IO Security is the product of 25 years of information security services provided to its parent company IDT Corporation (NYSE: IDT, GNA, STRP, RLF, IDW). IDT is involved in telecom, banking, debit cards, energy, media, and pharmaceuticals. As such, it is subject to advanced attacks in these various verticals globally on a regular basis. IOS takes the expertise developed and continually refines and offers it to enterprise and government clients.
Centers of Expertise
- Cloud Security
- Enterprise Security Architecture
- Advanced Threat Protection
- Internet of Things
- Threat Intelligence
- Network Security
IO Security provides a variety of Information Security services to enterprise and government clients. What distinguishes IOS is the excellence of its analysts and the leading-edge proprietary and commercial software tools it uses. Moreover, IOS employs an unsurpassed level of orchestration and automation with significantly speeds up the assessment process and makes it more cost effective.
- Security Architecture and Implementation
- Incident Detection, Investigation, and Remediation
- Monitoring and Reporting Services
- Firewall Migrations
- Threat and Vulnerability Assessments
- Penetration Testing
- Compliance Gap Analysis
- Advanced Endpoint Security
- Data Leak Prevention
- Intrusion Detection and Prevention
- Application ad Threat Visibility Monitoring and Reporting
- Load Balancing, DDoS Protection, WAN SDN
- Secure Remote Access
- Data Governance
- Real Time Security Analytics
- Two-factor Authentication
Managed Security Services Provider
IO Security provides 24/7/365 MSSP services from its dedicated Security Operations Center (SOC) in Newark, NJ to enterprise and government clients. IOS manages key aspects of the organization’s security needs or co-manages depending on the customer’s needs. Services include:
- Incident Response, Investigation and Remediation Management
- Threat Hunting
- Endpoint Security Management: Prevention, Detection, Response, Remediation
- SIEM Management
- Firewall Management
Due to the high level of alerts that can come into an organization on a daily basis, overtaxed analysts often dial up the threshold investigation level or ignore certain low level alerts. The high level of automation which IOS employs enables us to deal expeditiously and with many low-level alerts, minimizing false positives while not compromising on the client’s security. Our analysts are able to focus attention on higher-level alerts.
Network and Endpoint Compromise Assessment
IO Security, Inc.’s Compromise Assessment evaluations your organization’s security posture to determine if a breach has happened or is actively occurring. During this process IOS will determine where a compromise has occurred, and provide tactical and strategic recommendations for preventing another attack. IOS takes a preventative approach through the use of a multi-layered security regime, leveraging best in breed endpoint and next-generation network threat detection to rapidly identify threats that may have bypassed the organization’s existing security controls. The assessment involves three primary phases:
- Hunting, Investigation, and Remediation
- Addressing key malicious behavior, including: data exfiltration and sabotage, command and control activities, user account anomalies, malware and persistence mechanisms
- Network, host, and application configurations
This assessment is designed to help organizations discover critical unknowns that may be lurking in systems, waiting to be a source of future compromise.
Vulnerability scans are performed on your organization’s external and/or internal IP-based systems and networks. A variety of scanning techniques are employed to survey the security posture of the target IP-based systems and networks. These scans proactively test for known vulnerabilities and the existence of mainstream best practice security configurations.
- External scanning addresses all internet-facing assets such as routers, firewalls, web servers, and email servers for potential security weaknesses, checking for “open doors” that could allow a hacker to gain unauthorized access to the network and exploit critical assets.
- Internal scanning addresses all internal assets such as workstations, intranet servers, and printers for Trojans, improper configurations, peer-to-peer file sharing programs.
The scans will cover CVEs as well as other standards such as SCAP utilizing the NVD which includes lists of common misconfigurations and security-related software flaws. Additional vulnerabilities and misconfigurations discovered are open ports, weak passwords, default accounts and passwords. The scans can also check the system against a configuration or security baseline to identify unauthorized changes. IOS analysts verify the scan results and determine potential vulnerabilities. Following that, IOS analysts can validate the venerabilities through exploitation and other analyses,
Penetration testing goes beyond vulnerability scanning to use multistep and multivector attack scenarios that first find vulnerabilities and then attempt to exploit them to move deeper into the enterprise infrastructure. A penetration test performed on Internet-facing assets is an External Penetration Test (EPT), while a penetration test performed on internal-facing assets is an Internal Penetration Test (IPT).
External Penetration Testing (EPT)
IO Security’s external penetration testing is comprehensive, exposing not only the intruder’s view of the system, but also examining the configuration and management of the systems. IOS designs the EPT to cover all in-scope system platforms, network connections, software, and databases.
We carry out a detailed examination of vulnerabilities detected on each in-scope targeted device connected to a client’s external network using sophisticated test scripts and tools in an attempt to compromise each targeted host.
Internal Penetration Testing (IPT)
Internal penetration testing exposes the risks associated with a network attack carried out from inside the network. There are hundreds of opportunities to open up new paths between the internal network and the Internet from within the network, most without any malicious intent on the part of the user. In addition, recent studies indicate that about half of all successful attacks come from inside the network. An internal penetration test exposes your organization’s most dangerous security weaknesses, enabling it to take immediate action to eliminate them.
IOS employs technology that enables us to perform an IPT over the Internet, sparing the client the disruption and extra cost of analysts visiting its premises to perform the test. The analyst pursues the path of least resistance to compromise the domain or selected devices. The test is complete once the analyst gains unfettered access to confidential information or we exhaust all apparent paths to compromise the domain and/or selected in-scope devices.
IOS employs cutting-edge processes and techniques to identify and track hardware such as servers, workstations, laptops, routers, and switches and maps the network.
An expert team of IO Security’s analysts and engineers immediately respond to security incidents incurred by the organization. The phases of incident response are characterized as follows:
IOS takes a preventative approach through the use of a multi-layered investigation suite of tools, leveraging best in breed endpoint and next-generation network threat detection and threat hunting to rapidly identify the intrusions that have bypassed the organization’s existing security controls and caused the incident.
Detect the incident, determine its scope, and involve the appropriate parties.
IOS prioritizes its search for malicious behavior based on the customer’s hierarchy of sensitivities, including:
- data filtration and sabotage
- command and control activities
- user account anomalies
- malware and persistence mechanisms
- network, host, and application configurations
This assessment helps organizations discover critical unknowns that may have been lurking in systems and have been the source of the breach.
Containment focuses on limiting the damage as soon as possible and minimizing its effect on neighboring IT assets. The second step is system back-up, taking a forensic image of the affected systems in order to capture the affected systems as they were during the incident, thereby preserving evidence in the event the incident resulted from a criminal act or to use as a learning tool. Long term containment involves removing backdoors and/or accounts left by attackers on affected systems, and patching both affected and neighboring systems.
Eradication deals with the actual removal and restoration of affected systems. In general, a complete reimaging of the system’s hard drive is performed to ensure that any malicious content has been removed and to prevent reinfection. IOS analysts will scan affected systems and/or files with anti-malware software to ensure that any malware that is latent is removed.
Recovery is when IOS restores the systems into the production environment carefully to ensure that there is not another incident. It is essential to test, monitor, and validate the systems that are being put back into production to verify that they are not being re-infected by malware or compromised by some other means.
After recovery, IOS documents in the incident’s detail, retail collected data, and discuss the lessons learned.