Infrastructure Maturation service is a package service that includes many services. This package includes 4 basic services such as Forensic Analysis, Incident Response, Penetration Testing and Contingency Plan. In the event of a forensic incident within the scope of the service, services such as incident response and numerical evidence analysis are used to answer many questions such as the dates of the incident, the details of the incident, which systems were affected, how the incident was carried out and which user accounts were used. After the incident is clarified, it proceeds to the corrective/remedial activities step. In regulatory activities, the current state of the corporate network infrastructure is examined with penetration tests, and weak systems and incorrect configurations are reported.
Then, an emergency action plan is prepared and it is determined how remedial activities should be and which priorities investments should be made with. Thus, it is aimed to mature the corporate network infrastructure and increase its resistance against cyber security risks.
Incident Response Service
Incident Response and Computer Forensics services are the services that require a cyber incident investigation or a forensic investigation on an information system in cases that need to be investigated within the organization. The stages of detecting, obtaining and analyzing numerical evidence on these systems will be carried out by professional teams, and the supporting elements for the events that need to be transferred to the judicial processes will be specified with the report to be presented.
The main topics regarding the services to be provided in this context are as follows
- Forensic analysis on computers
- Forensic analysis to be performed on the network
- Incident Response service (Remote)
- Incident Response service (Onsite).
A forensic analysis and incident response study will basically consist of the following steps. These steps will be followed regardless of the type of case examined, and the operations and analyzes to be performed within these steps will differ in each case type.
Forensic Analysis
At this stage, a number of preliminary analyzes will be made in order to determine whether the suspicious event (information theft, breach of authorization, hacking, etc.) has occurred.
Where these analyzes will be carried out will be directly related to the suspected event, and the first intervention step will be started after the possibility of the suspicious event has taken place. The main priority in this step is to take the necessary measures to prevent all activities that may damage possible evidence.
Then, possible evidence will be identified, collected and preserved until the analysis stage. If necessary, in this step, with the approval of the customer, also a live review will be performed on the relevant systems. Since the information obtained as a result of the live inspection will have the quality of evidence, the customer will be informed instantly. In cases where live examination is required, digital evidence will be collected, and if necessary, the image of the computer's memory will be taken at this stage in order to perform memory analysis on the suspect system with the customer's approval. After the live review process is finished, the system will be shut down and the hard disk image will be taken.
Images taken at the scene will be kept in disk units or storage brought to the place of incident response by the customer.
After the digital data, which have the quality of evidence, are obtained and preserved in accordance with the characteristics of the evidence, analysis will be made.
Penetration Testing Service
Within the scope of this service, “penetration/penetration” test service will be provided twice a year (every 6 months) within a one-year period within a specific and pre-planned program with the customer. Within the scope of this service, the security of the IT infrastructure will be tested by performing penetration tests from outside to inside, from inside to inside and with social engineering methods. Thus, before an attack occurs, possible entry points will be identified and these weaknesses will be eliminated. This service includes the following service titles as a minimum.
- Data Collection
- Network Mapping
- Enumerating
- Vulnerability Detection
- Exploitation
- Upgrade Rights
- Web Application Security Tests
- Client Side Penetration Tests
- Decommissioning Tests
- Database Vulnerability Tests
- Wireless Network Penetration Tests
- Validation Check
Issue of Security Contingency Plan
In order to provide the above-mentioned services in a healthy way, it is essential that the IT infrastructure within the institution/company works as smoothly and safely as possible. In this context, we recommend the study called “Security Contingency Plan”, in which we identify what needs to be done and detail the steps to be followed in order to maximize the functionality and security of the IT infrastructure of the institution/company.
Within the scope of this study, the steps to be taken and the projects to be done in order to make the IT infrastructure within the institution more secure will be determined and coaching will be provided at the point of the implementation of these projects within a certain plan. This study consists of the following steps.
- Identification of existing technical controls within the organization
- Developing an emergency action plan
- Prioritizing the project steps and planning the implementation of what can be done in the first step
- Determining the products and solutions of the projects planned to be realized in the medium term
- Identifying the deficiencies of the monitoring and alarm infrastructure and generating the required alarm conditions