Bowline Security For Security Operations 2021
What you need to know
From 2020 through to 2021 we have been fighting not 1 but 2 global pandemics Covid 19 and Ransomware. Ransomware has been affecting the world more and more in the past few years. We have been fighting towards our goal in making cyber space safer in order to make the ‘New Norm’ of remote working safe.
In the past year and a half, we had to adapt to a lifestyle that no-one saw coming. We had to use technology to change how we do our jobs and work remotely. This has caused technology to change and focus more on remote working and portability. These changes have caused us to become hyper efficient and allow us to expand our businesses by allowing us to reach places we couldn’t before. This change in technology has allowed us to become more efficient however it has brought in some level of risk. Industries need to strive to fill in the gap in security left by adjusting to a new lifestyle so rapidly.
Many companies are opting to outsource these tasks as managed services or “as a service” offerings. This allows companies to integrate services from security professionals with their company processes without having to create new company departments not involved in productivity resulting in the company saving money and focusing on their productivity. “As a service” and managed services can provide quick and easy security competence.
Our Company Values
At Bowline we focus on cyber resilience.
What is Cyber Resilience? The ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises. We are aptly name Bowline Security after the Bowline knot which is known as one of the strongest knots not buckling under load as well as being one of the most universally used. We pride ourselves on not buckling under pressure as well as being adaptable enough to overcome any task.
The Security Operations Centre (SOC)
What is a SOC? It’s a facility that houses an information security team responsible for monitoring and analysing an organization’s security posture on an ongoing basis. The goal of a SOC is to detect, analyse and respond to any cyber security incidents by using technology and a strong set of processes (e.g. Incident Response Plan). The SOC is staffed with security professionals to oversee all security operations. The SOC team works closely with other teams to ensure any issues are dealt with quickly and efficiently.
The Penetration Testing Cycle
What is Pentesting? A Pentest is the process of simulating a cyber-attack against a computer system, network, application or website. This allows us to find exploitable areas and report on them allowing us to remediate any issues.
SOC Cycle – How it works
Our SOC works on a constant cycle analysing the company’s security posture.
Log Collection
This is the point at which we collect data and bring in into a single centralized location. We do this by collecting logs from windows and Linux servers, endpoints, firewalls etc.
All of these logs can be viewed and analysed from the SOC providing a global view of the organisation’s incidents.
Monitoring
All the data is imported and integrated into a SIEM to view the company’s security posture. Using the resources in the SOC we are able to scan the entire organisation to find any potential threats, breaches, suspicious activity and vulnerabilities. The software is then tuned according to the organisation to ensure speed and accuracy when reporting issues.
Incident Response
If we do find a threat from the SOC we will respond immediately to ensure the threat is stopped and neutralised. Our SOC will also ensure that the devices are secured and sanitized appropriately before the system returns back to operation.
Root Cause Analysis
In the case where a breach has occurred our SOC will investigate why the breach had occurred in the first place. A full investigation will be started and will be reported, this will feed back into our data into improving the organisations security.
Vulnerability Management
Our SOC also has the capability of vulnerability management. This is done by constantly scanning the organisations systems to find vulnerabilities. We recognise these vulnerabilities via constantly updating databases full of all the worlds known vulnerabilities. We then work to secure these vulnerabilities by means of policy changes, port closures or patches,
The Penetration Testing Cycle
A Pentest is the process of simulating a cyber-attack against a computer system, network, application or website.
Discovery and Reconnaissance
In this phase we are solely gathering information. We use Open source information and conduct scans in order to find vulnerability information on our target.
Vulnerability Exploration
After we gather all the necessary information, we then develop a tool to exploit the vulnerabilities that we have found in the first phase. This could be a malware strain for the specific vulnerability we have found. We will then find a method of delivering the created malware into the target system whether it be by social engineering or other means.
Exploitation
Once the malware is delivered into the target system. The Malware then gains access to the target system by either someone opening a file or by directly exploiting a vulnerability. The malware will then allow us to access the system providing us with the means to see how much information we can gather from the organisation.
Analysis and Reporting
Once that attack has been completed, we will analyse the results of all the test that we have done. We would then draft out a report on all the vulnerabilities found and our exploitation path and any concerns we may have with the security.
Remediation
We will then work with the internal IT Teams within the organisation to fix any issues that we have found and work towards making the entire security posture stronger.
Making the world a safer place to live, work & play.
Reduce security risks.
At Bowline, we believe people have the right to live, work and play in a world without fear of physical attack, fraud or financial loss. We make this possible by eliminating security threats.
