Our Services
Cyber Defense
Firms must keep abreast of the past pace of emerging threats and how attack surface vectors develop with organizational changes, system enhancements, and the introduction of new products and services.
Organizations must keep pace with the rapid deployment of sophisticated tactics, malware, approaches, and the use of nation-state tools driven by sophisticated threat actors.
Your firm’s cyber defense strategy must be dynamic and consider each of these factors while remaining elastic to address the unexpected. Being able to measure and quantify the effectiveness of your tactics, techniques, and protocols and whether your investments in human capital, technology, and outside resources are resulting in a continuously maturing approach is a valuable tool that conveys confidence to your customers, board of directors, and shareholders.
Let us review your organizational effectiveness, mean time to identify a threat, mean time to contain and remediate an incident, selection of tools, and assess your cyber defense posture.
Data Loss Protection
Data Loss Protection is paramount for any organization as a breach in this area can result in lost business, operational disruptions, reactive costs, civil damages and criminal charges, theft of trade secrets and intellectual property, risk of litigation and job termination. None are pleasant outcomes.
Our team is experienced at working to:
- Securing data in motion — technology installed at the network edge can analyze traffic to detect sensitive data sent in violation of security policies.
- Securing endpoints — endpoint-based agents can control information transfer between users, groups of users, and external parties. Some endpoint-based systems can block attempted communications in real time and provide user feedback.
- Securing data at rest — access control, encryption and data retention policies can protect archived organizational data.
- Securing data in use — some DLP systems can monitor and flag unauthorized activities that users may intentionally or unintentionally perform in their interactions with data.
- Data identification — it is crucial to determine if data needs to be protected or not. Data can be defined as sensitive either done manually by applying rules and metadata, or automatically via techniques like machine learning.
- Data leak detection — DLP solutions and other security systems like IDS, IPS, and SIEM, identify data transfers that are anomalous or suspicious. These solutions also alert security staff of a possible data leak.
Artificial Intelligence & Machine Learning
Make smarter decisions with Artificial Intelligence and Machine Learning as functions of the security team should be cyclical and symbiotic. Threat intelligence housed in can influence decisions related to security operations, tactics, and strategy.
We work with you to develop tailored robust Integrations and flexible Playbooks, to get the maximum amount of value from existing investments by extracting intelligence to better inform future decision making.
Our team of scientists and engineers work to develop, test, and apply leading edge AI and Machine Learning capabilities to enable your firm to achieve automated orchestrated responses to enhance your defenses.
Our AI and ML tools can sift through vast amounts of data to identify trends, patterns, vulnerabilities, and changes in behavior that will provide you with considerable insights.
Secure Application Development and Test
Application security is your best defense against the hackers who want your organization’s data. Here are best practices for secure application development.
In Forrester’s The State of Application Security, 2019, author Amy DeMartine opens with this declaration: “Application weaknesses and software vulnerabilities continue to be the most common means by which cybercriminals carry out external attacks.”
The most recent Verizon Data Breach Incident Report (DBIR) found that web applications are among the top three attack vectors in eight of the nine industry verticals it covered. They are No. 1 in four of them.
According to SAP, 84% of cyber attacks happen on the application layer, making it the number one attack surface for hackers.
There is no mystery about this. If an attacker can exploit a vulnerability in an app, it offers what that attacker is seeking—potentially unlimited access.
Our team of professionals will work with you to:
Know what’s in your code
While most organizations create proprietary software, virtually all—99%, according to the 2018 Synopsys Open Source Security and Risk Analysis (OSSRA) report—also use open source.
Which is why software composition analysis (SCA) is useful. It helps find open source components in an app while it’s in development.
Know how your apps will be used
Beyond knowing that, developers need to know how an app is going to be used.
Use the right tools
There are also multiple tools for software security testing throughout the SDLC: SAST (static application security testing), DAST (dynamic application security testing), IAST (interactive application security testing), RASP (runtime application self-protection), and penetration testing. They all play a role in delivering a product that, while it won’t be bulletproof (nothing is), will be secure enough to discourage all but the most motivated and expert hackers.
Create security requirements
One reason for that is that security testing isn’t always written into the specifications for an app.
“Building security in slows you down only if you weren’t going to do it in the first place."
“If you were going to build security in, then doing it takes exactly the expected amount of time. That’s not a perception issue; it’s a fact.”
Enable developers
Security tools are evolving to meet the need for speed. The most up-to-date tools and strategies all focus around the following goals: automating as much as possible, not slowing down developers, eliminating entire bug classes and customizing solutions/fixes if you feel the need to.
Security Incident and Event Management
SIEM, or Security Incident Event Management, is a solution that allows for constant monitoring and threat detection for breaches or cybersecurity issues.
We work with you to:
- Assess your current SIEM signature-based detection components allowing for a multitude of different data sources to forward logs which are correlated against thousands of rules and threat intelligence.
- Anomaly Detection – Assess your components and metrics being monitored in your environment to detect any threats through a behavioral analysis approach. This will involve tracking information like events per day, node, hour, log and trend analysis from environment against historical baseline data.
- Active Directory Analysis – Domain Controller monitoring analysis engine which ingests all domain controller events and can identify any events which pose a security threat and will score and send out real time alerts around these changes being made allowing for internal monitoring of our domain against insider threats.
