Assessing the true risk and financial exposure for an enterprise with seemingly endless in and out information flow is not an easy task. CyberUnited is your strategic resource to help mitigate your risk without sacrificing business opportunity. Our dedicated team of security consultants brings a blend of real-world experience, technical aptitude and broad industry knowledge to every project. Our security experts assess your physical and logical environment using a customized approach and proven methodologies — ensuring thorough testing and analysis of your environment.
The result is a comprehensive view of your overall security posture. We identify and prioritize vulnerabilities based on their impact to your business. We also recommend actionable safeguards that anticipate and counter threats so that you can protect all of your electronic assets and the continuity of your business, while also ensuring regulatory compliance.
The worst time to realize that you are not prepared for a cybersecurity incident is when a breach occurs.
Security incidents are crisis situations that place a great deal of pressure on IT staff. Without a comprehensive incident response plan detailing roles and responsibilities, procedures and communications, pressured IT staff must make crucial decisions lacking any sense of order and priority. This leads to poor decisions that inevitably make the breach worse and delay its resolution.
Prepare. Respond. Recover.
CyberUnited provides a wide array of Incident Response and Digital Forensics services, from incident response planning and analysis to emergency incident response and digital forensics. Should a breach occur, CyberUnited can help you minimize damage, recover compromised data and preserve evidence for legal action. CyberUnited’s Incident Response and Digital Forensics practice provides rapid containment and eradication of threats, minimizing the duration and impact of a security breach. Leveraging elite cyber threat intelligence and global visibility, we can help you prepare for, respond to and recover from even the most complex and large-scale information security incidents.
The global expansion of IoT devices from home automation to industrial sensors is leading to billions upon billions of new network end points. This new category of Internet enabled devices is creating an avalanche of data that needs to be converted into insights and hidden vulnerabilities/risks that must be identified and mitigated. Organizations big and small cannot avoid the confluence of IoT and their enterprise security resulting in mandatory investment into properly assessing and developing the risk and mitigation plans needed to protect the organization in the event of a breach.
Smart phones, smart homes, wearable devices, and the transportation industry, among many others are all part of the IoT and face similar threats posed by cyber criminals. In their “Technology Media and Telecommunications” predictions report, Deloitte estimates that there will be 1 billion new IoT devices in 2015, an increase of 60% from 2014.
Where wearable and home automation devices sell in the thousands to hundreds of thousands of units, industrial devices, such as smart meters, sell in the tens of millions to hundreds of millions. Hewlett-Packard’s security business unit, Fortify, studied the top 10 home IoT devices and found that 70% are vulnerable to hacking and 80% put users at risk of having their personal details intercepted.
CyberUnited’s Prepare and Recover Model
CyberUnited’s team of security experts challenge the traditional prepare and recover model offering:
As a IoT hardware manufacturer, distributor, reseller or provider, the pressures to address security concerns will continue to force organizations to think about security before, during and after products, solutions and services reach the market.
CyberUnited provides Web Application Security Assessment, Secure Programming, and Web Application Code Review.
Secure code is a foundational piece of any resilient IT network. As more software code “goes online” in the form of mobile and portable applications, secure code is more important than ever.
The most common security risks include Injection Flaws (such as SQL Injection), Cross-Site Scripting (XSS) vulnerabilities, broken authentication, session management, insecure direct object references, non-sanitized input, un-validated redirects and forwards, insecure cryptographic storage and PKI implementation, and insufficient transport layer protection.
CyberUnited’s team of security experts can offer the following services to assess your software and web applications for known vulnerabilities, as well as provide a thorough risk assessment:
- Web Application Vulnerability and Penetration Testing
- Threat Modeling and Attack Surface Analysis
- Web Application Code Review
- Web Application Programming
- Database Normalization
- Systems Development Life Cycle Review
- Managed Threat Intelligence and Response
- Digital Risk Assessment Services
About Social Engineering
The frequency and complexity of social engineering and advanced persistent threat attacks is increasing at a rate that is preventing common methods of content filtering, anti-virus, and anti-malware technologies from being an effective countermeasure. In fact, the only way to prevent compromise from social attacks is to provide employees with security awareness training, and subsequently measure the organization’s response to such attacks.
“Out of the Box” Tools and Frameworks Aren’t Enough
Don’t get comfortable because an off the shelf tool you ran gives you the green light. CyberUnited’s Social Engineering Assessment does not rely solely on automated tools to test your organizations’ response to social threats. Our labs craft custom complex threats, designed to be as effective as possible for your individual environment, and have a defined methodology for measuring response and effectiveness.
