Cyber Security

The best way to check whether your safe is truly secure is to hire a locksmith to try and break it. By the same token, the most reliable way to secure your applications and infrastructure is to hire people who think like hackers – but who still adhere to laws, and use their skill set to help improve your safety. VBR CyberTeam’ white hat’ hackers can help you identify how to safeguard your sensitive information, and protect your company’s finances and reputation.

Infrastructure Penetration Test

Infrastructure penetration test assess the current infrastructure of the company and allows the tested organization to know what are the weak spots in it. The test focuses on the servers, network components, and their structure, in order to find exploitations that can be used by hackers, using the methods and tools of real hackers. The test team recommends on mitigation that enable the company to harden its current infrastructure components, and if necessary, even change its structure.

Network penetration test

The integrity of a company is measured by its outer and inner defenses. The organization connects to the Internet using interfaces and ports, which sometimes can be breached and open a doorway for attackers. Also, the company is in danger from malicious employees, who wish to cause harm to internal components.

The network test is divided to two assessment:

Internal - The assessment team receives a "port in the wall" or a company's computer and assess the security of the company based on attacks performed on the company. The assessment allows the company to gauge its internal protection from malicious and disgruntled employees.

External - The assessment team tests the external environment of the organization for open ports and interfaces and simulates an actual attack of malicious entities.

Application penetration test

"Attack simulations" can be done both to applications and to servers or network devices. A team of hackers will not limit themselves to just one level, but do as best as they can to hack deep into a system. For instance, when attacking a server, the hacker will research the known databases for known vulnerabilities and try to use them, to attack the server. When trying to attack an application, different approaches will be used. The penetration of a network device such as router or Accordion Sample Titleswitch calls for a specific set of skills. VBR CyberTeam combines the skills and proficiency to perform all these tests, as in "real world" situations

White Box

With the white box approach, the testing team is provided with any information required to best assess the security of the tested environment, including source code, configuration files, documentation, diagrams, etc. This allows for a thorough review of the system, identifying not only immediate vulnerabilities, but also potentially hazardous code sections and configurations, backdoors, and architectural flaws. While providing the most thorough testing, white box testing may require both more resources on the tester side as well as on the customer's side, providing the relevant information. This type of approach is therefore most suited for highly sensitive environments.

Pros:
• Extremely thorough.
• Remediation recommendations very accurate.
• Allows detection of non-immediate threats, as well as architectural and configuration flaws.

Cons:
• Requires substantial amounts of resources of both tester and customer.
• Does not simulate a real-life attack scenario (May be dismissed by the organization...)

Tests performed in this Methodology:

• Application Code Review (recommended in correlation with an Application Penetration Test)
• Design & Architecture Review
• Server Configuration Audits
• Network Audits

Black Box

With the black box approach, the testing team simulates the method of operation of an actual hacker. The tester is provided with only publically available information, and attempts to identify security holes that could compromise sensitive information or operations in the system. When properly applied, this approach can simulate not only random hackers, but also dedicated hackers that obtain some initial access to the system, as is available to the public. As this approach best imitates what a real hacker would do, it excels in providing the customer with a realistic assessment of the immediate risk level the system is exposed to. Any finding identified in such a black box test is likely to be identifiable by an attacker as well.

Pros:
• Provides realistic threat estimation
• Gets the message through (If we could do this, others may too)
• Requires minimal efforts from the customer.

Cons:
• May require spending effort on information gathering
• May miss backdoors or partial vulnerabilities
• Remediation recommendations can only be general

Tests performed in this Methodology:

• Application Penetration Testing
• Infrastructure/Network Penetration Testing
• Full Attack Simulation

Grey Box

The grey box approach takes the middle way between black box and white box. Grey box tests y performed using methods similar to those of black box testing, thus simulating real world attacks. However, unlike black box tests, the attacker is provided with substantial technical information on the system, and is permitted to require additional information to be used for identifying additional information with short pinpointed white box like reviews. This approach is a high cost-effective way to identify as many real-world threats as possible in the shortest available time, thus making it the most cost-effective way to perform security assessments, when the more absolute values of black box and white box are not necessary.

