Prevention

Standards Based Information Risk Assessments

risk
Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. Our Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – Federal Financial Institutions Examination Council (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP), or the Payment Card Industry Data Security Standard (PCI DSS). Our inquiry will include every aspect of your organization: People, Process, and Technology.

Cyber Security Testing

BorderHawk Cyber Security Testing is a ‘hands on’ effort in which Test Operators attempt to circumvent security features of a system or network based on their understanding of the technical design and implementation. The purpose of a penetration test is to identify methods for gaining access to a system or network by using common attacker tools and techniques. Accordingly, in order to conduct a penetration test, the operator
must first conduct a vulnerability assessment to determine exploitable targets.

*Pricing will vary dependent on size of target environment and the persistence requested for penetration testing (time to break). Consequently, we often scope and price testing engagements on a flat rate per day once we are able to gauge the size of the target environment.

‣ External Network Assessment

Targets: Internet facing systems and devices

Attack Parameters: May include both automated and manual attacks; Will usually NOT include exploitation of any identified vulnerabilities; Password cracking is usually in scope

Restrictions: Attack(s) usually limited to non-business hours

‣ Internal Network Assessment

Targets: Internal network devices, not limited to domain controllers, infrastructure services (WINS/DHCP/DNS), servers, workstations, printers and network devices

Optional: Configuration review of the firewall and internal
Attack Parameters: Unobtrusive system vulnerability scans may occur during business hours; Caution: there is potential for interruption of critical business systems

Restrictions: Internal network assessment will be conducted on-site

Will not include mainframe systems

May include both automated and manual attacks; but will not usually include exploitation of any identified vulnerabilities; password cracking is usually in the scope

‣ Wireless Assessment

Targets: Organization -Campus -Specific Building -or Facility

Attack Parameters: May occur during business hours for unobtrusive scans

Rogue wireless device detection; penetration testing, password cracking usually in the scope

Restrictions: Wireless security risk assessment usually limited to 802.11 technologies

‣ Social Engineering

Attempt to bypass security controls in order to gain access to sensitive areas or information

Targets: Individual – Organization – Campus – Specific Building – or Facility

Attack Parameters: May include physical access, telephone, and email/phishing

Restrictions: Attack may be performed any time

‣ Application Pen Test

Targets: Web-based production application, Internet facing IP address

Attack Parameters: May include both automated and manual attacks

May include attempts to gain access through social engineering

Restrictions: Will usually not include exploitation of any identified vulnerabilities

Password cracking is usually in the scope

Will not include a code review

Information Security Training

Virtually all Information Security Standards and Regulations require both information security awareness and information security training targeted at all users (including managers, senior executives, and contractors) on an on-going basis.

“Learning is a continuum … it starts with awareness, builds to training, and evolves into education.” (NIST Special Publication 800-16 Revision 1)

BorderHawk has partnered with The Venza Group to deliver Information Security Awareness and Training solutions. Please contact us for more information.


Detection

Cybersecurity Analytics & Alerting Services

BorderHawk Cybersecurity Analytics & Alerting provides an ongoing awareness of information security, information technology vulnerabilities, and potential threats to support organizational risk management decisions.

By monitoring certain critical computer systems within your environment or analyzing information collected via the Internet regarding your organization, the BorderHawk Team is often able to isolate potential threat ‘indicators’ and extrapolate such knowledge into a proactive indication and warning processes.

We use a variety of proprietary tools to collect information, and then we employ a team of experts to analyze that data in order to reach conclusions about threats to your organization.

Cyber Monitoring Alerting Service (CMAS)

Screen Shot 2016-05-11 at 4.26.25 PMBorderHawk has developed a proprietary, non-invasive, process to analyze Internet intelligence associated with our clients. By analyzing client information against Internet intelligence sources, we are able to generate a Cyber Risk Warning Alert direct to you for action.

SIEMfuel (SfS)

SfS delivers Security Information and Event Management (SIEM) system source updates for enhanced real-time analysis of security alerts being generated by your network hardware and applications. SfS source updates are developed from intelligence sources dedicated to identifying bad actors currently on the World Wide Web and the Dark Web. Source update information is obtained, scrubbed, de-duped and converted onto a single file format that is easily ingestible into most any SIEM. SfS greatly improves your SIEMs ability to detect threat activity; this enhancement is especially useful for those clients new to SIEM operations or have not been able to develop a mature SIEM operation due to a lack of resources

Technical Surveillance Countermeasures (TSCM)

BorderHawk can be available to conduct systematic physical and electronic examinations of designated areas in an effort to locate surreptitious eavesdropping devices or security weaknesses and hazards that would allow the compromise of sensitive or proprietary information.


Response

Cyber Incident Response

BorderHawk is available to help you manage all aspects of a breach including subsequent activities. Our experts are experienced in cybercrime investigations and can be available to provide liaison as needed.

In response to a breach, we work with you to:

  • Limit immediate incident impact to customers and partners
  • Recover from the incident and return to operations
  • Determine how the incident occurred
  • Help assess impact and damage
  • Determine who initiated the incident and help identify your options going forward
  • Review existing policies and protocols for adequacy
  • Review adequacy of other systems security
  • Develop long-term mitigation plans

Correction

CyberSecurity

Cyber Security Remediation and Mitigation

Discovery of People, Process, or Technology weaknesses (vulnerabilities) is most often made during the investigation of a breach or the result of comprehensive security audit.

Cyber Security Remediation Projects involve correcting vulnerability issues.

Cyber Security Mitigation Projects are designed to diminish the impact, severity, or cost associated with the potential exploit of a vulnerability, especially where the vulnerability cannot be remedied.