Subido por P0ch1t4

Resecurity (Risk) - User Manual

Anuncio
RISK
User Manual
1
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Table of Contents
Table of Contents ................................................................................................................... 2
Tabs Description ..................................................................................................................... 3
Add company ...................................................................................................................................3
Digital Assets (Mapping) ................................................................................................................. 12
Digital Assets (Description) ............................................................................................................. 14
Geography...................................................................................................................................... 27
Digital footptint .............................................................................................................................. 30
Tips/Recommendations.................................................................................................................. 32
Support Request ............................................................................................................................. 34
User Profile .................................................................................................................................... 35
Risk Indicators .......................................................................................................................37
Dark Web ....................................................................................................................................... 37
Network Hygiene (IP Reputation) ................................................................................................... 40
Botnet Activity ............................................................................................................................... 44
Data Breaches (Compromised Credentials) ..................................................................................... 46
Threat Actors.................................................................................................................................. 47
2
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Tabs Description
Add company
After the authentication is completed, the next key step will be to add an organization (company)
for further monitoring by clicking “Add Company”:
Monitoring process is based on analysis of the source data describing digital footprint of
particular organization (domains, networks, etc). That’s why the Operator should define the set
of signatures describing the Company. We recommend to focus on domain names as a priority.
Clicking “Add company” link, next details need to be fulfilled:
•
Company name;
The company name should include the full company name, which will be under digital risk
monitoring. This field is mandatory.
•
Separate domain name;
The domain name is the address of the website that can be typed in the browser URL bar to
visit the website. Please write the domain name or import it from file. This field is mandatory.
•
Network information (IP or Network Range);
The Network Information enables web applications to access the underlying connection
information. Please write the network information or import it from file. This field isn’t
mandatory.
•
Add extra;
3
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
You can also add intellectual property markings, executives, key staff, and other criteria for
further digital risk monitoring. This field is not mandatory, but it will definitely help to increase
the accuracy of monitoring and to improve targeting on your enterprise.
•
Description;
Please, add any information to the field that you suppose could help the monitoring process and
provide better targeting to the enterprise environment. This field isn’t mandatory.
4
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Add Extras
By clicking on Add extras link, you may choose to add information to the next fields for risk
estimation. Please, note adding extras is not mandatary field, but it will help you to increase the
range of monitoring data and will provide you detailed information on the chosen sub-category.
Next sub-categories may be chosen:
•
Custom;
Define your own criteria and multiple subjects of interest manually using the wizard.
•
Anti-Piracy;
It will target monitoring on privacy sources, such as illegal WEB-sites, P2P networks, torrent
trackers, alternative content repositories and unauthorized media resources, violating your
content licensing conditions and T&Cs.
•
Dark Web Monitoring;
Effective monitoring of Dark-Web, search of defined subjects of interest or your company details
on cybercriminal resources and various communication channels widely used for illicit activity
(TOR, I2P, Freenet, etc.).
•
Operations Environment + Social Media;
Monitoring of a particular brand and its digital footprint exposed on the Internet (brand name,
known domain names, corporate network pools, e.g. IPv4/IPv6). It is ideal for comprehensive
risk-scoring tasks and security posture assessment of your enterprise.
•
Incident Response;
Your first assistance in post-incident investigations based on source intrusion sets, threat actor
details, known indicators of compromise (IOCs).
•
Social Media Monitoring;
It initiates monitoring only on social networks, such as Facebook, Linkedin, Twitter and works
best for OSINT, brand protection and social media analysis.
5
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
•
Threat Actor Monitoring;
It targets monitoring on a particular threat actor or/and group of actors (nickname/alias, contact,
other known signatures). Typically used by investigators and intelligence analysts for attribution
research and threat actors profiling based on the source data.
After, the sub-category is chosen, it is essential to define risk estimation criteria based on
selected template. You can import data for each parameter or enter lists manually.
The templates include next criteria:
6
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Brand Names may include the company brand names and its digital footprint. They will
be monitored on cybercriminal resources to either search of defined subject or prevent using the
brand name for illicit activity. Several brand names can be added to monitor.