- Global Threat Intelligence – We consider leveraging a multitude of different resources that allow you to stay up to date with the ever evolving landscape of cyber threats that exist in today’s world.
- Intelligent Agent – Host level intrusion detection allowing the forwarding of individual desktop/server events as well as allowing our analyst to have visibility into node based changes to include file integrity checking/modified files (OSSEC agent), and registry changes.
- Vulnerability Analysis Engine – Monthly prescheduled scans of active assets in client’s environments which produces a vulnerabilities snapshot showing the Top 10 vulnerabilities identified in the client’s environment.
- Firewall Analysis Engine – A tool allowing for a granular view of FW activity showing bandwidth usage, VPN connections into environment, the different protocols being sent and received in your environment, as well as security audits of firewall configurations
Incident Response & Penetration Testing
It is increasingly challenging to identify indicators of compromise and attack among the vast amounts of data, alerts, and transactions, amid complex architectures that include cloud, client-server, mobile, and mainframe.
Factoring in an attacker’s sophistication, frequency of attacks, and persistence, multiped by the continually evolving nature of cyber threats, any incident response (IR) team can be overwhelmed.
To help your firm prepare, we can assess your mean time to detection and response and evaluate whether you are prepared to defend against known, advanced, and persistent threats.
We can also help you gauge the readiness and capabilities of your IR team to meet the required criteria for your industry.
Let our penetration testing team be your best sparring partner to hone your skills, identify areas for improvement, and practice drills to test your team.
Our assessments and tests will leave you with actionable plans to improve your IR effectiveness.
Identity and Access Management
As a cornerstone of a zero-trust architecture, an IAM solution should be implemented using zero-trust principles such as least privilege access and identity-based security policies.
Our team has the skills and experience to help you implement, enhance, or mature:
Central identity management
A key principle of zero trust is managing access to resources at the identity level, therefore having centralized management of those identities can make this approach much simpler. This could mean migrating users from other systems or at least synchronizing your IAM with other user directories within your environment such as a Human Resources directory.
Secure access
Since securing at the identity level is key, an IAM should make sure that it is confirming the identities of those who are logging in. This could mean implementing MFA or a combination of MFA and adaptive authentication to be able to take into consideration the context of the login attempt: location, time, device, etc.
Policy-based control
Users should only be given authorization to perform their required tasks and no more privilege than is necessary. An IAM should be designed to give users access to resources based upon their job role, their department or any other attributes that seem appropriate. As part of the centrally managed identity solution these policies can then ensure that resources are secure no matter where they are being accessed from.
Zero-Trust Policy
A zero trust policy means that an organization's IAM solution is constantly monitoring and securing its users identity and access points. In the past, organizations operated on a "once you're in, you have access" policy, but zero-trust policies ensure that each member of the organization is constantly being identified and their access managed.
Secured privileged accounts
Not all accounts in an access management system are created equal. Accounts with special tools or privileged access to sensitive information can be provided a tier of security and support that suits their status as a gatekeeper for the organization.
Training and support
IAM providers provide training for the users who will be most engaged with the product - including users and administrators - and often provide customer service for the long-term health of your IAM installation and its users.
An IAM system is expected to be able to integrate with many different systems. Because of this, there are certain standards or technologies that all IAM systems are expected to support: Security Access Markup Language, OpenID Connect, and System for Cross-domain Identity Management.
Security Access Markup Language (SAML)
SAML is an open standard used to exchange authentication and authorization information between an identity provider system such as an IAM and a service or application. This is the most commonly used method for an IAM to provide a user with the ability to log in to an application that has been integrated with the IAM platform.
OpenID Connect (OIDC)
OIDC is a newer open standard that also enables users to log in to their application from an identity provider. It is very similar to SAML, but is built on the OAuth 2.0 standards and uses JSON to transmit the data instead of XML which is what SAML uses.
System for Cross-domain Identity Management (SCIM)
SCIM is standard used to automatically exchange identity information between two systems. Though both SAML and OIDC can pass identity information to an application during the authentication process, SCIM is used to keep the user information up to date whenever new users are assigned to the service or application, user data is updated, or users are deleted. SCIM is a key component of user provisioning in the IAM space.
Risk & Resilience Assessments
Achieving a high scores on a risk or assessment framework is not a direct indicator of being cyber resilient during an attack or when facing an advanced persistent threat.
While scores are meant to highlight areas of improvement, they are not accurate predictors of your decisions, reactions, and capabilities in action and under pressure.
We provide a multifaceted approach to evaluating your true resilience and simulated testing environments to hone your organization’s performance so that you will be better prepared when facing a threat actor driven by purpose..
Regulatory Mandates, Policies, Frameworks
Regulations and industry requirements are not going away, nor are they becoming easier to meet.
Our teams of combined cyber experts and regulatory compliance professionals can help you define, implement, mature, and course correct your cyber regulatory strategy.
Our method and approach leverage an inventory of regulatory requirements to assess your firm’s ability to meet cyber regulations while supporting your business operations and goals when operating within the requirements of GDPR, 23 NYCRR Part 500, industry and country specific data privacy laws, etc..