Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more


  • Mar 09, 2023
    AI Chat: Friend or Foe?

    Recently there has been a lot of chatter around ChatGPL and the Bing Chat platform. These AI engines are being used in a number of creative ways like composing jokes or writing essays in the ‘tone’ of specific individuals. Aside from these recreational uses, the platforms have considerations for cybersecurity as well.

    A simple example to consider is the creation of phishing emails. A hallmark tell tale of phishing is broken English or improperly worded phrases. English is not always the first language for phishing groups and using online translations such as Google doesn’t always capture the proper sentence structure. This will change with the new AI engines which will be able to produce perfectly formed emails that remove doubt caused by awkwardly structured emails.

    Beyond emails and essays, the engines are also able to write and debug code. This will lower the threshold for attackers to payload a vulnerability disclosure. Similarly, creating custom code to be used in a potentially malicious way may be as simple as a request.

    Next, expect attackers to leverage live chat and coercive discussions against targets. Instead of a call from a scammer on the phone, a digitized version of these AI engines will be making the calls. They will sound friendly, familiar, and have all the answers. 

    The next generation engines promise to be even more sophisticated, which begs the question, how can we protect ourselves from such potential scenarios? In our view, most of the protections will be the same as they are today, but AI will need to be put to use for defense. If an engine outputs a request, that request can be requested again. Comparing the similarities between requests using the AI engines will help to spot fakes. Traditional defenses will need to shift slightly to include more dynamic testing, but the foundations of layers, education, and good operational execution are still crucial. 

    For the time being, ChatGPL and other AI engines are still on the attack fringes, but they will become more common over time. The key is for security teams to continue to evolve alongside the attacks and react accordingly.

  • Feb 15, 2023
    DDOS Attack: 5 Ways to Prepare

    With a recent wave of attacks performed by Killnet, organizations should be on high alert and be prepared for potential DDoS attacks. A distributed denial of service attack or DDoS typically consists of many remote sources or proxies attacking an organization to render the organization’s services unusable. Because the number of sources can be significant, and the traffic may appear legitimate, these attacks can be difficult to stop. 

    Below are 5 ways your organization can prepare to mitigate the impact of an attack before an attack happens:

    1. Establish a baseline and a threshold for action. Knowing your normal resource usage rates such as bandwidth or application memory will make it much easier to spot the start of an attack. By setting a threshold rate for action, it is possible to avoid overreacting to limited spikes or minor attacks.

    2. Limit UDP services externally. Due to the connectionless design of UDP, it is easy to spoof sources and destinations and fire off high volumes of requests to services. These are common targets during a DDoS attack. Specifically DNS and NTP.

    3. Disable amplification capabilities for exposed services. A common tactic for DDoS is to request a response that generates more traffic than was sent. By doing this, attackers can consume a larger volume of bandwidth on the victim network than is required to perform the attack.

    4. Engage a cloud provider to scrub the traffic before it reaches your environment. There are several players in this field, and they allow companies to divert traffic to them during an attack. From there traffic is ‘cleaned’ and only valid packets are passed along. Note, it is important to tune any protection rules before an actual incident, otherwise there is a risk of unintentional blocking of valid requests.

    5. Check for ancillary platforms that may be needed before an attack is mitigated. For example, communications may be impacted, so how would you coordinate a response? Centralized services such as SSO may also become points of failure if they are not reachable, so special considerations may be warranted.

    There is no one right response to a denial-of-service attack. As with security across the board, layers are best. Apply as many layers of protection as possible in case you find your organization under attack. Questions? Give us a call.

Popular Offerings

IT Security Healthcheck

    We provide a multi-leveled, custom IT Security Healthcheck of your technology environment leveraging a proprietary stack of tactical and operational checkpoints to deliver an analysis of the environment – within your needs and budget - to identify gaps and risks and provide actionable remediation steps with tiered goals.

NARC® Deception Technology

    Our patented NARC® technology identifies internal compromise or malicious insiders. By creating virtual targets and enticing malicious users to them through open services and potentially valuable data, organizations can root out illegitimate traffic and users quickly and without false positives.


Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.