TESTING CAN INCLUDE
Phone-based Pretext Calling
Targeted Social Hacking
On-site Social Engineering
Validating that your staff are adhering to policies, that general security awareness exists, and that you are protected from SE attacks will reduce the exposure to your organization.
CyberUnited’s Security Global Threat Intelligence Center (gTIC) employs a team of researchers, analysts and engineers to provide you with actionable intelligence you can use to keep your network protected from the latest security threats.
The gTIC gathers information from a variety of internal and external sources to proactively identify, analyze, test and remediate suspected malicious activities. Our goal is to help your organization combat the latest threats and attacks more efficiently and provide guidance on the potential threats of tomorrow.
CyberUnited’s security mobility experts can help you ensure that your mobile applications are secure. Keep your company and customers secure against attacks.
According to a 2015 study conducted by the Ponemon Institute, 50 percent of organizations currently do not devote a budget toward mobile security, and 33 percent never test their mobile apps. This means an abundance of entry points to tap into business data via unsecured devices. When a customer uses an app to access your services over the internet, it is imperative to ensure security at both ends. Testing on web applications does not fully encompass all the vulnerabilities prone to mobile applications, such as client-side code running on mobile devices. Vulnerabilities in client side code can be just as serious as server-side vulnerabilities and can lead to users’ data being compromised. Additionally, mobile applications that send and receive sensitive information are tempting targets for man-in-the-middle (MITM) attacks where a correctly positioned attacker can view and manipulate traffic.
CyberUnited’s Mobile App Security Testing service provides a detailed security analysis of your phone or tablet based app. The testing service pushes the defenses of not only the app itself, but also the servers it interacts with. Our security professionals employ manual testing versus using a strictly automated approach.
The Mobile app and server testing includes:
- Decompilation of the installed app
- Searching for sensitive information hard-coded within the app
- Verifying the security of locally-stored credentials
- Checking that SSL certificates and signatures are properly validated
- Discovering insecure use of cryptography for transmitting data or for local storage
- Source code analysis (if appropriate)
- Checking that automatic updates do not provide a conduit for attackers to install arbitrary code
- Verifying all sensitive information is removed after uninstalling the app
- Looking for unintended transmission of data, such as the user’s phonebook when it is not required
The app testing service also includes testing of the web services used by the app. The following aspects are examined in detail to ensure that the backend servers do not expose customer data to other parties:
- Server configuration errors
- Loopholes in server code or scripts
- Advice on data that could have been exposed due to past errors
- Testing for known vulnerabilities
- Reducing the risk and enticement to attack
- Advice on fixes and future security plans
CyberUnited’s Mobile App Security Testing service ensures your company is compliant with PCI DSS v2.0 requirement 11.3 (penetration testing), as it includes both network and application layer testing.
This security service is aimed at preventing breaches by assessing, training and preparing our clients to avoid cybersecurity mistakes and oversights that can lead into costly breaches. We provide a base assessment and advisement package for clients with additional supporting materials such as newsletters and a cyber education portal. CyberUnited is able to aid in any step of the breach preparedness including security hardening, employee training, network and application penetration testing, and on-going threat intelligence. These can help to patch any existing holes in the current environment, as well as reveal any that may have gone unnoticed.
Have you scheduled your next breach? If only it was this easy. The reality is that breaches happen. It’s no longer a question of IF, but more of a analysis of the depth and length of time breaches have been occurring. If you have not identified a breach, you haven’t been looking hard enough. CyberUnited is able to aid in any step of breach/threat research and intelligence gathering, remediation, including security hardening and recovery.
Organizations without the sufficient staffing budget for a full-time information security team still need the essentials provided by this important function. Even well funded enterprises struggle to find the strong security and compliance talent that is rare, expensive, and difficult to hire. We streamline this process and bring it within reach. Our extensive global network of talent allows CyberUnited to scale according to our client demands.
In addition to our standalone and managed security services, CyberUnited provides a “Virtual Security Team” that makes our security engineers available to your company on demand — when you need them, just as if you budgeted, built, and hired your own team.
The Virtual Security Team can:
- Design and rollout a security program for your company.
- Fill critical “right now” security needs like technical architecture, configuration, and implementation of security devices.
- Remediate issues with your existing security strategy.
- Prepare you for an upcoming audit.
- Perform ongoing security assessment and penetration testing of key assets.
Analyze your organization’s operations and environment and develop plans to recover and continue operations after a catastrophic event shuts down part or all of your business.
CyberUnited will work with your organization to develop plans to enact when a major crisis or contingency occurs in order to minimize the risk to personnel and property.