Pros:
• Most Cost-Effective
• Provides realistic threat estimation

Cons:
Does not simulate as real-life attack scenario as a black-box test (Might not be taken as seriously by the organization, and therefore is recommended only once security is already understood)

Tests performed in this Methodology:

• Application Penetration Testing (With partial code review)
• Infrastructure & Network Penetration Testing (With review of network and server configuration)
• High level design & architecture Review

Mobile Penetration tests

Even though it is hard to believe that smartphone exist less than 10 years, they have become an integral part of our daily lives and business. With the growing usage of the smartphones, the viruses for them has dramatically increased, with several millions of active malwares designed especially for them, designed from stealing your contacts to causing intentional harm to your organization servers.

During the mobile test, we test your mobile application, its tendency to be hacked, and the ways it can be used in malicious ways.

The best way to avoid an attack is to prepare for it, and take measures to prevent it before it even happens. In today’s cyber-world, the odds are that your organization will be attacked by malicious entities. A proactive approach allows you to identify those entities, find out what their attack methods are likely to be, and mitigate your inherent vulnerabilities. Then, when the attack comes, you will be ready for it. The first step is to perform a cyber assessment, which deals with the permanent threats and actors that aim to attack your organization. In our experience, attackers today do not necessarily have an ‘end-game’ in mind when they launch an attack, meaning that attacks can be persistent, and consistent.

In order to perform a cyber assessment, the team first maps the organization's best practices using our proven methodology, and identifies the threats that exist in the organization. In addition, we recommend that the organization use threat intelligence reports that help to identify the current activities and threat actors that pose a risk to the organization, based on OSint, WEBint, CYGint & HUMint. This service not only provides you with news feeds and alerts, but gives you a concrete state of affairs regarding your organization, and provides you with recommendations.

Cybersecurity Assessment

In the world of cyber warfare, many organizations know that they will be attacked, but not what will be the targeted assets. In the cyber assessment, we aim to identify those potential targets, find their various weaknesses and vulnerabilities, and recommend how to mitigate them, allowing a better protection against an attack.

The cybersecurity assessment is comprised of the following stages:
• identifying critical systems prone to cyber attacks
• Identifying critical business functions affected by cyber attacks
• Mapping relevant threat actors posing as a threat to the client
• Identifying key initiatives for improving security.

The assessment uses global leading practices of Department of Homeland and is backed by NIST standards.

Cyber threat intelligence

VBR CyberTeam’s view on Threat Intelligence differs from many providers with a focus on the risk in context for each unique organization. A successful threat intelligence program needs to answer the following:
• Who is likely to attack?
• What kind of attack will they initiate?
• When will the attack occur?

An integrated threat intelligence capability begins with an understanding of the business risks and tolerances, each organization's unique threat landscape and capabilities to detect, react, complicate and respond to threat conditions.

Graphics… to be completed by Oren

The threat intelligence is not a usual information feed, which can be derived from anywhere, but concentrates on the needed information, based on the business logic and flows of the organization, and understanding the vulnerabilities that exist in it.

Secure Development Life Cycle

According to researches, one hour of fixing a code during the development stage is equal to 500-1,000 hours of work in an applicative platform. The purpose of SDLC (Security Development Life Cycle) is to delete as much problems in later stages of the development in order to save hours and cause delays in release.

SDLC methodology implemented today in almost every new project, include a chapter describing how to do a Secure Design to a system.

VBR CyberTeam consultant’s expertise in such projects, bringing ROSI (Return of Security Investment) to many of our client implementing SDLC and Secure Design in their Research and Development departments and as a company policy.

Denial of Service Durability Assessment

Distributed Denial of Service (DDoS) Durability Assessment tests the organization's ability to deal with handling a DoS attack that is simultaneously performed from several millions of botnets. DDoS attack aims at crashing the site and exhausting its resources, and thus, cause reputational and financial damage.

The assessment team identifies and maps the organization's infrastructure, and writes various DDoS scenarios based on their findings. Afterwards, each scenario is played out and checks if the system crashes.

An incident has occurred in your company. It could be related to one of the employees (internal) or an outside attack. Forensic investigation is a task that requires specialized knowledge, procedures, tools, and a well-equipped lab environment. Proper investigation and evidence collection that is focused on forensically-sound processes is an absolute necessity. This approach ensures that the forensic process can withstand the scrutiny of opposing legal counsel, if necessary. We provide our clients with services including retrieval, preservation, and reproduction of data found on digital devices. Such devices may include computers, cellular phones, hard drives and network.