Emails may include known emails of company employees. The emails will be monitored
on the data leaking and the source, identification (e.g. dark branch, dark web, botnet, etc.) and the
risk score will be placed after the threat is evaluated.
IOC will be deleted.
Actors may include the information about specific threat actor or a group of actors to
provide threat actors profiles to the investigators and intelligence analysts for research. The
nicknames, alias, contacts and signatures may be used to fulfill the field.
Signatures may include the raw on which monitoring of the actors will be provided.
Otherwise, the signatures may include the part of code to prevent data leaking.
TTPs will be deleted.
BINs may include the bank identification numbers provided at the credit cards, chosen for
monitoring compromised data avoiding its appearing in the dark-web.
Executives may include key person full name, who will be monitored in OSINT sources
to either create the profile list from the found sources or to prevent the personal data leaking in the
dark web.
Code identifier may include the part of code based on which monitoring of data leaking
from the repositories are conducted.
Server names/formats may include the server address to follow the data leak or
cyberattacks on the server.
Indicators of customer data may include any customer data, when investigating the data
leaking or defining the potential risk level.
Point - of - Sale Identifiers may include a critical channel data, where financial transitions
for goods and services are executed and where data leaks and cyber threats need to be monitored.
Key members of staff may include key stakeholders, which information can be under
threat of data leaking or should be monitored at the OSINT sources at web.
Data Leak Protection (DLP) identifiers may include part of code identifiers to be
monitored at the dark web.
Specific documents marking may include any mark used by the enterprise to mark the
documents to monitor from the data leak.
Commonly used documents titles may include document titles by which documents
leaking can be identified.
Anything else that is unique may be used to monitor the confident information and
prevent data leaking or defining the tips how the data can be protected.
Git search phrases might be added, based on which risk monitoring will be conducted.
7
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
8
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
9
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
10
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
11
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The sub-category can be changed in the appropriate field. The template is the same for each subcategory and all the data fulfilled will be saved, even if you decide to change the sub-category.
Digital Assets (Mapping)
Based on the information provided in previous steps, the assets, which may be of interest for your
search/monitoring will be identified. If you find them valuable to target or to define the risk
monitoring, please select them from the list below.
The suggested assets may be the following: domains, emails, associated IPS, which could expand
risk monitoring. Similar domains may be checked or exported to target the search. In addition, the
system will suggest you the similar domains that can be corresponding to your target company.
Otherwise, you could skip the step and continue with notifications settings.
12
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
13
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Digital Assets (Description)
The digital assets include the domain name, number of findings and reputation risks divided on
domain names, emails and actors. You could choose any specification from left, so anchor links
will provide you to the corresponding information.
The asset could have two positions that are enable and disable. The asset is enabled, when the risks
are under monitoring, so that it is displayed green at the screen. When the button near the asset is
grey, it means no monitoring is conducted, and the asset is disabled. Besides, you could export the
report on the specified asset, it will be prepared at the csv form and include email, username,
password, password hash, salt, ip, date, source name. info, etc.
14
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
If there are many assets, you can manage selected items by choosing the items and clicking on the
two tips. The assets can be chosen based on the options: export to the report, disable, enable or
delete.
Please note the deleted items will not be monitored and the information on the assets will be
discarded. By clicking the “ + “ sign, you will be able to add the asset and corresponding subject
of interest.
As well as the other tabs, digital assets will provide the opportunity to select appropriate blocks
and to generate the report.
15
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The button generate report will help you to choose the blocks, based on which the report will be
generated in PDF and other formats.
Notifications Settings
The last step will be setting your preferences, while risk estimation will be started right away.
Currently the system supports only the notifications, which can be sent via email.
My Portfolio
The profile will provide you overall information on the digital risks based on the multiples
companies you have added. Their domains and their IPS address can be seen in the profile. You
may use the search bar to find an appropriate company, added before to your profile.
Multiple companies can be added to keep an eye on all digital risks of your business activities.
After you add a company, you will get notifications when new risks will be detected.
