Vulnerability and Threat Intelligence
Kuma will provide automated tools and manual analysis to uncover unique/obscure vulnerabilities that automated tools fail to detect, maintain an inventory of missing patches and systems/applications that have reached end-of-life status, harden operating systems and third-party applications, identify improvements for network segmentation, evaluate security monitoring and incident response capabilities, locate rogue devices in the environment, demonstrate the true business impact of compromise, expose deficiencies in authentication mechanisms, demonstrate return on investment of internal security initiatives, discover publicly accessible information that could be leveraged in targeted social engineering attacks, reveal gaps in data egress filtering, and obtain evidence for initiating organizational change.
Specific activities include the following:
Internal Penetration Tests
Kuma will conduct semi-annual internal penetration testing that simulates an attacker on the internal network, such as an insider threat or a compromised end-user system, that will actively exploit vulnerabilities and leverage configuration deficiencies to provide a tangible demonstration of the associated business impacts in clear, repeatable steps. Reports will be provided for the purpose of supporting certification activities.
External Penetration Tests
Kuma will conduct semi-annual external penetration testing that goes beyond standard host, service, and vulnerability discovery to uncover the vulnerabilities present in perimeter systems. Discover obscure web application vulnerabilities and identify potentially damaging publicly-available information via Open Source Intelligence Gathering (OSINT). Reports will be provided for the purpose of supporting certification activities.
Kuma will conduct wireless security assessments that consist of mapping the organization’s wireless footprint, analyzing authentication and encryption configurations, and evaluating the security mechanisms that secure the wireless environment. Reports will be provided in a format consumable for the purpose of supporting certification activities.
Logging and Monitoring
Logging on critical systems, applications and services will provide key information and potential indicators of compromise. Although logging information may not be viewed on a daily basis, it is critical to have from a forensics standpoint.
Kuma will oversee the automated quarterly vulnerability scanning of environments for known known vulnerabilities along with recommended fixes. The scans will assess the discovered ports and protocols for known vulnerabilities, missing patches, out-of-date operating systems, exposures to the internet and against a library of over 50,000 vulnerabilities. Reports will be provided for the purpose of supporting certification activities.
Disaster Recovery & Incident Response Management Program
Organizations need to be prepared to actively reduce their operational risk and respond in times of disaster, incident and/or breach. Kuma works in partnership with organizations to maintain strong security and privacy policies, institutionalize the role of the incident response team and maintain relevant and actionable disaster recovery and incident response plans. Specific activities include the following:
Disaster Recovery & Incident Response Plan Review and Enrichment
Kuma will review and enrich existing Disaster Recovery and Incident Response Plans on at least an annual basis. As significant changes or modifications are made to the organization’s systems and/or environments, Kuma will revise the Disaster Recovery and Incident Response Plans accordingly. Associated and/or relevant runbooks and checklists will be provided to augment the plans. Results observed and noted from the annual exercises will inform the annual revision of the Plans.
Kuma will facilitate, oversee and/or record the execution of an annual Disaster Recovery Drill. The drill-scenario will be agreed upon by Kuma and the organization. Kuma will provide a Disaster Recovery Drill Summary Report at the close of the exercise.
Kuma will facilitate and oversee the exercise of an annual Incident Response Tabletop Exercise. The Incident Response Tabletop scenario(s) will be agreed upon by Kuma and organization. Kuma will provide materials necessary to support the exercise. Kuma will provide an Incident Response Tabletop Summary Report at the close of the exercise.
Read more Kuma news and be sure to follow us on social to get the latest updates.