You know there’s been a breach – electronic ransom notes are popping up on screens all over, a mayday has just been received from a vessel run aground due to nonfunctional controls, or perhaps quite simply nobody at the home office can access their systems – who do you call?
24/7 on-call world-wide incident response : 206-946-8626
- initial analysis reports on possibly compromised systems
- threat defense (e.g. Denial of Service attack management, virus outbreak etc)
- malware analysis and reverse engineering
- mitigation recommendations and execution
- coordination with local and international law enforcement
- legally admissible forensic data capture and analysis
Where might you be vulnerable? How? What are the implications?
Vulnerabilities in one system can lead to reduced security and breaches in others. However, not all vulnerabilities are the same. Our in-depth modeling process allows us to identify those areas with the greatest potential for impact, both operationally and financially.
But are you really, truly, vulnerable?
Tied closely to threat modeling, discovery and verification of potential vulnerabilities is a necessary step towards remediation and mitigation. Using a blend of proprietary methods and best in class tools we are able to provide a uniquely comprehensive and detailed view of your organization’s specific risk factors and associated business impact.
Penetration Testing (Remote & Physical)
Cyber security and physical security work together, neither can be fully functional without the other.
Often conducted in parallel with a vulnerability assessment, we provide remote direct penetration testing of all Internet-accessible corporate systems, ship-board and dock-side wireless systems, as well as indirect remote vulnerability testing of internal systems.
This may be supplemented by physical penetration testing (aka “red team” operations), often in the form of a blended attack similar to that of an organized crime operation. This can be used to validate security systems and corporate policies for local and remote offices, dock services, vessels, storage facilities, etc, including alarm system analysis, physical access controls, bypass methods reporting and recommendations for remediation.
Home-grown code is the most vulnerable.
If your bespoke applications were not originally implemented with security in mind they are likely one of the weakest links in your corporate infrastructure. Code review by security experts can quickly identify patterns of security flaws which can then be remedied at lower cost by in-house programmers.
Development & Training
Helping your developers create secure systems.
Whether it’s onscreen applications or distributed sensors and controls, developing new solutions or reverse-engineering unsupported and insecure systems, we have trainers who can assist with your immediate needs and train your staff for the longer term.
Application Security Assessments
That customer portal can be a great competitive advantage, and it can lead to your biggest breaches of customer data.
In the past there has been a push for “self-service portals”, allowing vendors and customers alike to have a limited view into their account information on your systems. Many were implemented at a time when security was a less complex issue and are vulnerable now in ways that were completely unknown then. Internal portals exist as well, allowing different departments to “self service” and share information efficiently. However, these applications contain “glue code” tying them together, which is frequently written on an ad-hoc basis with little thought for security. Our testing methodologies perfected over the course of our teams’ experience can quickly reveal the many ways of exploiting these insecure elements.
The welcome mat between you and the horizon.
Virtually all wireless systems presently deployed have actively exploitable security flaws. Wireless is the number one weakness in ship-board systems at this time, often allowing complete takeover and control of a vessel’s navigation and communication systems. We are intimately familiar with the known means and modes of penetrating these systems, as well as defenses against such attacks, and are constantly adding to this knowledgebase as new exploits are discovered.