16
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Each company gets its own risk rate based on overall risk assessment. You can archive company
to stop risk monitoring, but still have access to all collected data. Once you delete or stop the
company from your portfolio, all data will be irrevocably deleted too.
The historical findings risk graph is available at the company profile with notifications on new,
high, medium and low risks.
A new subject of interest or asset can be added by clicking “+” button. If you decide to add the
assets, please chose the subject of interest and corresponding assets. Several assets can be added
to the field. When everything is ready, click “Add” button to submit the new assets to the system.
17
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Besides, you will be able to generate the My portfolio report in case you want to share or print
the information on companied from your portfolio list. It can be possible by clicking by the
Generate report button.
The provided report can be saved in pdf, shared by the link or QR code.
18
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Company profile
Under the company name, you are able to find the risk-rating matrix, which will help you to identify the
threat indicator. The lowest to the alphabetical list the letter is, the higher the risk treat was identified.
Risk ratings descend from A to F as the severity and number of threat indicators increases.
A – C rating indicates that Resecurity Risk has detected several problems that could affect the
security of your enterprise. Please review the risk indicators identified. Any new incident cause this rating
to go down, you will be notified in a timely manner.
Companies with a D or F rating are 5.4 times more likely to be victims of data breaches than those
with an A or B rating.
The number of domains, IP address, digital assets ad identified risks can be viewed in the company profile.
As well as tips that will help you to improve your secure response and lower your global risk score.
At the top of the page, you will be able to change the name of your company, if it is necessary. In addition,
to check, whether the company is under monitoring/watched or stopped, this setting can be changed
both at the Company Profile and My Portfolio pages.
The number of domains, IP addresses, digital assets and identified risks are presented at the block after
the risk –rating description. So that, overall assets are specified and will be described in more details at
other tabs. Please look at the navigation bar Risk Indicators, Geography, Digital Footprint, Quick tips,
Digital assets for specified information.
The findings are presented by the risk category such as data breaches, network hygiene, dark web, botnet
activity, cloud security, miscellaneous risks can be found out at the page.
At the Risk Change, it is possible to find out the change logs with the risk identifiers and it’s explanation,
reflected at the time-line. Clicking to the see all, you will be redirected to the Risk Indicators, including the
pie chart with the tendency to each of risk category. By clicking on the pie chart, you will be able to see
number of critical, high, medium, low incidents at the corresponding risk description.
19
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
At the Risk by Categories, it is possible to analyze the level of threat in each risk category, as well as
number of threats. Clicking to the see all, you will be redirected to the Risk Indicators.
The Risk Change can will provide data history on the time –periods in years. Clicking on the picks, you
will be able to the risk –rate and the date. The newest risks are shown at the right column with the date,
increase points.
20
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
If you want to get more detailed and later information on risk changes, please click “See all” link and you
will be redirected to the Risk Indicators page.
Risk by Category, will provide you the number of total findings, divided by source, high, medium and low
risks level. If you want to get detailed information on each the risks in the appropriate category, click on
the risk category and you will be redirected to the Risk Indicators pages filtered by the chosen category.
Quick tips will help you to increase accuracy and gain more comprehensive monitoring result. The list of
tips will identify how to view more detailed summary and improve your secure response and lower your
global risk score.
21
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
If you would like to see more information on the Quick Tips, click on the “See all” under the Quick Tips
block and you will be redirected to the Quick Tips page.
By clicking the Generate report button at the company profile page, you will be able to choose
the blocks, based in which the report will be generated.
Choosing the blocks, you will be able to get the report in pdf format. The report can be visited by the
link or copied to the paper documents.
22
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Navigation
After all information is clear, please go to the navigation and click on “Select company” button.
There you will be able to choose either to add a new company, which will be presented at your
portfolio. So that, you could choose between your companies in portfolio on which to get the
detailed information on risk monitoring.
23
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
When you chose the company, the following navigations tab from the left of the screen will help
you to get information on main risk sources. There are risk indicators, geography, digital
footprint, quick tips and digital assets. By clicking on the special tab, you will get corresponding
information on the specified asset.
