Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more


  • Apr 19, 2021
    Threat Hunting 101

    As cybersecurity professionals, it is important to understand real-world threats facing your organization. Although there are plenty of tools and technologies to help identify thousands of possible vulnerabilities, threat hunting helps narrow these down into more realistic probabilities, and also helps you formulate appropriate countermeasures. 

    Threat hunting is a process that organizations of almost every size should engage in. Based on your organization's industry, it will help identify who likely attackers are, their methods, and their motivations (e.g., information, money). This is a critical component to ensuring that you understand the gaps that your organization may have and strategize the best ways to secure the organization. 

    At the end of the day, how can you stop what you do not understand? Understanding the common points of attack and methods in play by routine threat-hunting is an important part of a holistic cybersecurity program. 

    Her... ( Read More )

  • Mar 11, 2021
    Attackers on the Inside

    We perform penetration testing on organizations that often use the latest and greatest tools in security defense, yet our testing sometimes goes unseen. The key to detection and defense? Security layers. If you assume your primary defense does not work, what is its backup? How do you spot activity based on the original outlined phases of an attack if your primary tooling is inadequate? Layers!

    Let us focus on the period during which threats are attempting to expand within your network, laterally, after having gained access. Expansion is possible both for ransomware and for individual attackers. Both wish to make the most of their efforts and obtain the greatest levels of success which often involves searching for additional targets.

    There are several ways to look for this type of movement, such as reviewing network logs or looking for unexpected connection attempts to different devices. Unfortunately, while academically possible, the reality is that not every organizatio... ( Read More )

  • Feb 11, 2021
    Attack Frameworks 101

    We follow a pretty standard pattern for gaining access within a Network Penetration Test (aka pentest) – recon, exploit, escalate, expand, execute.  First, we look at the environment for any exposed information or misconfigured systems. Next the goal is to gain control or access to a resource using known methods or exploits. From there, we shoot to obtain as high a privilege level as possible. Once we have the appropriate levels of access, we can expand laterally looking for targets or data. When we have achieved a level of control on an environment equal to our goals, we execute our intended goals. This is a straightforward high-level process with a not-so-straight-forward multitude of steps in between. The uniqueness of the path between each step is what can make detection difficult for security teams and SOC’s watching the wheel. 

    Threat groups and malware campaigns use similar approaches to the above. Understanding that attack and infiltration methods of a pe... ( Read More )

  • Jan 11, 2021
    MFA – A requirement, no longer a choice.

    If you do not have Multi-Factor Authentication (MFA) in place yet, get a move on! If by some chance you have selected this post to read and do not understand MFA let us provide a brief definition.

    MFA – sometimes known as 2 Factor Authentication – requires users to sign in with two out of three of the follow credential types – something you know (e.g., password), something you have (e.g., application on your phone), or something you are (e.g., fingerprint).

    While many organizations have made the shift to using MFA, there are still some that are struggling to get this technology in place – due to timelines, budgets, or just overall understanding of its benefit. Today, it is no longer a nice-to-have to implement MFA, it has really become a requirement. A layer that is a must have for all institutions. Phishing campaigns have made it easy business for attackers to gain cred... ( Read More )



Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.