Forensics & Incident Response

Computer Crime at your Doorstep
Computer crime is everywhere, and the statistics are on the rise. The Center for Strategic & International Studies reports that almost all of the Fortune 500 companies have been hacked during recent years.

Know Your Attacker

Digital forensics is a branch of forensic science that combines legal elements and digital devices. Whether your company is, or was a subject of an attack, digital forensics can assist you with answering the following questions: • When did the incident occur? • Who performed the incident? • What information was disclosed?

It’s all about timing

Proactive

It is important to be prepared to handle information security incidents before they occur. A well-executed response can reveal the true extent of a compromise and may assist with preventing future ones. Rather than relying on chance, companies should search for incidents that currently take place and were not yet detected. This way, companies are able to mitigate facts and not only possibilities discovered during security assessments.

We perform proactive services for clients, including the following, while maintaining strict customer confidentiality:
• Proactive Web Forensics
• Mobile Forensics
• Cloud Forensics
• Malware assessment
• Security controls design
• Incident response plan development
• Training

Incident Response

24/7/365 response defined by Service Level Agreements

VBR CyberTeam forensics department has experienced incident response team with years of experience in information security, malware analysis, and forensic investigations. We perform investigations on network components, operating systems, databases applications and more. We shall:
• Forensically preserve the data
• Analyze the evidence to determine the perpetrator
• Provide recommendations for the compromised systems

Forensics Investigation

An incident has occurred in the company. It could be related to one of the employees (internal) or an outside attack. Forensic investigation is a task that requires specialized knowledge, procedures, tools, and lab environment. Proper investigation and evidence collection focused on forensically sound processes, is an absolute necessity. This ensures that the forensic process can withstand the scrutiny of an opposing legal counsel.

We provide our clients retrieval, preservation, and production of data found on digital devices. Such devices may include computers, cellular phones, HDs, and network.
• Forensic investigation
• Malware analysis & Reverse Engineering.

The world of information technology security involves much more than just penetration tests. VBR CyberTeam provides industry and company managers to take a proactive approach to their information security, and identify their status in the cyber world. We can help you to discover the answers to questions like: What is the condition of your organization based on IT security terms and benchmarks? Can attackers breach your walls of defense and steal valuable information? If another organization from your field is hacked, how will it affect your organization?

Cybersecurity Program Management (CPM)

Holistic approach based on meaningful analytics.

Few companies today have the appropriate skills and resources in-house to effectively secure their information assets and at the same time optimize business performance. Organizations in all sectors can benefit from an objective assessment of their information security programs and structures.

VBR CyberTeam’s innovative CPM framework is built upon a meaningful analysis of how information security shapes and fits into an organization’s overall risk management structure. At its foundation is a clear focus on the organization’s strategic priorities and business objectives.

A CPM assessment assists with:
• Understanding your organization’s risk exposure
• Assessing the maturity of your current Information Security Program and identifying areas for improvement
• Building a prioritized roadmap for project investments and organizational change initiatives
• Collecting information to create benchmarks against other organizations
• Validating that your security investments have improved your security posture.

Cyber Liability Insurance Consulting

A 2013 study by the Ponemon Institute found that the average annualized cost for 56 benchmarked organizations for cyber risk was US$8.9 million a year, up from US$8.4 million in 2011. With a range from US$1.4 million to a staggering US$46 million per year.

An insured company will be covered for:
• Investigating the breach
• Restoring their systems
• Handle the notification
• Customer service costs related to the breach
• Lost profits from downtime

Corporate insurance policy, aimed at handling:
• 1st party damages – covering cost of digital forensics and expenses related to damages due to cyber security breach on the company’s network.
• 3rd party damages - covering expense that insured due to a cyber related incident at a 3rd party service provider that have hosted the policyholder’s PII, sensitive data.

