Looking for intrusion analysis?
Nettitude is able to support organisations identify suspicious activity across their estate. This can be achieved by installing network probes or taps in to the infrastructure and monitoring strategic vantage points for malicious traffic. Nettitude partners with a series of SIEM providers as well as network anomaly detection organisations to implement cyber incident detection technology in to client estates. We can then proactively monitor these devices, or provide a call-off service to support an organisation when they think they are experiencing anomalous network or device behaviour.
Nettitude triages the incident, to ensure that the impact is appropriately managed. During the triage phase, Nettitude identifies what has occurred, what it is has impacted, and categories its impact according to its disruption to confidentiality, integrity and availability. The triage phase results in the incident being allocated to an appropriately skilled incident handler that is able to look at host based and network born data sets.
A key element of the incident handling process is to record all aspects of the incident, including malware heuristics, root cause analysis, Indicators of Compromise (IoC) and any identified attacker TTPs. Nettitude maintains an extensive incident library, that contains in excess of 100,000 unique malware samples. Through our global honeypot network, we have gathered IoCs and TTPs of many emerging threat actors and all of this data is combined with one another to build a comprehensive incident response data repository. During the reporting phase, Nettitude generates clear and concise documentation for the organisation to detail how the incident occurred, what it impacted, how it was contained, and what changes need to be implemented to prevent future attacks. This can be tailored to both technical and executive audiences according to individual client requirements.