Search

GTconsult
A Team 

Protection

Hire a hacker and mitigate your company’s security risk with the cover of A Team Protection.

"..having met with GTconsult and been impressed with their CEO and various service offerings, it was an easy decision to bring them onboard as a trusted partner." - Eugene Van Der Lingen, CAPRISA
2018-10-11T13:17:56+00:00

Why is there a need for A team Protection?

In terms of A Team Protection, cyber security is no longer a growing concern. It is a clear and present danger that needs to be top of mind in all business transactions, culture and planning.

Database breaches and dumps are a sign of the times that we live in, and believe me when I tell you that it effects everyone not just the big guys that get the marketing coverage.

Here is a list of recent breaches in South Africa, UK and USA.

South Africa
Viewfines a small business in South Africa that facilitated traffic offenders the opportunity to pay fines online had their entire database leak online.  Their business has since been closed.

Masterdeeds was a database that was leaked online that contained most South Africans born since 1940 ID numbers, email address, home address and other information.

The company responsible is called Dracore Data Sciences and a partner named Jigsaw Holdings.  While these businesses still operate, they will never ever be forgotten and I personally doubt their clients will trust them.

Ster-Kinekor’s database has been compromised.  Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

00

UK

The British government was exposed secret files through Trello. The British government is under fire for potentially exposing official papers and reports through files uploaded to public Trello boards used by departments, according to a report from the Sunday Telegraph.

Travel business Thomas Cook could have put customer information at risk due to a security flaw in a duty free website

In February 2018, Kromtech researchers found more than 100 000 scanned documents containing highly personal information including passports, driving licences and security IDs in an unsecured Amazon S3 bucket for FedEx. This was completely accessible to the public.

US

Millions of Facebook users have had their personal information compromised without their consent according to a whistleblower who helped found the election data company, Cambridge Analytica, which informed the Trump presidential campaign and has worked for Leave.EU.

What is A team Protection?

Coming off the success of A team Collaboration, we have identified that it is not always possible to find the skill and then procure that skill long term in specific industries. 

The idea behind GTconsult is that we find, nurture and grow specific niche skillsets and then provide the customer with a managed service at a low-cost low risk scenario. 

We then offer these skills to the business’ who require either an outsourced managed service or a once off project.

"..GTconsult have shown flexibility, creativity in overcoming problems and sheer determination in ensuring they delivering a solution that not only meets but has exceeded our expectations.."
- Barry O'Neill, CCI South Africa  
2018-10-11T13:17:47+00:00

We went with GTconsult due to the quality of work offered from them as a team which was showcased to us from the various other projects they have been involved in.
- Matthew Walsh, Marwick & Co.
2018-10-11T13:16:54+00:00

Who needs A team Protection?

A business that is concerned about their security and actively wants to promote a secure IT culture within their business. 

A Team Protection works best when a company has a dedicated IT team. The A team service is a consultative service to empower the IT team not to work against them. 

We can perform assessments and monthly managed service for all types of IT infrastructures and systems.

How does A team Protection Work?

We have two options based on client needs; once off assessments and recommendations and then annual commitments.

Once-off Vulnerability Assessments

External Security and Vulnerability Assessment

The internet is not exactly a safe place. Further, there is a constant and ever-present danger looming.

Allowing external access to your network is essential to your business. However, the fear of what may occur may be causing you sleepless nights. Hackers are on the rise, data breaches and ransomware attacks hit all time highs in 2017.

It has never been more important to protect your network from external threats. The GTconsult A Teams External Security and Vulnerability Assessment will use known hacking techniques to discover your external networks vulnerabilities and public information and provide you with a full audit and step by step guide to resolve issues and mitigate risks.

Some of the services we offer in this area includes:

Network Discovery

• External Facing device scan;
• Subdomain Finder;
• IP Network Scan and Discovery; and
• DNS Entries.

Employee Discovery
• Personal Info – Name, title, email, username, employee number, password
• Social Info.

Company Information Discovery

• Breached Database list;
• Rouge/Shadow IT deployments.

Vulnerability Assessment

• External facing website;
• External facing servers;
• Email address gathering;
• Username Disclosure;
• Router information;
• Public information; and
• Unsecure traffic.

Hardening and Securing

• Full audit result with suggestions and fixes;
• Password Policy.

Internal Security and Vulnerability Assessment

Most companies suffer from a condition called eggshell security where they believe because they have setup a firewall and proxy server their internal staff and data are protected from the outside world.

This is most certainly not the case, internal threats are abundant and it is more important than ever with the rise of wireless hacking, USB credential theft and packet sniffers.

The GTconsult A Team’s Internal Security and Vulnerability Assessment identifies threats, assess them and provides a full audit with step by step countermeasures and prevention tactics.

