Security Services Portfolio

Transcription

Security Services Portfolio
Security Services Portfolio
[email protected]
Our Company
Laconicly is a leading, independent provider of expert training and professional security services. We bring extensive, internationally recognized expertise and experience
to every client engagement. Laconicly has hands-on experience with assessments of
the most critical high integrity systems, some of which involved the security of nations. Laconicly is proud to have security consultants with the highest credentials including industry award winners, published authors, and speakers at the most prestigious security conferences including: Black Hat Briefings, RSA, DEFCON, Blue Hat, NATO
CCDCOE, and many others. Laconicly is also proud to offer security consultants with
active Department of Defense security clearances for those highly sensitive systems
that should only be evaluated by those who have been deemed especially trustworthy.
Security Assessment Services
Red Team Assessment
A Red Team Assessment is a form of security assessment that involves the discovery and exploitation of vulnerabilities. This activity is performed from an attacker's perspective, meaning that a specific set of threats
are exploited during the assessment and all activities attempt to emulate tactics and methodologies exhibited
by real attackers. A red team assessment can be focused on a system, application, network, or other objectives designated by the client. Often a red team assessment is focused on a goal rather than a target, such as
theft of sensitive information or accessing specific network targets. Red team assessments often shed light on
vulnerabilities that were not previously believed to exist or had not even been considered. Basic phases of a
standard red team assessment are: Reconnaissance, Attack Surface Analysis, Vulnerability Analysis, and Exploitation. These phases can be scoped to meet the needs of clients.
Application Assessment
The Application Security Testing services we offer provide you with a thorough security analysis of your custom application deployment. Our expert and highly skilled penetration testing specialists will examine and
assess all the key components of your application and supporting infrastructure. Attention is also focused on
how your application components are deployed and communicate with both the user and server environments. Throughout our testing we apply a rigorous methodology and utilize a mix of automated scanning
tools and manual techniques to test for exploitable vulnerabilities. Through this we are able to provide you
with a detailed report and recommend the best methods to secure the application environment based on
your unique internal business requirements and security best practices. Application assessment can be performed in multiple ways including:


Black-box Assessment: In this type of assessment, Laconicly will attempt to locate and exploit vulnerabilities in the specified application. Laconicly will assess the given application with a hacker’s mind-set while
attempting to identify and exploit security defects.
Code review Assessment: In this type of assessment, Laconicly will leverage the actual source code of the
application to perform the assessment. The advantage of this approach is that actual lines-of-code that
are responsible for causing the security vulnerability are identified, allowing developers and architects to
quickly remediate the issues. The availability of the application source code will allow Laconicly to identify
Mobile Application Security Review
Designed for your most sensitive and security-critical mobile applications, a mobile application security review provides deep insight and an in-depth analysis of the mobile application’s security posture. These reviews are tailored to your specific needs and can include source code analysis and/or binary analysis (reverse
engineering). Our reviewers have conducted audits on some of the most high profile, mobile applications in
the industry. They are well versed in both iOS and Android application reviews and will help your developers
with specific, actionable changes that help your organization develop more secure mobile applications.
Security Services
645 W 9th Street
Suite 216
Los Angeles, CA 90015
[email protected]
A Veteran Owned Business
Infrastructure Assessment
Our expert, highly skilled penetration testing specialists examine the current state of your infrastructure to
assess the resilience of your security controls, and to identify the ways that an attacker might gain unauthorized access. Through the application of rigorous methodologies, using both automated and manual techniques, we test for exploitable vulnerabilities that could allow unauthorized access to key information assets.
Infrastructure assessments can be tailored to include Corporate Networks, Wireless Infrastructure, Router
and Switch configuration, Management Systems, and other components based on the client’s requirements
Advisory Services
Secure Development Lifecycle

The Security Development Lifecycle (SDL) is a software development security assurance process consisting of security practices grouped by seven phases: training, requirements, design, implementation, verification, release, and response. Whether your organization is new to the SDL process or a review is required in order to improve existing processes Laconicly’s extensive background in the SDL process assures
that we can provide expert guidance on implementing a SDL in your organization.
Building a Robust Security Capability

As organizations grow and mature, the desire for an organic, in-house security capability becomes a requirement. Building a robust, sophisticated security team, along with the process and procedures for
running an efficient security team can be an arduous task. The professionals at Laconicly Security have
extensive experience in building security teams and developing sophisticated security capabilities. We’ve
helped build sophisticated teams for the DoD and Fortune 500. The professionals at Laconicly will help
your organization understand your current capabilities, help define needed capabilities, develop the
methodologies needed for robust security capabilities, and can even assist in the team member selection
process. We’ll lay the foundation for a successful security team and augment the team as needed.
Protecting The Company Brand and Defending Against Advanced Persistent Threat (APT)

For most organizations, protecting intellectual property, brand, and customer relations is vitally important. Today’s threat landscape is constantly changing and attackers are becoming more sophisticated and
using more elaborate tactics. Laconicly can help your organization address these threats and prepare your
organization for response to attacks utilizing 0-Day vulnerabilities, help understand and manage the relevant threat actors, assist in hardening your enterprise against sophisticated threats, and develop processes for effective monitoring for sophisticated threats.
Security Services
645 W 9th Street
Suite 216
Los Angeles, CA 90015
[email protected]
A Veteran Owned Business
Training Offerings
Laconicly training curriculum focuses exclusively on cutting edge security best practices , and our dedication
means our courses and instructors are informative, enjoyable, and compelling. Our courses use a virtualized
training environment in order to give students the opportunity to learn by doing. All classes include detailed
labs which will guide students through the concepts that are covered in the class. In addition to the extensive
course workbook, students receive the instructional environment, supporting documents, and tools. Students
will be able to immediately apply the concepts and skills they have learned.

We have tailored our courses specifically for developers, project managers, engineers, and incident responders. Our offerings include in-depth courses on secure development practices, designing resilient systems, analyzing vulnerabilities, and implementing sound QA practices, among others. From individual
course offerings to worldwide training programs, Laconicly can meet your organization’s security training
needs.

All Laconicly training offerings can be customized in order to meet customer requirements.
Industrial Control Systems Assessment
Laconicly offers a comprehensive list of Industrial Control System assessment (ICS) services that is tailored to
each client, based on their unique needs and requirements. Security assessments of industrial control systems
(ICS) have many similarities and many important differences with assessments of enterprise networks. A rigorous methodology and close collaboration with the client is used to ensure that stability of ICS is maintained
while also providing a comprehensive assessment. Analysis of SCADA and DCS security configurations, interviews of key personnel, and infrastructure configuration reviews are common components of an ICS assessment. Many other assessment services are also available. Please contact us to discuss other possible assessment components and offerings.
About Laconicly Security Services
Our Culture
Passion for security, unwavering integrity, and a commitment to excellence are the founding principles of our culture.
Every member of our hand-picked team is committed and passionate about their work. We believe this is the only way
to consistently provide excellent customer service and cutting edge security research. Our unwavering integrity and our
commitment to excellence shows in every client interaction and every deliverable we produce. At Laconicly Security, we
also understand that we have a moral obligation to help improve the general state of security in the industry. Our efforts have been publicly recognized by industry leaders, the Department of Homeland Security, and the Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) on numerous occasions.
Security Services
645 W 9th Street
Suite 216
Los Angeles, CA 90015
[email protected]
www.laconicly.com