Vulnerability Management Training 4

1
SECURIUM FOX offers cyber security consultancy
services with its expert and experienced team. We
are providing consulting services to prevent
cyber attacks, data leak and to ensure that our
customers are ready and safe against cyber
attacks, with more than 15 years of
experience.In addition to pentests and
consulting services, SECURIUM FOX prepares its
customers and field enthusiasts for real life
scenarios by providing trainings in the lab
environment which was prepared by themselves,
with its young, dynamic and constantly following
team.Everytime that hackers are in our lives,
there are always risks that we can face with a
cyber attack. Over the years cyber security has
become a critical precaution for all
organizations and companies after the effects and
number of attacks. SECURIUM FOX tests the weak
points of customers for possible attacks and
provides consulting services to eliminate these
weak points.SECURIUM FOX team also offers
support for the development of our country in
this field by supporting free events being
organized as a volunteer by the Octosec team.
ABOUT US
2

• VULNERABILITY MANAGEMENT

3
Threat and Vulnerability Management

• Policy Statement
• This control procedure defines the Universitys
  approach to threat and vulnerability management,
  and directly supports the following policy
  statement from the Information Security Policy
• The University will ensure the correct and secure
  operations of information processing systems.
• This will include documented operating
  procedures the use of formal change and capacity
  management controls against malware defined use
  of logging vulnerability management.
• The University will use a combination of internal
  and external audit to demonstrate compliance
  against chosen standards and best practice,
  including against internal policies and
  procedures.
• This will include IT Health Checks, gap analyses
  against documented standards, internal checks on
  staff compliance, and returns from Information
  Asset Owners.

4
Control Statements

• 1. Protective Monitoring
• Perimeter security is detailed in Communications
  Security.
• Within the network, Security Information and
  Event Management (SIEM) tools uses AI / machine
  learning to identify threats that have avoided
  perimeter detection. Logs are generated, stored
  and monitored according to Log Management and
  Forensic Readiness.

5

• 2. Client anti-malware
• All University-managed clients (Mac and Windows)
  run endpoint protection. This is centrally
  managed by the Deployment Solutions team. Updates
  are pulled to a management server and clients
  check for updates every ten minutes. Where
  signatures are released to address a critical
  threat, the updates can be deployed at short
  notice and outside of normal schedules. Where
  clients cannot contact the University management
  server, after five failed attempts they will
  revert to pulling updates directly from Sophos.
• Malwarebytes end point security is installed on
  each managed device for real time protection
  against malware, ransomware and additional
  malicious website protection. It detects and
  removes malware in real-time and also runs a
  local scan of the device daily. The update
  frequency is every 10 minutes on the server.
  Clients are configured to check in with the
  server every hour. Should they not be able to
  contact it (if the device is at home) then it
  will go out to the internet for the update.

6

• 3. Server anti-malware
• All Windows servers on the University network
  currently run Sophos endpoint protection or Trend
  Micro if within the NSX environment. These update
  as new signatures are made available.
• 4. Vulnerability scanning internal
• Vulnerability scans will be performed weekly or
  on request by the Network Security team using a
  dedicated service running up-to-date plugins via
  a business subscription. Scan results are
  distributed to operational teams for remediation
  according to criticality, based on the Common
  Vulnerability Scoring System (CVSS). The
  Information Security team will oversee the
  remediation of Critical and High vulnerabilities.

7

• 5. Vulnerability scanning external
• The University will use external vulnerability
  assessments to supplement its internal
  capabilities. There is no fixed schedule or scope
  for this, but it is good practice to undergo
  annual penetration testing of at least key
  external-facing services, and to penetration test
  new systems or significant changes to systems as
  required. Decisions to use external vulnerability
  assessments will be made and authorised by the
  Information Security team. Use will also be made
  of automated tools, such as NCSCs Web Check.

8

• 6. Software versions
• Where possible the University will run the latest
  stable version of software, and no older than the
  previous version provided that it remains
  supported, in order to maintain stability,
  supportability and security. Where compatibility
  issues prevent running the latest version, the
  University will prioritise upgrading or replacing
  the component causing the compatibility issue,
  and the residual risk will be documented and kept
  under review. Where legacy systems have to be
  tolerated, reference should be made to the
  National Cyber Security Centre guidance for
  securing obsolete platforms. Where there is no
  appropriate treatment, ISDS reserve the right to
  disable software and services deemed to present a
  significant risk to the Universitys systems or
  data.
• A list of approved versions of key software
  such as operating systems, databases, web
  toolsets and browsers is maintained by the
  Information Security team.

9
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com

10

• info_at_securiumfoxtechnologies.com
• Andhra Pradesh Office
• 91 8666678997,91 91652038194
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
  wada,
• info_at_securiumfoxtechnologies.com
• UK Office
• 44 2030263164
• Velevate, Kemp House, 152 - 160,City Road,EC1V
  2NX
• London
• info_at_securiumfoxtechnologies.com
• Tamil Nadu Office
• 91 9566884661
• Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
  620019
• info_at_securiumfoxtechnologies.com

• Noida Office
• 91 (120) 4291672, 91 9319918771
• A-25, Block A,
• Second Floor,Sector - 3,
• Noida, India
• info_at_securiumfoxtechnologies.com
• USA Office
• 1 (315)933-3016
• 33 West,17th Street,
• New York,
• NY-10011, USA
• info_at_securiumfoxtechnologies.com
• Dubai Office
• 971 545391952
• Al Ansari Exchange, Ansar Gallery - Karama
  Branch, Hamsah-A Building - 3 A St - Dubai -
  United Arab Emirates