Offense

Offense must inform Defense. This approach is the catalyst for our offensive security services that will shore up your defenses against the bad guys.

Network Penetration Testing

Our team will perform an in-depth network penetration test to look for exploitable entry points for unauthorized access to your most sensitive data. We’ll start this off with a threat modeling exercise and can include social engineering scenarios. This is a more controlled security testing project that models the actions of a real world threat.

Adversary Simulation

We’ll carry out the tactics, techniques, and procedures (TTPs) of a real adversary with more sophistication and targeted goals. The goal of this is to improve network defenses.

Web Application Penetration Testing

After reviewing the business requirements for your web application, we’ll conduct an in-depth review against the web application’s exploitable vulnerabilities and mapped to the OWASP Top 10 2017. The remediation report will provide guidance on mitigating your business risks.

Mobile Application Security Assessment

We’ll assess and report on mobile application vulnerabilities by analyzing the application sandbox technology and using an intercepting proxy to analyze network traffic. We’ll include the mobile application as well as all server-side API and backend technologies used. We’ll get an understanding of the threat model for the application and map this into the OWASP Top 10 2016 mobile application security risks.

Cloud Security Assessment

Cloud security is one of our passions. We’ll help you meet your security program goals whether your deployment is located on-premise, in the cloud, or hybrid. We’ll conduct a security review of the cloud provider’s configured security controls and explore exploitable vulnerabilities through a cloud penetration test of your cloud business infrastructure.

Product Security Testing

We’ll conduct an in-depth penetration test of a product deployment, looking for 0-day vulnerabilities or traditional vulnerability scanning. This will include a Research and Development (R&D) component to look for new protocol vulnerabilities and previously undiscovered vulnerabilities.

Defense

Defend your security program by first understanding your business risks. This starts with having a well-formed threat model. Follow this up by applying security controls and processes that meet your security requirements. The array of defensive security services will help you meet the goals for your security program.

Advisory

A strong foundation for an Information Security program starts with documented processes and knowing your business risks. We provide Risk Assessment program building and delivery as well as Information Security policy development.

SIEM Consulting

We provide SIEM implementation, design, and consulting services. We can help your team fill in resources for high fidelity log source selection, design, aggregation, and troubleshooting of log sources.

Managed Security Services

Let us build a custom managed security solution that will match your requirements to catch the bad guys.

Threat Hunting

In this assume breach era, a bit of paranoia can go a long way in protecting your organization. We can help implement the methodology, tools, and processes that can make you more effective and proactive at finding threats on your network and systems.

Secure Software Lifecycle

We can work with your development teams to build some Agile Application Security tools, processes, and documentation. This will greatly reduce your business risk towards a goal of a more secure Software Development Life Cycle (SDLC).

Product Hardening

We’ll help identify your product’s security posture as it related to Operating System (OS) or application hardening. We can help you assess the initial posture and develop a security baseline, including hardening scripts and automated deployment of the hardened baseline. We can align to STIG hardening requirements or Center for Internet Security (CIS) benchmarks.

Purple Team Assessments

Offense must inform defense and what better way than to measure your Security Operations Center (SOC) and work hand in hand with them to improve defenses? In this project, we’ll engage as a red team and work with your blue team to test tactics and see if the process or technology needs to be improved.

Digital Forensics & Incident Response

We’ll help provide forensic analysis and incident response (IR) services if you’ve suffered a security incident.