Policy and Procedure Review/Development
We conduct a thorough analysis of existing policies and procedures within your organization, cross-walk against applicable Industry Standards, evaluate those policies and procedures against proven solutions, and assist you with crafting new policies and procedures that leverage “Best Practices” principles while enhancing your network/cyber asset configuration control and patch management.
Back to the Top
Cyber Security Program Development
We analyze your operational and/or business network architecture via device discovery, vulnerability assessments, and policy reviews. This analysis provides the basis for overarching security recommendations and optimization planning that will create or update your cyber security program, allowing you to implement network defense and protect recommendations, risk assessments and emergency management planning.
Back to the Top
Threat Analysis
Using a Risk Based Assessment Methodology, we map your operational essential tasks, business functions and critical data touch points on your IT infrastructure, and analyze specific threat vector methodology to develop a threat matrix, enabling you the ability to truly assess your risk, so that you can acquire and prioritize resources to address the threats.
Back to the Top
Insider Threat Analysis
Insider threats are often times the most difficult to detect, yet the most damaging to your company and business processes. Using predictive analysis, tools, and anomaly detection, our analysts are able to provide an additional layer of security around your company’s most valued assets while deterring or detecting a potential malicious insider action.
Back to the Top
Business Assets Protection
Our team works with you to identify your critical assets, understand potential threats and vulnerabilities facing your assets, and develop protection strategies that conform to your risk tolerance and resource availability.
Back to the Top
Customer Information Protection
For over 35 years we have been protecting customer information from exfiltration, loss, manipulation or other adverse actions. Let us assist you in engineering a security solution that provides your customers with an increased level of confidence that their data is safe with your business.
Back to the Top
Information Sharing and Analysis Center (ISAC) Support
We offer extensive cyber threat analysis capabilities. Our Information Sharing and Analysis Center (ISAC) operations provide 24/7 threat analysis and reporting on cyber, as well as physical threats. We use knowledge of your organization’s network infrastructure and risks to tailor our analysis and reporting of current, real world threats and incidents to help you efficiently deploy effective countermeasures.
Back to the Top
Disaster Recovery and Response/COOP
Our team uses a five step process (Identification, Containment, Eradication, Recovery, and Debrief) to emergency or disaster responses, ensuring you experience minimal operational downtime. We provide Tier 3 cyber incident response capabilities, including advanced malware identification, and other advanced incident resolution capabilities, as required, to ensure eradication of threats.
Back to the Top
Training and Education
Executive - We provide training for your executive management team to make them aware of the common terms, threats, and security solutions available. We intersperse real-world case studies related to your specific industry, so that your leaders can fully understand the nature and impact of threats to your operations. This training can be provided in multiple formats (on-site, webinar, web-based, and for both initial and sustainment training modes), and customized to your needs.
Technical - We provide training for every echelon of security professional within an organization. This training can be provided in multiple formats (on-site, webinar, web-based, and for both initial and sustainment training modes), and customized to your needs.
Back to the Top
Cyber Test Environment
We have developed and maintain a unique virtual and physical hybrid cyber environment capable of reproducing an operational or proposed network structure and facilitating the testing of software, hardware, and firmware to determine effects with respect to device interoperability, compatibility, network performance, network optimization, patch management testing and many other enabling function checks for your network or devices.
Back to the Top
Steganographic Detection
A picture is worth a thousand words, or maybe a thousand lines of hidden code? Hidden code within innocent pictures may inadvertently unleash malicious code or malware, causing loss of data, business process interruption, or a back door for later action; we can analyze and detect steganographic code and increase your security posture.
Back to the Top
High Assurance Testing
The high assurance security assessment is conducted using a model driven methodology with a primary purpose of identifying potential security weaknesses, vulnerabilities, malware, Trojans or backdoors. These evaluations include in-depth analysis of software (source code), hardware and firmware components of technology and technical infrastructure implementations. These efforts have addressed IT and Telecom infrastructure, as well as other specialized technology solutions that must be free from malware or other exploitable vulnerabilities. This methodology goes beyond the standard Common Criteria and Capability Maturity Model frameworks, and is intended to be continuously executed throughout the full lifecycle of supported systems/infrastructures. This includes ongoing analysis of software patches and new releases, and hardware/firmware updates or changes.
Back to the Top
Supply Chain Assurance
In conjunction with the High Assurance Security Evaluation described above, we provide Trusted Delivery support that ensures secure delivery of the exact evaluated systems to the end-user/customer by:
- Checking to ensure that proper SW, FW and HW have been delivered to the customer
- Checking systems after installation to establish whether it has been altered in an unauthorized fashion
As part of this process, we can provide validated compiled source code (“binaries”) directly to customers with proof of authenticity and integrity, and help you to distribute and manage the binaries properly within your network.
If your system is part of a critical infrastructure, we may also collaborate with government agencies and perform tests specified by them to ensure acceptability of HW, FW, and SW for integration into sensitive technologies and networks.
Back to the Top
Counter Counterfeiting
We have developed a patent pending process that ensures integrated circuit (both chips and boards) product authenticity. This process is easily incorporated at the manufacturing facility at minimal cost, with maximum benefit.
Back to the Top