If you click on the company name, which is located right after Resecurity logo, you will get the
ability to “Add new company” to the Profile or to choose between two companies, as it is at the
example AMG and BDO.
If you click on the Resecurity logo, you will be redirected to My Portfolio page.
24
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Let’s start from the first tab Risk indicators and investigate the assets there.
Risk Indicators
The risk indicators page includes the overall list of data breach detections by the score, risk
source, record date and detection date.
25
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
You could chose the certain detection and get detailed information on date, id, username,
password. Also, additional information such as first name, last name, host, birth day, sex, city,
tel. country code, tel. area code, tel. no, headphone country code, headphone no may be found
out.
You could search on the appropriate data branch, based on botnets, threat actors and dark web.
The total number of all detections are specified, including the viewing all new threats. If you click
on “New” button, only the threats found during this day will be provided on the list.
26
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
In addition, you are able to choose the exact threat on which the report should be generated.
The report could be generated in scv or pdf formats.
Clicking on the “+” button, new subjects of interests or assets can be added.
Geography
By choosing the geography tab, you will be able to see the domains and their location at the
world map. Clicking on “Add Domain” or “+” buttons, you will be able to add the asset and the
subject of interest.
27
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The appropriate domain can be found through the search bar and chosen to be defined at the
world map.
The highlighted areas are those ones, where monitored domains are located. By clicking to the
specified area, you will get the exact number of domains found in that area.
If the area is dark, it means that Resecurity have not found the domains or IPs foot there.
Georgraphy breakdown will help identify the domains, based on the amount of findings and
sorting by the country. The risk score is also specified as high, medium, low. So that, you will get
the asset domain, IP address, the country where the asset is located and their risk level.
28
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
If you want to get detailed information, you could click on the asset and chose “ Export details”
function. So that excel file with the specified information on the asset will be downloaded. The
file will include data on username, email, password, password hush, salt, ip, source name, info.
In addition, you are able to generate report, by choosing the blocks and getting corresponding
information.
29
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Digital footptint
The digital footprint includes the domains name that are monitored, based on their digital footprint
located all over the world. The search bar can be used to specify the domain name, you are
interested.
The records detected consists on the recourse address, full company name, country name, SLL
certificate and support SSLs version. Http protocol also may be found.
If you click on the asset to get the detailed information, you will get next overview:
• resource address;
• country name;
• organization name;
• ISP;
• last update;
• ASN;
• host names.
30
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The location of the company will be provided on the google map. You could use “+/- “ buttons at
the card to impact the card size and manage your navigation through the map.
Technologies description and port services will be specified under the map.
31
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
In addition, you are able to generate report, by choosing the blocks and getting corresponding
information.
Tips/Recommendations
The tips will help you to increase accuracy and gain more comprehensive monitoring result. Also, to
view detailed summary and improve your secure response and lower your global risk score.
32
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The tips will include new ones provided during the day and archived. They are rated by the risk
score to define their importance, category and date, when the tip was provided. The tips are divided
by the categories to provide the information on how to improve your secure response and lower
your global risk score.
In addition, you are able to generate report, by choosing the blocks and getting corresponding
information.
33
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Support Request
If you have questions and need help from our Support Center, create the support request. It is
possible by clicking to circle from the right at the navigation panel.
Afterwards, Support page would be open and provide you with the following information. Please
fulfill the form with as much information as possible and submit the request.
If you click on the ring, than you will be able to see the history of your request/ticket and
corresponding information on each ticket.
The tickets number with the correspondence will be provided to you. In case you decide to click
on the “How we can help” link, you will be redirected to the “How can we help form”. So that
you could create a new request and get help from our Support Center.
34
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
User Profile
In case you have to change some information at your profile, please click on the last item at the
left navigation bar. The is a circle with your photo and first letters of first and last names.
If you click on any items from the list, the corresponding settings will be available to adjust.
By clicking on Profile, you will be able to upload photo and add first name and last name. The
language can be selected from two options, such as English or Vietnamese.
