Cyberis Blog

Reassuringly clear thinking.

  • Detect and respond

The Software Supply Chain

There are many different ways in which supply chain attacks can impact your cyber security resilience.  We all appreciate that third-party service providers may have access to physical premises, or to technical infrastructure, and that a compromise of these providers can grant that access to an attacker.  If you have smaller, or less-mature, suppliers in your supply chain, we know that they may have immature information security practices.  Because we think about these areas a lot, most businesses have pretty mature processes aimed at managing these risks in their supply chains.   One area where we often see weakness in our customers, however, is in management of the software inventory and their software supply chain.

Read more
  • Detect and respond
  • Red teaming

Using Red Teaming to upskill detection and response teams

When we talk about red teaming, it's quite easy for people to understand the benefits of using attacker techniques in our approach when it comes to exploring a particular attack pathway and to see the benefits of identifying the chains of vulnerabilities that allow a compromise to happen.  Quite frequently, though, people underestimate how effective red teaming can be when it comes to upskilling detection and response teams. I'd like to give an example of how - run well - red teaming can be used to improve detection and response outcomes.  This is, of course, an anecdote, but it certainly gives an idea of how performance changes when teams are challenged in the right way.

Read more
  • Detect and respond
  • Red teaming

Using Red Teaming to validate the performance of an outsourced managed service provider

Red teaming can provide assurance within a wide range of business scenarios.  One interesting scenario we explored recently with a customer, a firm within the education sector, involved a situation where they had outsourced detection of security incidents to an external MSSP.  As a result of a governance audit, our customer needed to determine whether the detective and corrective capabilities of the managed security services and associated internal technical controls functioned as expected across several lesser-seen compromise scenarios.

Read more
  • Detect and respond

EDR: Is It Worth It?

When working with smaller businesses, sometimes we’re asked whether Endpoint Detection and Response solutions are worth the money, over and above traditional anti-virus.  Much of the time, EDR is used in large enterprises in conjunction with a sizeable technical team of experienced professionals who engage in active response and threat hunting as their full-time job.  It can be difficult for smaller businesses to see where EDR might fit in.

Read more
  • Detect and respond

BlueKeep: Perimeter Assessments Remain As Important As Ever

The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter.  Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.

Read more
  • Detect and respond
  • Research

Microsoft Exchange Client Access Server Information Disclosure

If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners. Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.

Read more
  • Detect and respond

After the storm

You’ve had an incident.  You’ve managed the fall-out, contained the outbreak and restored normal service.  Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.

Read more
  • Detect and respond

Enacting your response

Situational awareness throughout incident response activities is of paramount importance.  As activities are conducted, new information is likely to emerge.  New information may completely change the objectives of your exercise, and teams need to be in constant communication in order to coordinate activities. Actions assigned to responders during an incident will be informed by the systems and data at risk, business continuity plans for these systems, and the objectives of the incident response exercise.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.