Some of the services we offer in this area includes:

Network Discovery

• Network Scan and Discovery;
• Port Scan Computers, Servers, routers and all other devices;
• Physical Device Discovery; and
• Wireless Network Discovery.

Employee Discovery

• Personal Info – Name, title, email, username, employee number, password.

Company Information Discovery

• Breached Database list; and
• Rouge/Shadow IT Assessment.

Vulnerability Assessment

• Ransomware Assessment;
• Internal servers;
• Internal webservers;
• Email address gathering;
• Username Disclosure;
• Router information;
• Public information;
• Unsecure traffic capture;
• Computer access;
• External Internet Assessment;
• Wireless Network Capture; and
• Password Assessment.

Security Governance Workshop

Best Practises

• Password Policies;
• BYOD;
• Network;
• PC’s;
• Laptop’s;
• Printers;
• Wireless Network;
• Patch Management;
• OS Hardening;
• Email;
• Web Browsing;
• Anti-Virus Software;
• Travel;
• Server Room;
• Network Points;
• Computers;
• Employees;
• Guests;
• Contractors;
• 3rd Party Solutions and Services; and
• Cloud Environments.

SharePoint On Premise Vulnerability Assessment

 

SharePoint is used by over 200 million people world wide and over 80% of the Fortune 500 companies. This number is growing daily as the platform provides a way for people to collaborate in a secure and easy way.

A misconfigured SharePoint environment can however lead to massive data breaches and compromise a company’s image and financial status dramatically.

The GTconsult A Team SharePoint On Premise Vulnerability Assessment was designed and custom tailored to ensure your companies SharePoint platform stays secure and protects your companies brand and your employees’ data at all times. The Farm audit and vulnerability assessment will highlight all issues and the security and hardening report will give step by step resolution and mitigation advice.

Some of the services we offer in this area includes:

Full SharePoint Farm Audit

• Farm information: farm, site, search topology, servers list and services on server;
• Application management: web applications, site collections, service applications details;
• Information about IIS application pools, site settings, SQL Server configuration and database permissions;
• Farm administrators and other security information; and
• People picker settings, web.config files, workflows, list of features, solutions with their statuses, and other info from the Site Explorer.

Information Disclosure Scan

• Scan for known and open default SharePoint URL’s and webservices;
• Document SharePoint Permissions; and
• Search for personally identifiable and confidential information.

SharePoint Vulnerability Scan

• Misconfiguration;
• Default Settings;
• Cross Site Scripting (XSS); • SQL Injection;
• File Inclusion;
• Backup files check;
• Simple AJAX check;
• JavaScript source code analyser;
• Known Vulnerabilities; and
• Backup file check.

Hardening and Securing

• SharePoint Farm Security Best Practise;
• Information disclosure configuration; and
• Vulnerability avoidance configuration.

Office 365 Security Assessment

The world has hailed Office 365 as one of the most secure cloud platforms, and Microsoft have done a phenomenal job of ensuring this.

However, a misconfigured tenant can lead to several issues that can cause any IT manager nightmares. The Office 365 Security Assessment by the A Team ensures that all security best practises are put in place and the users are made aware and the proper policies are enforced to keep them and your data secure.

Some of the services we offer in this area includes:

Security best practices for Office 365:

• Multi-factor authentication (MFA);
• Office 365 Cloud App Security;
• Secure mail flow;
• Mailbox audit logging;
• Data Loss Prevention (DLP);
• Customer Lockbox;
• Office 365 Secure Score;
• Audit Log Search;
• Anti-spoofing; and
• Anti-spam & anti-malware.

Hardening and Securing

• Setup and Configure Advanced Security Management;
• Set up alerts;
• Setup and configure Audit Log;
• Set up encryption in Office 365 Enterprise;
• Create and deploy device security policies; and
• Configure SharePoint device access policies.

 

Long-Term Security Strategies

Get the complete package of protection and mitigate your company’s security risk with the cover of A team Protection.  We offer long-term security strategies that include everything in the A team’s security assessment and vulnerability range as well as an intrusion assessment on an annual basis.  Our long-term security strategies are designed for any company who wants to completely outsource their security risk or boost their internal IT risk team at an affordable cost.

Annual Service Plan to secure and identify security and vulnerability threats includes:

  • An Office 365 Security Assessment;
  • SharePoint On-Premise Vulnerability Assessment;
  • Monthly Internal Security and Vulnerability reports;
  • Monthly External Security and Vulnerability reports;
  • External Security and Vulnerability Assessments;
  • Internal Security and Vulnerability Assessments; and
  • One annual Intrusion and report.