While BHIS excels at testing and evaluating security programs, we also work with our customers to further enrich and develop their internal detective capabilities.
The goals and objectives of the defensive services include a number of products designed to suit an organization taking their first steps into the realms of attack detection or even the most advanced defenders looking to bolster their security posture.
Below are just some of the defensive offerings we provide:
How often does an incident responder get the chance to interact, ask questions, and challenge the attackers they see day to day? Knowledge sharing isn’t usually the basis of interaction between Blue Teams and APT actors. This is where Purple Teaming comes in.
Purple Team Exercises revolve around the concept of merging blue team detection exercises with red team knowledge and tactics in order to exponentially increase the effectiveness of blue team detective capabilities that would otherwise require the unfortunate circumstances of recovering from a real breach.
With extensive experience on the team in both Red Teaming as well as Incident Response, Black Hill Information Security is uniquely positioned to provide real-world scenarios. Purple Team Exercises will utilize the same tactics, techniques, and procedures (TTPs) as real adversaries with one-to-one interaction with the BHIS team and the DFIR / Blue Team at your company. In these interactions the BHIS team will perform the TTPs with active communications to your company, explaining what was attempted, suggesting what might be detectable or seen on the defender side as well as suggesting possible rules or detection opportunities.
For our Hunt Team Operations Center (HTOC) service, BHIS analyzes egress pre-network address translation network logs for regular analysis and alerting on beaconing and/or possible malicious activity. Due to today’s compliance/privacy driven environments, only network metadata will be sent to the HTOC for analysis by the BHIS HTOC team. This data we collect includes TCP/IP/UDP header information, HTTP(s) session information DNS queries, and other network traffic statistics. The header and statistical information we collect is important because, with regulations like GDPR and HIPAA, personally identifiable information stays private. We do not need nor want full content data.
Atomic Controls Assessment
The Atomic Controls (AC) evaluation is designed to measure and consult on an organization’s security posture against controls observed to be highly effective during BHIS testing engagements. Implementation of these controls provides an organization with defenses that hamper an attacker’s ability to move freely within an environment when compromise occurs. In addition, the blue team will gain the advantage of increased visibility to identify, contain, and eradicate threats from the environment in a timely fashion.
Network Operations – Active Directory Consult
Black Hills Information Security will review the organization’s Active Directory Architecture with a focus on critical vulnerabilities, best practice alignment, privacy concerns, and identification of potential architecture and group policy improvements. BHIS will recommend adjustments to the existing architecture that are designed to yield an increase in overall security posture and effectiveness of the Active Directory Environment.
BHIS Expert Support Team
BHIS understands the complexity and challenges of operating multiple technology solutions in a business environment. To support your Business Operations, leverage BHIS’s Expert Support Team.
The BHIS Expert Support Team has multiple offerings. The first is a Q&A service in which our highly-skilled, broad-spectrum team will support your business by answering questions ranging from OT/SCADA/IoT to Incident Response and Secure Development.
The second offering is a post-compromise support service. Whether it be helping to absorb a BHIS pentest or red team reports into the corporate change control process by working with the ticketing system and teams to perform the fixes, or after an actual breach, helping to understand the next steps once the clean up is finished. BHIS has the expertise to augment your staff temporarily.