Security Services Portfolio
Transcription
Security Services Portfolio
Security Services Portfolio [email protected] Our Company Laconicly is a leading, independent provider of expert training and professional security services. We bring extensive, internationally recognized expertise and experience to every client engagement. Laconicly has hands-on experience with assessments of the most critical high integrity systems, some of which involved the security of nations. Laconicly is proud to have security consultants with the highest credentials including industry award winners, published authors, and speakers at the most prestigious security conferences including: Black Hat Briefings, RSA, DEFCON, Blue Hat, NATO CCDCOE, and many others. Laconicly is also proud to offer security consultants with active Department of Defense security clearances for those highly sensitive systems that should only be evaluated by those who have been deemed especially trustworthy. Security Assessment Services Red Team Assessment A Red Team Assessment is a form of security assessment that involves the discovery and exploitation of vulnerabilities. This activity is performed from an attacker's perspective, meaning that a specific set of threats are exploited during the assessment and all activities attempt to emulate tactics and methodologies exhibited by real attackers. A red team assessment can be focused on a system, application, network, or other objectives designated by the client. Often a red team assessment is focused on a goal rather than a target, such as theft of sensitive information or accessing specific network targets. Red team assessments often shed light on vulnerabilities that were not previously believed to exist or had not even been considered. Basic phases of a standard red team assessment are: Reconnaissance, Attack Surface Analysis, Vulnerability Analysis, and Exploitation. These phases can be scoped to meet the needs of clients. Application Assessment The Application Security Testing services we offer provide you with a thorough security analysis of your custom application deployment. Our expert and highly skilled penetration testing specialists will examine and assess all the key components of your application and supporting infrastructure. Attention is also focused on how your application components are deployed and communicate with both the user and server environments. Throughout our testing we apply a rigorous methodology and utilize a mix of automated scanning tools and manual techniques to test for exploitable vulnerabilities. Through this we are able to provide you with a detailed report and recommend the best methods to secure the application environment based on your unique internal business requirements and security best practices. Application assessment can be performed in multiple ways including: Black-box Assessment: In this type of assessment, Laconicly will attempt to locate and exploit vulnerabilities in the specified application. Laconicly will assess the given application with a hacker’s mind-set while attempting to identify and exploit security defects. Code review Assessment: In this type of assessment, Laconicly will leverage the actual source code of the application to perform the assessment. The advantage of this approach is that actual lines-of-code that are responsible for causing the security vulnerability are identified, allowing developers and architects to quickly remediate the issues. The availability of the application source code will allow Laconicly to identify Mobile Application Security Review Designed for your most sensitive and security-critical mobile applications, a mobile application security review provides deep insight and an in-depth analysis of the mobile application’s security posture. These reviews are tailored to your specific needs and can include source code analysis and/or binary analysis (reverse engineering). Our reviewers have conducted audits on some of the most high profile, mobile applications in the industry. They are well versed in both iOS and Android application reviews and will help your developers with specific, actionable changes that help your organization develop more secure mobile applications. Security Services 645 W 9th Street Suite 216 Los Angeles, CA 90015 [email protected] A Veteran Owned Business Infrastructure Assessment Our expert, highly skilled penetration testing specialists examine the current state of your infrastructure to assess the resilience of your security controls, and to identify the ways that an attacker might gain unauthorized access. Through the application of rigorous methodologies, using both automated and manual techniques, we test for exploitable vulnerabilities that could allow unauthorized access to key information assets. Infrastructure assessments can be tailored to include Corporate Networks, Wireless Infrastructure, Router and Switch configuration, Management Systems, and other components based on the client’s requirements Advisory Services Secure Development Lifecycle The Security Development Lifecycle (SDL) is a software development security assurance process consisting of security practices grouped by seven phases: training, requirements, design, implementation, verification, release, and response. Whether your organization is new to the SDL process or a review is required in order to improve existing processes Laconicly’s extensive background in the SDL process assures that we can provide expert guidance on implementing a SDL in your organization. Building a Robust Security Capability As organizations grow and mature, the desire for an organic, in-house security capability becomes a requirement. Building a robust, sophisticated security team, along with the process and procedures for running an efficient security team can be an arduous task. The professionals at Laconicly Security have extensive experience in building security teams and developing sophisticated security capabilities. We’ve helped build sophisticated teams for the DoD and Fortune 500. The professionals at Laconicly will help your organization understand your current capabilities, help define needed capabilities, develop the methodologies needed for robust security capabilities, and can even assist in the team member selection process. We’ll lay the foundation for a successful security team and augment the team as needed. Protecting The Company Brand and Defending Against Advanced Persistent Threat (APT) For most organizations, protecting intellectual property, brand, and customer relations is vitally important. Today’s threat landscape is constantly changing and attackers are becoming more sophisticated and using more elaborate tactics. Laconicly can help your organization address these threats and prepare your organization for response to attacks utilizing 0-Day vulnerabilities, help understand and manage the relevant threat actors, assist in hardening your enterprise against sophisticated threats, and develop processes for effective monitoring for sophisticated threats. Security Services 645 W 9th Street Suite 216 Los Angeles, CA 90015 [email protected] A Veteran Owned Business Training Offerings Laconicly training curriculum focuses exclusively on cutting edge security best practices , and our dedication means our courses and instructors are informative, enjoyable, and compelling. Our courses use a virtualized training environment in order to give students the opportunity to learn by doing. All classes include detailed labs which will guide students through the concepts that are covered in the class. In addition to the extensive course workbook, students receive the instructional environment, supporting documents, and tools. Students will be able to immediately apply the concepts and skills they have learned. We have tailored our courses specifically for developers, project managers, engineers, and incident responders. Our offerings include in-depth courses on secure development practices, designing resilient systems, analyzing vulnerabilities, and implementing sound QA practices, among others. From individual course offerings to worldwide training programs, Laconicly can meet your organization’s security training needs. All Laconicly training offerings can be customized in order to meet customer requirements. Industrial Control Systems Assessment Laconicly offers a comprehensive list of Industrial Control System assessment (ICS) services that is tailored to each client, based on their unique needs and requirements. Security assessments of industrial control systems (ICS) have many similarities and many important differences with assessments of enterprise networks. A rigorous methodology and close collaboration with the client is used to ensure that stability of ICS is maintained while also providing a comprehensive assessment. Analysis of SCADA and DCS security configurations, interviews of key personnel, and infrastructure configuration reviews are common components of an ICS assessment. Many other assessment services are also available. Please contact us to discuss other possible assessment components and offerings. About Laconicly Security Services Our Culture Passion for security, unwavering integrity, and a commitment to excellence are the founding principles of our culture. Every member of our hand-picked team is committed and passionate about their work. We believe this is the only way to consistently provide excellent customer service and cutting edge security research. Our unwavering integrity and our commitment to excellence shows in every client interaction and every deliverable we produce. At Laconicly Security, we also understand that we have a moral obligation to help improve the general state of security in the industry. Our efforts have been publicly recognized by industry leaders, the Department of Homeland Security, and the Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) on numerous occasions. Security Services 645 W 9th Street Suite 216 Los Angeles, CA 90015 [email protected] www.laconicly.com