Remote Access Audit

Remote Access Audit (Threat Hunting)

These days, due to the COVID 19 pandemic, an extensive part of our work is done using remote access.
Remote access increases the organizational exposure to malware coming from multitude of desktops – employee's or supplier's owned.

The threat hunting audit is a special, short and focused assessment, with a special Corona days price

• Identification of irregularities indicating malware activity in VPN traffic in past weeks
• Recommending blocking methodology that does not interfere with production activities

Manual inspection of Firewall, IPS and WAF log files

• Identification of irregularities indicating malware activities
• Inspection of the indication to find the nature and source of traffic
• Identification of activity and linkage to known or unknown threats
• Defining of block options malware removal for the remote system
• Recommendations for the optimization of remote access – specific definition for each remote source

Deliverable
A detailed report providing detailed recommendation for the organization, including specific hardening requirements.

Inspection of the production systems, identification and isolation of threats - sources and targets, neutralizing of the threats and deactivation of in-progress events. Defining of:

• Best practices for processes such as VPN hardening
• VPN segmentation rules
• Allowed or banned VPN based services such as access from a non-organization owned hosts
• Prevention of the opening of organization owned communication services to uncontrolled traffic such as 150 and 151 web sites
• Secure Video Conferencing such as Zoom

• Single one-time audit
• Bi-weekly audit for the 2-3 months
• Expanded audit for critical systems and support in implementation of findings