Conducting analysis along the lines of threat identification, mitigation, preparation, response and recovery, CyberUnited can help protect what is important to your organization and minimize the interruption to business operations.
In order for your organization to meet strict and evolving compliance standards guidelines, CyberUnited’s IT security experts can assist you through several services ranging from log monitoring, firewall endpoint management, advanced persistent threat (APT) detection and prevention and cybersecurity awareness training. Done right, these combined solutions create an in-depth defense that helps to deter, detect and remediate your IT network.
For many merchants, a critical first step in the compliance process is to choose a Qualified Security Assessor in order to schedule their first Report on Compliance (ROC). An experienced assessor can readily understand your business and the payment solutions and technologies you use in order to provide a complete depiction of your cardholder data environment, and by extension, the risks that you need to manage.
External Network Penetration Testing
Our Network Penetration Testing methodology is designed to iteratively test the target environment, including the most general components (network routing gear, etc.) to the most specific. We are able to boast an incredible rate of compromise due to effective modeling of real-world attack scenarios. Our methodology can be applied to the largest, most complex environments down to the most simple, and anywhere in between.
Using a “most likely candidate” approach, we combine best of breed automated testing tools with proprietary correlation methods prior to executing manual attacks. This gives our engineers the most specific attack surface to focus on, allowing us to operate the most accurate, successful penetration testing practice in the industry.
Internal Network Penetration Testing
Internal threats comprise approximately 70% of the risk facing organizations today. Internal corporate LAN/WAN environments are structured to foster simple, easy communication between remote offices and disparate departments. As a result, layers of security between a malicious insider or attacker are frequently removed, increasing the risk of compromise dramatically.
Our internal network penetration testing services are network role-based and employee role-based. By identifying the targeted “golden egg” data, and then attempting to access it from various areas of the network, or various levels restricted user accounts, we can draw a complete map of where security controls are succeeding or failing.
New malware has increased from an estimated six million new pieces of malware in 2007 to an estimated 17.8 million in 2011 – a 300% increase. Advanced Persistent Threat attacks and social engineering pose new risks to the enterprise. Attacks are no longer anonymous in nature – your users are being targeted specifically to garner access to your corporate intellectual property.
This is especially relevant when discussing Information Security where even a small breach can cause consequences and ongoing repercussions, including lost revenues, damaged brand image, and civil penalties. Just like going to the Doctor for a check-up, it is vital to continually tune the security of your corporate ecosystem for optimum performance and security effectiveness. This is what our Managed Security Assessment enables.
CyberUnited’s Managed Security Assessment (MSA) is a program that provides quarterly security testing of your networks and applications, by real security engineers, not just scanners. Some of the benefits of the MSA include:
Regularly scheduled security posture assessments of your environment.
A better understanding of your security infrastructure
Visibility into the vulnerabilities in your current applications and networks.
A way to vet new applications and networks before putting them into a production environment.
Access to expert security and industry professionals on an ad-hoc basis.
Charting of the improvement in security over time.
Unbiased, third-party assessments that can be used to communicate strategy to other senior executives. The basic managed security assessment program includes quarterly testing of four Class C networks and one web application. Enrollment in the managed penetration testing service will enable you to:
See the results from testing in real-time, as tests complete.
Chart progress over the course of each fiscal quarter, iteratively measuring and improving your security posture.
Add networks and applications, or change scope at the click of a button.
Access your dedicated security engineer for expert support on identified vulnerabilities, remediation techniques.
CyberUnited along with its Partners house some of the brightest names and thought leaders in penetration testing and security assessment. We are highly experienced and trained in the latest tools and techniques commonly used to by malicious attackers to compromise networks and systems in order to obtain access to confidential data and critical resources.
Employee awareness is an important part of a holistic incident response procedure. CYBERUNITED LIFARS can help to train employees on how to handle ad respond to any suspected incident. This will help to preserve evidence, or prevent an escalation of an incident. Proper response by employees will greatly speed up investigations and reduce its spread.
CyberUnited is a cybercrime incident response firm. Our team has conducted hundreds of incident response investigations, including analysis of advanced malware engineered by sophisticated state-sponsored attackers. Our digital forensics lab and client-centric team offers a tailored solution for your digital forensic requirements. We collect, analyze, share tactical information, and find indicators of compromise.
Listed below are some of the most common forensic investigation scenarios:
Hacking incident in which malware ex-filtrates corporate data to attackers systems.
