Stay on the front-foot and actively monitor your Internet presence against new threats

Actively respond to any deviation from your baseline

A common security practice is to perform regular vulnerability scans against internet-facing hosts by using automated vulnerability scanning tools. Apart from claims that most of these tools are marketed with, this approach result in large number of false findings and takes away understanding from genuine security risks. Moreover, as most in our industry can agree, automated scanning tools miss finding uncommon weaknesses in a complex or custom networks or applications.

In our Proactive Baseline Review service, we leverage a custom developed toolset to frequently test your Internet presence looking for deviations from your defined security baseline and monitor threat-intelligence feeds for new threats against your network or applications.

When new security issues emerge we manually review them then notify you only of genuine issues along with guidance for resolving the issue.

Our methodology®

Initial meeting to understand your environment, infrastructure, custom application, and technology stacks

Phase 1
Prepare

Define your acceptable baseline and customise our toolset to have thorough coverage of your environment and applications

Phase 2
Baseline definition

Execute regular baseline reviews against your environment and check for new threats, change in risk rating and deviations to the baseline

Phase 3
Monitor

Manually validate new findings and provide you with periodic reports. We notify you immediately for any risks as they surface

Phase 4
Report

Periodically fine-tune the toolset to respond to changes to your environment, risk appetite, and new attack vectors
Contact us to receive the full detail of our methodology.

Phase 5
Tune

Our focus areas

The following is a snapshot of our assessment areas:

Internet presence

Regular Whois, RIPE, DNS mapping and tracking of your company Internet presence

Reputation trackers

Check against blacklist/malware tracking of your IP address space

Information leakage

Monitoring for company wide information leakage via social media, password dumps, Dark web (Tor) etc.

Threat intelligence

Regular check against threat intelligence feeds looking for new risks for your environment

Web applications

Regular automated security testing to ensure your web applications aligns with best practices (OWASP Top 10)

Network & infrastructure

Checking for vulnerable and exposed network services against industry security practices

Why elttam?

A structured methodology built on proven best-practices (CAPEC, OWASP, OSSTMM)

A team with an established reputation and over a decade of experience

Tailored security services to fit any project or business

Providing services to global software companies and ASX listed enterprises

Made in Australia!

Contact us

Let's talk



Email us

hellome@elttam.com.au

PGP public key

Sydney

Suite 3, Level 27, 1 Farrer Place, Sydney 2000, NSW

Suite 3, Level 27, 1 Farrer Place, Sydney

(+61) 02 8004 5952


Melbourne

Suite 504, 365 Little Collins Street, Melbourne 3000, Victoria

Suite 504, 365 Little Collins Street, Melbourne

(+61) 03 9005 1058