How much will your organization’s security cost you?
It has been estimated that cybercrime will cost businesses over $2 trillion by 2019.1 No organization is immune. Consider the following real-life scenarios:
- $81 million dollars was stolen from a bank in one day, with only a typo preventing the hackers from accessing the full $1 billion they’d intended on stealing.2
- About half the computers and servers at Sony Pictures were wiped out overnight, costing them billions of dollars in damages.3
- Yahoo! lost $350 million due to a security breach.4
Is your organization prepared? How much will cybercrime cost you?
We understand today’s evolving security landscape. Are the attackers after your money or something more valuable - your intellectual property? Do you deal with multiple sets of attackers, each with their own goals and agendas? Do you have several different security appliances, but only a few employees who have enough specialized knowledge to use them effectively? Do you have the processes in place to quickly and correctly deal with the threats your organization is facing? Have you appropriately judged the risks to your systems and the consequences of a breach? What will you do in a post-breach scenario?
Our clients hire us because they know the stakes are high and that our solutions are effective. In fact, our business name identifies the general areas in which we provide expertise and add value - we provide the work and the solutions in Policy, Analysis and Security Services.
Our capabilities currently include:
(click to dropdown capabilities)
We have over 15 years of experience helping federal agencies improve their security posture, reduce their risk, facilitate compliance and improve their operational efficiency. Using our working knowledge of the standards and guidelines developed by the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS), our skilled security specialists can guide your agency through the Federal Information Security Management Act (FISMA) compliance requirements and ensure a smooth authorization process so your systems will operate more securely. We will also develop a strategic plan that encompasses your entire security architecture to help you make more informed decisions about how to allocate your financial resources to better manage your current and future organizational risks.
The best network security tools won’t help if you don’t know how to use them. From web apps to databases and everything in between, we discover how attackers can compromise your network before they cost you millions in damages. With an in-depth working knowledge about target development, exploitation, lateral movement, persistent access and exfiltration, our penetration testers use everything from Metasploit to the Backdoor Factory to get the job done.
Networks carry the digital lifeblood of your company - your data. Our engineers know how critical your network is and apply industry best practices to keep your network up, running and reliable. We work with the latest technologies and know how they can help you move your data and business objectives forward. Our engineers are familiar with Debian and RHEL based linux, support databases such as MySQL, Oracle and Hadoop and carry advanced industry certifications such as the CCNA, CCDP and MCSA’s.
The first step to enabling the successful development and deployment of a complex solution that meets the needs of your organization or your customers is to recognize the complexity exists. Our team has spent years working to ensure the success of everything from a new procedure for the office to the deployment of advanced data processing solutions by breaking down the key components and identifying critical objectives. Our system engineering and integration expertise ensures that the strategic solution you need is operational in the timeframe you need it.
In a world of rapid-fire advancements in mobile technology, it is imperative that you remain agile and competitive by responding to changing market dynamics and your customer needs. That requires gaining insight into your customers and data. Using Ruby on Rails, Python, Django and other technologies, our web development team will develop compelling web applications to ensure your organization is responsive to internal and external demands, while also meeting your business objectives.
Our team has deep expertise across a wide range of technological disciplines enabling us to provide expert threat assessments. Whether you are looking for a detailed study on risks a specific piece of technology poses to your sensitive data or if you want a review to identify the weakest link in your technological enterprise, we have the experience to help guide you to the best practices.
It is not a matter of if, but when a compromise will put your sensitive data at risk. The key to protecting yourself from a crippling impact is to have the processes in place to quickly identify, isolate, and recover from such incidents. We can help you optimize a set of resources and plans to prevent your data from being offered up to the highest bidder.
Our client delivery team is adept at working with a number of today’s technologies, such as:
- Security Monitoring
- Automated and Forensic System and Application Log Analysis
- Open Source and Proprietary Firewall Products
- ELK (Elastic search, Logstash, Kibana) Log Server
- Virtualization / Cloud Computing
- VMWare vSphere product suite
- Amazon Web Services
- Apache Hadoop
- Deployment Automation
- Software Development
- Linux / Windows Shell Scripting
- Configuration Management
- Linux (RHEL, Ubuntu, Debian)
- Apache Web Server
- Cyber Security Assessment and Management (CSAM) Administrator for large Federal Agency (400+ users)
- Risk Management System (RMS)
- Trusted Agent FISMA Tool (TAFT)
- Xacta Information Assurance (IA) Manager for both classified and unclassified systems
- Regular user of the following vulnerability scanning tools:
- Nessus (Operating System)
- WebInspect (Web Applications)
- AppDetecive (Database)
Additionally, we hold the following certifications and professional designations:
Certified Information Systems Security Professional (CISSP)
GIAC Network Forensic Analyst (GNFA)
GIAC Certified Penetration Tester (GPEN)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
GIAC Certified Incident Handler (GCIH)
Certified Authorization Professional (CAP)
Federal Information Technology Security Professional - Auditor (FITSP-A)
Information Technology Information Library (ITIL)