Detection and Compromise Assessment

Assess your Detection Architecture, Capabilities and Maturity Level

IT Minister performs an independent assessment of the current maturity level of detection architecture and detective capabilities in your organization. The assessment gives management and technical stakeholders an overview of the overall maturity level compared to industry best practices.

Detection Assessment Method

We analyse your current detection capabilities based on our extensive experience from both the defensive and the offensive side as well as industry best practices. We cover topics ranging from logging prerequisites, log collection, logging architecture, and governance to actual implemented detections/use cases.

Our assessment is based on information collected on an initial workshop with your key stakeholders as well as information exported from the SIEM tool, topology drawings,etc.

We use the CMMI Institute’s 5 Levels of Capability and Performance framework to measure the maturity level of the NIST Cybersecurity Framework’s detection categories (DE.AE - Detect Anomalies and Events, Detect Security Continuous Monitoring DE.CM and Detect Detection Processes DE.DP).

If detections are already in place, we will map them to MITRE’s ATT&CK framework.

Dection Assessment Involvement:

Dection Assessment Value:

Dection Assessment Product - A Written Report Containing:

A non-technical section with an Executive Summary for management and decision makers to help in their strategic planning, budgeting and prioritization.

A technical section covering:

All technical sections will have suggestions for improvements, if applicable.

Design, Implement and Operate a SOC/SIEM Solution According to Industry Best-Practice

Whether you are just starting your log collection journey, looking to implement a SIEM solution, or considering if you should create a fully-fledged Security Operations Centre (SOC), IT Minister provides independent advice to guide you through the process.

Build Excellent Dection Method

We analyze and advise based on our extensive experience from both the defensive and the offensive side as well as industry best practices.

We utilize components from frameworks such as MITRE’s ATT&CK, CMMI’s Maturity Levels as well as recommendations from the National Cyber Security Centre, National Security Agency (NSA) and NIST.

Build Excellent Dection Involvement:

Build Excellent Dection Value:

This service will help you plan your journey and find the answers to questions like:

Build Excellent Dection Product

We run a workshop to discuss log collection best practices, SIEMs and the components of a Security Operation Center (SOC). The goal of the workshop is to give you an understanding of what it requires to implement and successfully operate a SIEM/SOC. We will cover three areas:

We will tailor the workshop to focus on SIEM, SOC or both, depending on your requirements.

The notes from the workshop can be used as a high-level plan for how you should proceed after the workshop - what you should do next.

Identify Adversaries and Malware that have Established Persistence in your Environment

IT Minister threat hunting team looks for malware and successful intrusions in your Windows environment. We focus on the persistence phase of the cyber kill chain and take advantage of the fact that modern adversaries and malware typically establish a persistent foothold once they have breached a target infrastructure. This leaves traces in the environment, which our hunt team seek to uncover.

Compromised Method

Using a deployed agent on the Windows hosts, we extract a selection of artifacts to conduct an analysis looking for indicators of compromise as well as abnormalities using statistical analysis.

The persistence techniques we hunt for include the following:

MITRE ATT&CK Technique ID & Descriptions

These are just a few to list but we go much further with hunting if required. See the full Techniques Here

Compromise Assessment Involvement:

Compromise Assessment Value :

Compromise Assessment Product - A Written Report Containing:

A non-technical section with an Executive Summary for management and decision makers to help in their strategic planning, budgeting and prioritization.

A technical section covering:

Get in touch to learn more in detail about how we can support your cyber requirements.