Some of today’s most common threats include phishing email and SMS tactics, stolen credentials, brute force penetration, web site exploitation via Cross Site Scripting or SQL injections, and basic remote exploitation. Attacks are quick, efficient, and often leave a limited digital footprint.
We can ensure the availability and authenticity of data and information for law enforcement investigation. This process establishes a chain of custody and guarantees proper crime scene processing. Many companies take these preservation measures whenever a high-ranking executive or employee with advanced intellectual property knowledge leaves the organization.
Virus or Trojan malware analysis.
Forensic artifacts can be lost simply by IT personnel cleaning compromised machines. Just because a virus of Trojan was detected does not mean that it was not successfully running undetected and ex-filtrating data. LIFARS can provide full static and dynamic malware analysis, including sandbox analysis.
Advanced Persistent Threats (APTs) are the most common vector of malware infections. Attacks are highly customized towards financial digital elements of today’s businesses. This threat exploits weaknesses in humans and technology. The biggest institutions and governments have been hacked, and took them longer time to detect it.
The malicious insider.
These enemies behind the gate are much harder to control and track, since they are using assigned privileges and roles to obtain information and ex-filtrate them, but with our unique skillset we’re able to track and quarantine the threat.
Digital forensics can address Intellectual Property Theft, Patent Infringement, Ponzi Schemes, Patent and Trademark Disputes, Embezzlement, Broker/Dealer Disputes, Insider Trading, M&A Conflicts, Theft of Trade Secrets, Contract or Business Disputes, Regulatory Actions, Money Laundering, Cyber harassment, Database Compromise, Mobile and Cloud Forensic matters, Social Networks Incidents, E-Forgeries, payment fraud, account takeover, identity theft, general cybercrime investigations or Litigation support for Electronically Stored Information (ESI).
A Data Breach Test is an important new cyber intelligence assessment that every company needs to start practicing. Proactive offense, instead of a reactive defense will raise your cybersecurity maturity level. CyberUnited will make expert recommendations for your entire complex network to render it more breach-resistant.
Data Breach Test is a new cyber intelligence exercise skill set for many enterprises. Generally, data breach defense mechanisms are not tested and remain mostly isolated to some key tenants or departments. Ensuring that strategic components are addressed can be a daunting task. Information flow among public relations, technical teams, forensic investigators, operational members, compliance and legal departments, or executive management is usually not well coordinated at best, and disastrous at worst. Panic spreads. Unnecessary mistakes are made.
Data Breach Remediation is a crucial component following an incident. It often requires security architecture implementation, learning and reviewing secure code practices, cyberthreat intelligence modeling, and organizing layers of protections. Ongoing incident preparation involving “Kill Chain” and “Kill Switch” is an important step to keep attackers out of your system. Without deemphasizing prevention, focus should be on better and faster detection through blend of people, processes, and technology.
Evolving enemies understand the attack lifecycle. Malware in phishing emails, POS smash-and-grab, Assured Penetrating Technique, command and controls channels, RAM scrapers, rootkits, Remote Admin Tools (RAT) are very common exploitations and connection vectors. These threat actors construct backdoors that could be used if the “Kill Chain” and “Kill Switch” are not thoroughly thought out. During the remediation process, consulting teams are likely to encounter major hurdles and roadblocks. One of the biggest hurdles is being able to collect and analyze the right data sets in a timely manner. CyberUnited has the right talent and experts in place to analyze and understand the correlated data to scope threats.
What was probable yesterday can easily become the reality tomorrow. You do not want your company making the headlines because of a cyber-breach. Your security practices could be questioned, and current cybersecurity posture revealed.
The food and beverage industry is second only to retail when it comes to cybersecurity breaches. According to the Trustwave Global Security Report 2014, 35 percent of breaches came from the retail industry while 18 percent came from the food and beverage industry.
CyberUnited offers a variety of incident prevention and response services that reduce the enterprise’s exposure to cyber threats.
Safety, reliability, resilience. Securing critical industrial infrastructures requires hard-earned domain expertise. From the management, generation, transmission, and distribution of bulk electrical power to securing manufacturing floors or a supply chain, we maintain a deep bench of field-assessment experience you can count on.
According to the Trustwave Global Security Report 2014, retail is the most targeted industry by cyber criminals with eCommerce being the most common attack vector, accounting for 54 percent of the investigative breaches. As we have learned from the recent cyber attacks on the retail sector, preparation is key to minimizing the amount of damage an attack may have.
CyberUnited can help to ensure that a company is ready for a breach by having a high level of cyber security maturity. This ensures that all methods and procedures are up to standards and are well maintained. It can also help to identify weak spots in the cyber security infrastructure.