk Analysis
The second phase in the Mycroft methodology is to perform a comprehensive vulnerability and threat analysis for all the information collected during phase one. There are two primary tasks that are performed during this phase, a penetration test and a paper analysis of known vulnerabilities and threats correlated to the customer’s IT asset profile.
The paper analysis is performed using a patent pending automated methodology that we also market called Enterprise Sentinel. An overview of Enterprise Sentinel is provided in more depth here.
Part of the work performed during Phase II consists of IT-Defense attempting to penetrate the customer’s infrastructure using various vulnerability exploits that have been developed into automated tools. The purpose of these tools is to identify exposures in the IT infrastructure. These exposures may be related to vulnerabilities associated with specific vendor products, configuration anomalies or potentially human error.
Note that we do not use tools that are active in nature. We only use tools that will passively discover vulnerabilities so that business continuity and integrity are not compromised.
Phase III – Security Strategy and Plans
The last phase in the Mycroft methodology is the development of a work plan to mitigate all issues that have been identified during the first two phases. The work plan includes several reports, each representing a defined level of granularity. These include the following:
a high level scorecard that represents the exposure levels from a business view
a high level dashboard that represents the exposure levels from a technology view
a detailed dashboard that shows the number of vulnerabilities according to IT function
a detailed dashboard that shows a list of devices per vulnerability and threat
a detailed remediation strategy for each vulnerability and threat
a work plan that prioritizes tasks based on business criticality, dependence and threat probability
|
Delivering Results