Cyber Security

Specializations

Cyber Range Event Execution.

The government has access to a multitude of cyber ranges such as the DoD National Cyber Range Complex (NCRC). To maximize the benefit of using these cyber ranges, we offer optimized services to plan, execute, monitor, and report on various types of cyber range events, including:

  • Architecture evaluation
  • Product evaluation
  • Simulation
  • OT&E
  • Penetration Testing
  • R&D
  • Training
  • Compliance
  • Malware analysis
  • Mission rehearsing, exercises
  • Demonstration

We have codified how we maximize the use of cyber ranges in the methodology.

PRACTICEc-r

Key features of our cyber-range execution service include:

  • Thoroughness and high quality in overall management of the events, including planning, coordinating, monitoring, and capturing of results
  • Use of ITSM and other tools/automation to reduce manual work and increase visibility
  • Predefined run books for various event types
  • Analytics to generate traffic and evaluate results
  • Integrated knowledge management – across teams, events, and workflows – before, during and after the event
  • Integrated threat intelligence as part of the planning and execution
  • Improved roles and responsibilities, work allocations, and organizational structures

Cyber Analytics.

Analytics are playing an increasingly greater role in cyber defensive functions. As part of our Analytics Development capability, we provide the following expertise in the cyber-domain:

  • Machine Learning for Network Protection:
    • Regression to model network packet parameters and identify normal vs. outliers
    • Classification (with or without temporality) to identify different types of network attacks such as scanning and spoofing
    • Clustering for identifying abnormalities for intrusion detection
  • Using rule extraction for understanding traffic patterns and performing intrusion detection
  • Encrypted traffic analysis/classification using deep learning
  • Analysis of data collected by IDS
  • DNS traffic analysis
  • Machine Learning for Application Security:
    • Regression to detect anomalies in HTTP requests, such as XXE and SSRF attacks and auth bypass, for example
    • Classification to detect known types of attacks like injections (SQLi, XSS, RCE, etc.)
    • Clustering user activity to detect DDOS attacks and mass exploitation
    • Adaptively detecting malicious queries in web attacks
    • Classification of malicious scripts (JavaScript and VBScript)
    • Malicious URL detection
  • Machine learning for User Behavior:
    • Regression to detect anomalies in user actions, such as logins at unusual times
    • Classification to group different users for peer-group analysis
    • Clustering to separate groups of users and detect outliers
  • Machine Learning for Process Behavior:
    • Regression to predict the next user action and detect outliers
    • Classification to detect known types of fraud
    • Clustering to compare business processes and detect outliers
    • Time series analysis of time spent in processes to detect outliers
  • Machine Learning for Endpoint Protection:
    • Regression to predict the next system call for executable process and compare it with current actual ones
    • Classification to divide “attack” programs into categories such as malware, spyware, and ransomware, each with a different resolution
    • Clustering for malware protection on secure email gateways, such as to separate legal file attachments from outliers, for example.
    • Eliminating experimental bias in malware classification across space and time

IT Asset Management for Cyber Security.

IT Asset Management (ITAM) focusses on the identification of IT devices such as hardware devices, software, and software licenses, and ensuring that their configurations are compliant and authorized. ITAM is related to Configuration Management and Change Management disciplines. ITAM has been recently associated with IT Managed Services (e.g., Desktop-as-a-Service), and with ITSM/ITIL more generally.

Recently, there are three trends which are shifting the focus of ITAM’s

  • [ZTA] Zero Trust Architecture (ZTA) and Data Centric Architecture – which requires real-time, accurate details on all devices (logical, or physical) throughout the environment so that appropriate authorization (access) decisions can be made
  • [CONMON] RMF’s A&A process and Continuous Monitoring – which requires near real-time details on the environment to support threat assessment and vulnerability identification
  • [SECMGMT] Security management maturation/expansion – which required asset information to support incident management, vulnerability assessments and patch management

 We provide expertise in the entire ITAM lifecycle.

Supply Chain Security.

Supply chain (SC) security (or supply chain risk management [SCRM]) is the part of supply chain management that focuses on the risk management of elements of the supply chain, across the various participants such as manufacturers, developers, integrators, suppliers, vendors, logisticians, and shippers. Operations (and related functions) is typically considered outside the scope of the supply chain.

Supply chain security involves both 1) physical security relating to products, and 2) cybersecurity for hardware, firmware, software, data, and services.

We provide expertise securing the entire supply chain.