IR is a hugely stressful operation at times. Emotion and bias must be removed from the operation in order to respond effectively, otherwise the whole task quickly moves off track and fails.
TLR has become very effective at programming IR operations and moving through the process rapidly whilst being thorough. Correct identification and containment of the threat is paramount, restoring critical services asap.
- TLR believes in a “use a razor, not an axe” approach.
- The framework, P.I.C.E.R.L underpins the approach.
- Prepare – Identify – Contain – Eradicate – Restore – Learn.
TLR has developed our own proprietary Security Orchestration and Automated Response (SOAR) system, dubbed the Phoenix.
A SOAR system is not a SIEM, but works closely with one where possible. A SOAR can provide alerting in its own right where required and the Phoenix is designed to do this.
The Phoenix works by deploying micro-services, providing leverage remote process automation, into critical assets, watching for threats to emerge in the system and acting to “heal” the asset, alerting back to SoC teams. When the alert comes, the operator knows to pay attention as something has occurred within the system that should not have happened, and the system has undertaken automated corrective action. The system is now asking the human operator to help. This all about making your SoC operators work smarter, not harder.
Managed External Vulnerability Scanning (MEVS). The MEVS system is designed to paint your organisation from the perspective of an outsider, and map your networks/systems accordingly. The MSS will check for configurations issues, vulnerabilities relating to these and provide the client with baseline reporting up front, with delta reports every month. Now clients can continually understand their forward facing potential vulnerabilities automatically on an ongoing basis.
Managed Security Services
Security is an ever-evolving concern in the current Cyber climate and will not stop evolving anytime soon.
TLR provides its technology stack through managed services arrangement where applicable and useful for clients.
The Phoenix SOAR and MSS solutions can be managed by TLR for clients if required. TLR uses deploy-able systems for these arrangements with the solution residing in client environments, managed by TLR staff remotely or onsite.
TLR has a dedicated team of highly skilled consultants who can work within client operations, focusing on skills transfer to client staff, raising their knowledge bar, whilst our team keeps raising their own. This process builds partnerships and continues to focus on the client getting better bang for buck in their consulting dollar.
Penetration Testing Services
Penetration and Vulnerability assessments are two different types of assessments of identifying real and potential holes in a network, application, or communications infrastructure.
Simulated testing will emulate the steps a real attacker with malicious intent, will perform to attempt to gain unauthorised access to your network. The results of these tests are then used to assist clients address the areas of vulnerability in a holistic manner. TLR will try to attack the client, where required and within bounds (there has to be bounds, we know), as close to real world as we can make it. We will try different methods, different tools and code, try to apply that out of the box thinking to the testing where we can.
TLR specialises in “Purple Team” engagements, emulating as close to real world as we can, and taking steps along the way through the engagement to bring the clients defences up to scratch if required.
TLR Communications provides comprehensive technical training services, including:
Bootcamp baseline course – gain an understanding of the basics of the Cyber problem, understand how the attacks happen, why and how you can be “less of a target”
Network Security and Incident Response – much deeper technical approach to IR. A tool-less approach focusing on using command line instructions, locally and remotely to perform IR, moving to writing your own tool kits. The course is focused very heavily on practical exercises, with ongoing IR drills that get harder throughout the course.
TLR has developed and written Company On-boarding Courses that run online that allow Companies to provide these courses to staff and contractors to raise their “Cyber Security” awareness, immediately impacting the client’s security posture. At the end of the day, Security of the domain starts with the users.
Cyber War Games
TLR Communications designs, builds and runs comprehensive and themed Cyber Games for clients.
TLR has done this for an Australian Federal Government Department—the Department of Human Services, now Services Australia—for the last 4 years. The games started as an annual exercise in 2017, running over multiple days. The games progressed and evolved through 2018 and 2019 with the themes carrying through but changing tact each year. 2020 was postponed… no prizes guessing why.
TLR also build and runs smaller half day or full “Red vs Blue” exercises and provides this capability into the Department of Defence and Services Australia.
TLR has found these games and exercises to be amazing teaching tools: fun, difficult and requiring out of the box thinking. They have proven to broaden players thought processes and get them re-engaged to the Cyber problem.