IO Security is the product of 25 years of information security services provided to its parent company IDT Corporation (NYSE: IDT, GNE, STRP,RLF,IDW). IDT is involved in telecom, banking, debit cards, energy, media and pharmaceuticals. As such, it is subject to advanced attacks in these various verticals globally on a regular basis. IOS takes the expertise developed and continually refines and offers it to enterprise and government clients.
CENTERS OF EXPERTISE
- CLOUD SECURITY
ENTERPRISE SECURITY ARCHITECTURE
ADVANCED THREAT PROTECTION
INTERNET OF THINGS
Security Architecture and Implementation
Incident Detection, Investigation and Remediation
Monitoring and Reporting Services
Threat and Vulnerability Assessments
Compliance Gap Analysis
Advanced Endpoint Security
Data Leak Prevention
Intrusion Detection and Prevention
Application and Threat Visibility Monitoring and Reporting
Load Balancing, DDoS Protection, WAN SDN
Secure Remote Access
Real Time Security Analytics
DETAILS OF SERVICES
IO Security provides a variety of Information Security services to enterprise and government clients. What distinguishes IOS is the excellence of its analysts and the leading-edge proprietary and commercial software tools it uses. Moreover, IOS employs an unsurpassed level of orchestration and automation which significantly speeds up the assessment process and makes it more cost effective.
MANAGED SECURITY SERVICES PROVIDER
IO Security provides 24/7/365 MSSP services from its dedicated Security Operations Center (SOC) in Newark , NJ to enterprise and government clients. IOS manages key aspects of the organization’s security needs or co-manages depending on the customer’s needs. Services include:
- Incident Response, Investigation and Remediation management,
- Threat Hunting
- Endpoint Security Management—Prevention, Detection, Response, Remediation
- SIEM Management
- Firewall Management
Due to the high level of alerts that can come into an organization on a daily basis, overtaxed analysts often dial up the threshold investigation level or ignore certain low level alerts. The high level of automation which IOS employs enables us to deal expeditiously and with many low-level alerts, minimizing false positives while not compromising on the client’s security. Our analysts are able to focus attention on higher level alerts.
NETWORK AND ENDPOINT COMPROMISE ASSESSMENT
IO Security, Inc.’s Compromise Assessment evaluates your organization’s security posture to determine if a breach has happened or is actively occurring. During this process IOS will determine where a compromise has occurred, and provide tactical and strategic recommendations for preventing another attack. IOS takes a preventative approach through the use of a multi-layered security regime, leveraging best in breed endpoint and next-generation network threat detection to rapidly identify threats that may have bypassed the organizations existing security controls. The assessment involves three primary phases:
- Hunting, investigation and remediation,
- Addressing key malicious behavior, including: Data exfiltration and sabotage, command and control activities, user account anomalies, malware and persistence mechanisms, and
- Network, host and application configurations.
This assessment is designed to help organizations discover critical unknowns that may be lurking in systems, waiting to be a source of future compromise.
Vulnerability scans are performed on your organization’s external and/or internal IP- based systems and networks. A variety of scanning techniques are employed to survey the security posture of the target IP-based systems and networks. These scans proactively test for known vulnerabilities and the existence of mainstream best practice security configurations.
- External Scanning addresses all internet-facing assets such as routers, firewalls, web servers and e-mail servers for potential security weaknesses, checking for “open doors” that could allow a hacker to gain unauthorized access to the network and exploit critical assets.
- Internal scanning addressed all internal asets suhc as workstations, intranet servers, and printers for Trojans, improper configurations, peer-to-peer file sharing programs.
The scans will cover CVEs as well as other standards such as SCAP utilizing the NVD which includes lists of common misconfigurations and security-related software flaws. Additional vulnerabilities and misconfigurations discovered are open ports, weak passwords, default accounts and passwords. The scans can also check the system against a configuration or security baseline to identify unauthorized changes. IOS analysts verify the scan results and determine potential vulnerabilities. Following that, IOS analysts can validate the vulnerabilities through exploitation and other analyses.
Penetration testing goes beyond vulnerability scanning to use multistep and multivector attack scenarios that first find vulnerabilities and then attempt to exploit them to move deeper into the enterprise infrastructure. A penetration test performed on Internet-facing assets is an External Penetration Test (EPT). A penetration test performed on internal facing assets is an Internal Penetration Test (IPT).
External Penetration Testing (EPT)
- IO Security’s external penetration testing is comprehensive exposing not only the intruder’s view of the system, but also examining the configuration and management of the systems. IOS designs the EPT to cover all in-scope system platforms, network connections, software and databases.
- We carry out a detailed examination of vulnerabilities detected on each in-scope targeted device connected to a client’s external network using sophisticated test scripts and tools in an attempt to compromise each targeted host.
Internal Penetration Testing (IPT)
Internal penetration testing exposes the risks associated with a network attack carried out from inside the network. There are hundreds of opportunities to open up new paths between the internal network and the Internet from within the network, most without any malicious intent on the part of the user. In addition, recent studies indicate that about half of all successful attacks come from inside the network. An internal penetration test exposes your organization’s most dangerous security weaknesses, enabling it to take immediate action to eliminate them. IOS employs technology that enables us to perform an IPT over the Internet, sparing the client the disruption and extra cost of analysts visiting its premises to perform the test.
The analyst pursues the path of least resistance to compromise the domain or selected devices. The test is complete once the analyst gains unfettered access to confidential information or we exhaust all apparent paths to compromise the domain and/or selected in-scope devices.
IOS employs cutting edge processes and techniques to identify and track hardware such as servers, workstations, laptops, routers and switches and map the network.
An expert team of IO Security’s analysts and engineers immediately respond to security incidents incurred by the organization. The phases of incident response are characterized as follows:
Preparation—IOS takes a preventative approach through the use of a multi-layered investigation suite of tools, leveraging best in breed endpoint and next-generation network threat detection and threat hunting to rapidly identify the intrusions that have bypassed the organization’s existing security controls and caused the incident.
Identification—Detect the incident, determine its scope, and involve the appropriate parties.
Analysis—IOS prioritizes its search for malicious behavior based on the customer’s hierarchy of sensitivities, including: data exfiltration and sabotage, command and control activities, user account anomalies, malware and persistence mechanisms, and network, host and application configurations. This assessment helps organizations discover critical unknowns that may have been be lurking in systems and have been the source of the breach.
Containment—Containment focuses on limiting the damage as soon as possible and minimizing its effect on neighboring IT assets. The second step is system back-up, taking a forensic image of the affected systems in order to capture the affected systems as they were during the incident and thereby preserving evidence in the event the incident resulted from a criminal act or to use snapshot of the infected system in the learning the lessons of the incident. Long term containment involves removing backdoors and/or accounts left by attackers on affected systems, and patching both affected and neighboring systems.
Eradication—deals with the actual removal and restoration of affected systems. In general a complete reimaging of the system’s hard drive is performed to ensure that any malicious content has been removed and to prevent reinfection. One would scan affected systems and/or files with anti-malware software to ensure that any malware that is latent is removed
Recovery—restore the systems into the production environment carefully, to ensure that there is not another incident. It is essential to test, monitor, and validate the systems that are being put back into production to verify that they are not being re-infected by malware or compromised by some other means.
Lessons Learned—Document in the incident’s detail, retail collected data and discuss lessons learned.