35
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
By clicking on Password link, you will be able to change the password. Please enter a new
password and confirm it. The password cannot be blank and confirmed password should be the
same as the upper password.
By clicking on Authentication, you will be able to monitor whether two-factor authentication is
enabled or disabled.
If you click to the status, you will be able to change settings from enable to disabled. By default,
the status for two-factor authentication is enabled. So that, if you want to disable it, you will need
to generate one-time password secret.
36
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
After you entered a one-time password, the two-factor authentication will be disabled.
If you would like to enable two-factor authentication again, the procedure with generating a new
time password secret will need to be conducted again.
Risk Indicators
Risk platform collects various cyber risk indicators and presents them in human readable form
with proper interpretation. The key categories of risk indicators are described below.
Dark Web
Effective monitoring of Dark-Web will search of defined subjects of interest or your company
details on cybercriminal resources and various communication channels widely used for illicit
activity (TOR, I2P, Freenet, etc.).
37
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Dark Web Indicator will include the list of detections that can be under the threat of cybercriminal
activity. Each detections will consist of list of sources, where the risk was found, the risk score
and record date. This data means the date, when the risk to the item appeared at the web. Detected
On will provide the data, when Resecurity found the detection.
If you would like to get the detailed information on the record id, source, latest activity and
relationship graph of the detection, please click on it at the raw.
38
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
The relationship graph will show connections between actors profiles, e-Crime library, IP, emails,
Activity by IP, IP2GEO.
39
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Network Hygiene (IP Reputation)
This category of risks describes indicators related to malicious network activity originating from
or outside of company network based on the defined/identified network ranges or IP addresses.
40
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Such indicators may include:
- malicious network hosts;
- network hosts involved in hacking activity;
- network hosts involved in mass-scanning;
- proxy or socks servers deployed by threat actors;
- underground VPN services;
- suspicious hosts presumably used for malicious purposes;
- bulletproof hosting and hosting providers with illegal content;
- network hosts which have been recently compromised and there is a high probability of hosting
malicious content on them for further distribution.
The information about such network hosts will be available in Risk Indicators listing:
41
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Each record has the following set of fields:
- malicious or potentially suspicious IP;
- source (original source of risk-score, such as threat intelligence feed);
- risk score (low, medium, high);
- record date (original date of when this information has been identified)
- detected on (date of detection in context of monitoring of the company).
By click on particular record the operator may see more detailed information about the IP
including historical details:
42
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
In addition to information from various threat intelligence feeds, you may see possible hits
coming from Dark Web, Passive DNS and other sources:
43
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
This information allows to analyze particular IP (-s), as well as the security of the company
network (if it has been compromised or infected with malware).
Botnet Activity
A botnet activity refers to information group of computers, which have been infected by malware
and have come under the control of a malicious actor. Botnets can be designed to accomplish
illegal or malicious tasks including sending spam, stealing data, ransomware, fraudulently clicking
on ads or distributed denial-of-service (DDoS) attacks.
Botnet will consist on the list of detections with the source, where it was found, risk score, record
date and detected on date.
44
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
If you want to get the detailed information, please click on the raw. So that you will get data on
data, IP, Bot Country, Machine ID, hostname, botnet, address, request type, software, raw info,
bot info, bot files, download bot files.
The bot files includes name, data and ability to download file in txt format.
45
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Data Breaches (Compromised Credentials)
Data breaches will include all the detections found on the subject of interest or you company.
The data will include the source (username, password), source, risk score, record date and
detected on date.
If you click on detection, so you will get the detailed information on date, id, email, password.
46
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Threat Actors
It targets monitoring on a particular threat actor or/and group of actors (nickname/alias, contact,
other known signatures). Typically used by investigators and intelligence analysts for attribution
research and threat actors profiling based on the source data.
The threat actors’ detection will include the list of detection, result (username, email, password),
source, risk score and record date (when the issue appeared / or identified in Dark Web) and
detected on by Resecurity.
47
Copyright 2020 Resecurity®
Confidential
Prepared for Claro Colombia
Descargar