VBR CyberTeam Cyber Insurance offers:
• Assessing the security posture of the policyholder (Yearly)
◦ Performing an IT Security maturity assessment (extended CPM).
◦ Assisting the Insurance company evaluate the risk.
• Provide digital forensic services to policyholders that have been breached (on call)
◦ Setup a dedicated incident response team comprised of content experts with a global reach.
• Offer cyber complexity evaluation services for the insurance industry (per claim basis)
◦ Building on VBR CyberTeam’s unique cooperation with Kaspersky Labs.
◦ Provide the insurance carrier with a capability to explore root cause and attribution (cybercrime, hacktivism, nation – state).

The training that we provide at VBR CyberTeam enables our new hires to understand, in depth, the way hackers think and operate. This kind of education provides a far richer and deeper understanding of attackers and attacks than simply teaching them to use hacking tools that can be found in the internet. Most of the training is directly related to the responsible trainer’s knowledge and experience acquired in the course of working, rather than just teaching the tools.

VBR CyberTem trainers are professional ethical hackers who spend most of their time working on ‘real-world’ penetration testing projects, and guiding developers in SDLC projects. The training sessions are based on examples from ‘project stories’, and use case studies occur on a day-to-day basis.

The training includes hands-on practice on the unique Luftgescheft Bank testing environment, which simulates a real online banking application and enables the students to put into practice the material they learned during training.

Training

It was Goethe that said "Knowing is not enough; we must apply".

Based on that spirit, VBR CyberTeam delivers classes that:
• Are up to date with the most recent technological advancements
• Train people to think like hackers, not "just another tools" course
• Base the training on 70% hands on experience
• Use "street wise" methods that are common in the market rather than talking theoretically

The training that we provide at VBR CyberTeam enables our new hires to understand, in depth, the way hackers think and operate. This kind of education provides a far richer and deeper understanding of attackers and attacks than simply teaching them to use hacking tools that can be found on the internet. Most of the training is directly related to the responsible trainer's knowledge and experience acquired in the course of working, rather than teaching the tools.

Introduction to Security

This introductory one-day training is designed to provide basic understanding of the security threats facing network systems today. The first half of the day focuses on increasing awareness of security by performing a live hacking demonstration and presenting real hacking incidents from last year.

The second part of the training provides a basic understanding of security concepts followed by explanations of existing threats and the security flaws leading to them, with emphasis on application security. Finally, security principles and techniques are discussed for mitigating these threats.

Secure Development

.NET

This course is designed to help students learn how to build secure .NET applications by presenting them with the point of view of a potential attacker. Unlike other courses, in this course students will first be presented with actual demonstrations of attacks on Luftgescheft Bank, which simulates a real .NET online banking application, providing them with an understanding of how hackers operate. This approach makes it easier for the students to process and implement the principles and techniques presented later in the course.

The training includes general guidelines for creating secure code under .NET, as well as detailed information regarding the significant security mechanisms in .NET. Every topic will be presented using vulnerable code samples from Luftgescheft Bank followed by alternative, secure, code samples based on the material learned.

JAVA

The course will present security guidelines and considerations in Java applications development. The participants will learn the basics of application security, how to enforce security on a J2EE application, enabling standard J2EE security mechanisms and other security related issues.

Web Application Hacking

Web Application Hacking Training is designed to provide its audience with a profound understanding of application hacking techniques and the ability to apply these techniques while performing security testing on web applications. During the training, students will learn to understand the programming faults which lead to application level vulnerabilities, as well as actual hacking techniques for the vulnerabilities.

The training includes hands on practice on the unique Luftgescheft Bank which simulates a real online banking application and allows the students to practice the material learned in the training.

Security for QA

Web Application Security Testing training is designed to provide its audience with understanding of web application testing techniques and the ability to apply these techniques as part of the QA process of web applications. During the training the students will learn to understand the programming faults which lead to application level vulnerabilities, as well as actual testing techniques for the vulnerabilities.

The training includes hands on practice on the unique Luftgescheft Bank which simulates a real online banking application and allows the students to practice the material taught.

Security for Architects and Project Managers

The Security for System Architects course is a unique course providing system architects, project managers and system analysts the tools for properly embedding security into the design of systems in the early stages.

In the first half of the training, students are presented with the modern world of security, common threats, and basic security concepts and principles for creating secure systems. The second half of the training focuses on a detailed guided lab for creating a secure design, giving the students the opportunity to learn the material hands-on.