Prevention
Standards Based Information Risk Assessments
Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. Our Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – Federal Financial Institutions Examination Council (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP), or the Payment Card Industry Data Security Standard (PCI DSS). Our inquiry will include every aspect of your organization: People, Process, and Technology.
Cyber Security Testing
BorderHawk Cyber Security Testing is a ‘hands on’ effort in which Test Operators attempt to circumvent security features of a system or network based on their understanding of the technical design and implementation. The purpose of a penetration test is to identify methods for gaining access to a system or network by using common attacker tools and techniques. Accordingly, in order to conduct a penetration test, the operator
must first conduct a vulnerability assessment to determine exploitable targets.
*Pricing will vary dependent on size of target environment and the persistence requested for penetration testing (time to break). Consequently, we often scope and price testing engagements on a flat rate per day once we are able to gauge the size of the target environment.
‣ External Network Assessment
Targets: Internet facing systems and devices
Attack Parameters: May include both automated and manual attacks; Will usually NOT include exploitation of any identified vulnerabilities; Password cracking is usually in scope
Restrictions: Attack(s) usually limited to non-business hours
‣ Internal Network Assessment
Targets: Internal network devices, not limited to domain controllers, infrastructure services (WINS/DHCP/DNS), servers, workstations, printers and network devices
Optional: Configuration review of the firewall and internal
Attack Parameters: Unobtrusive system vulnerability scans may occur during business hours; Caution: there is potential for interruption of critical business systems
Restrictions: Internal network assessment will be conducted on-site
Will not include mainframe systems
May include both automated and manual attacks; but will not usually include exploitation of any identified vulnerabilities; password cracking is usually in the scope
‣ Wireless Assessment
Targets: Organization -Campus -Specific Building -or Facility
Attack Parameters: May occur during business hours for unobtrusive scans
Rogue wireless device detection; penetration testing, password cracking usually in the scope
Restrictions: Wireless security risk assessment usually limited to 802.11 technologies
‣ Social Engineering
Attempt to bypass security controls in order to gain access to sensitive areas or information
Targets: Individual – Organization – Campus – Specific Building – or Facility
Attack Parameters: May include physical access, telephone, and email/phishing
Restrictions: Attack may be performed any time
‣ Application Pen Test
Targets: Web-based production application, Internet facing IP address
Attack Parameters: May include both automated and manual attacks
May include attempts to gain access through social engineering
Restrictions: Will usually not include exploitation of any identified vulnerabilities
Password cracking is usually in the scope
Will not include a code review
Detection
Cybersecurity Analytics & Alerting Services
BorderHawk Cybersecurity Analytics & Alerting provides an ongoing awareness of information security, information technology vulnerabilities, and potential threats to support organizational risk management decisions.
By monitoring certain critical computer systems within your environment or analyzing information collected via the Internet regarding your organization, the BorderHawk Team is often able to isolate potential threat ‘indicators’ and extrapolate such knowledge into a proactive indication and warning processes.
We use a variety of proprietary tools to collect information, and then we employ a team of experts to analyze that data in order to reach conclusions about threats to your organization.
Technical Surveillance Countermeasures (TSCM)
BorderHawk can be available to conduct systematic physical and electronic examinations of designated areas in an effort to locate surreptitious eavesdropping devices or security weaknesses and hazards that would allow the compromise of sensitive or proprietary information.
Response
Cyber Incident Response
BorderHawk is available to help you manage all aspects of a breach including subsequent activities. Our experts are experienced in cybercrime investigations and can be available to provide liaison as needed.
In response to a breach, we work with you to:
- Limit immediate incident impact to customers and partners
- Recover from the incident and return to operations
- Determine how the incident occurred
- Help assess impact and damage
- Determine who initiated the incident and help identify your options going forward
- Review existing policies and protocols for adequacy
- Review adequacy of other systems security
- Develop long-term mitigation plans
Correction
Cyber Security Remediation and Mitigation
Discovery of People, Process, or Technology weaknesses (vulnerabilities) is most often made during the investigation of a breach or the result of comprehensive security audit.
Cyber Security Remediation Projects involve correcting vulnerability issues.
Cyber Security Mitigation Projects are designed to diminish the impact, severity, or cost associated with the potential exploit of a vulnerability, especially where the vulnerability cannot be remedied.