Information Security Group
|
Home > Threat Intelligence

Threat Intelligence

Threat intelligence, comprises information that organizations use to understand the threats that have, will, or are currently targeting the organization. This info is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources.

When to connect with ISG Threat Intelligence Team? How will Assocaite know of the issue Immediate actions to be taken What Information is to be provided to the TI Team Actions Taken by Threat Intelligence Team
Malware Alert on TechM System Pop-up from Antivirus Email from TIM or ISG
  1. Disconnect system from internet and LAN
  2. Change password for TechM & Customer Applications
  3. Sign-out from everywhere and revalidate using 2FA
  4. Initiate Full AV Scan on the System
  1. Hostname, IP address
  2. Alert date and time.
  3. Tool on which Alert Triggered (Antivirus, EDR, Proxy, Email gateway etc.)
  4. Full path of file with virus details.
  1. System Isolation & Scanning
  2. Investigation (Validation of FireEye, AV, Sign-in & Zscaler Logs, System Review) & RCA
Suspicious Sign-in Alerts or Notifications or SMS due to Credential Leakage SMS or Microsoft Authenticator Alert on Mobile
  1. Change password for TechM & Customer Applications
  2. Sign-out from everywhere and revalidate using 2FA
  1. Username and Email address.
  2. Host Name, IP address and location details
  3. MFA status
  4. Sign Ins type (Failed, interrupted, successful)
  1. Investigation (Validation of FireEye, AV, Sign-in & Zscaler Logs, System Review) & RCA
Suspicious activities on TechM Hosted Web Application Unexplained Data Deletion, Unknown Sign-ins observed in Application Logs
  1. Isolate application from the internet
  2. Initaite Full AV Scan on the Server
  1. Application name (FQDN)
  2. IP address (internal and External)
  3. Application published on the internet or Intranet.
  4. Confirmation if 2FA or MFA, TechM AD is used for Login
  5. Confirmation if WAF is enabled
  6. Timestamp of suspicious activities
  7. Application & Application Server Logs
  8. VAPT and WAPT status..
  1. Investigation (Validation of FireEye, AV, Sign-in & Zscaler Logs, System Review)
  2. Investigation of Applciation, Application Server Logs
  3. RCA
Phishing Mail received on TechM Email Unknown Sender, Mail has suspicious links, Unexpected attachment or links from known sender but a different Mail ID, etc
  1. Report the suspicious email using "Report Phishing" button on Outlook or send as an attachment to ReportPhishing@TechMahindra.com.
  2. Do not click the links or open attachments
  1. Email attachment
  1. Investigation (Domain/IP reputation, URL clicks, threats in attachment, Number of associates targeted)
  2. Reporting to MS if email found phishing/spam and initiating blocking of sender.
Want to receive Periodic Vulnerability Updates for Components Used within your TechM Application Older version or 3rd Party Component used within Application
  1. Check the OEM Website for Vulnerability Alerts for the Version used
  2. Isolate the application and take it off the internet
  1. Application Name, URL, Server IP
  1. Add to list of users for sharing updates / alerts related to Vulnerabilities
Check for Vulnerabilities visible to the Exteranl World for your External TechM Applciation Older version or 3rd Party Component used within Application
  1. Check the OEM Website for Vulnerability Alerts for the Version used
  1. Application Name, URL, Server IP
  1. Add Application to Tools for Periodic Scanning of Vulnerabilities from External Attack Surface Monitoring Scanners
For Any Queries write to : TMTI@TechMahindra.com
Copyright © Tech Mahindra Limited. All Rights Reserved