The Malware Intrusion Audit (MIA) evaluates existing defences against phishing introduced malware.
Malware introduced through phishing emails differs in function, but all phishing malware takes a predictable path to execution on a network. The Malware Intrusion Audit evaluates defences along that path and provides actionable recommendations.
Phishing emails remain the primary mechanism for Malware delivery. The Malware Intrusion Audit uses a scientific, measurable, and detailed approach to evaluate your company’s defences against malware intrusion through email technologies.
The Malware Intrusion Audit identifies what technologies are performing well at the desktop/server level and across the inbound and outbound points of the network, and highlights the ones that require tuning. These technologies include: file extension handling, port filtering, MIMES, Type Checking, Anti Virus, Application Whitelisting, and Proxy Filtering.
How can we help?
The Malware Intrusion Audit operates in three discrete phases:
1- Mail Gateway Assessment
We will send over 300 customised non-malicious packages to a dedicated email address within your organisation. Using different file extensions, MIME types and other techniques, the packages will attempt to bypass your mail gateway restrictions to assess the anti-virus, anti-spam, content filtering and file filtering restrictions.
2- SOE Assessment
Using your standardised pre-built SOE hosts and the successfully injected packages, we will then execute the packages that circumvented existing controls. This will test the SOE’s controls, antivirus, and application defences. The packages that were successfully executed will be used as an input for the final phase of the audit.
3- Egress Filtering
At this stage we will identify the executed packages that were able to connect to our central Command and Control centre. The aim is to test the outbound infrastructure (firewall rule sets, proxies, SIEM and Analytics platforms, and outbound antivirus systems) against external Malware connections.
Shearwater offers in-depth executive and technical level reporting. The report will list vulnerabilities prioritised according to risk level for the internal security team. The report also provides access to mitigation strategies to immediately reduce your organisation’s overall risk.
Our post engagement follow-up is an additional benefit that allows clients to ask questions, or seek guidance on issues referred to in the Malware Intrusion Audit report.
Benefits to Your Organisation
- Reduce the risk of scams and malware proliferation.
- Test the scanning of inbound and outbound email and web communications for anomalies.
- Test the effectiveness of log management and correlation tools in detecting events that may represent a threat.
- Close the path of advanced malware to your systems. Sophisticated malware, such as polymorphic malware, becomes hard to detect once inside the network.
- Justify the investment in hardening defence systems.
- Evaluate your susceptibility to attacks from Command and Control Communications.
- Get an independent assessment of the depth that a phishing attack can go in your organisation.