Military/Defense Contractors

Web app penetration testing is laser-focused on helping partners secure their customers’ Internet-facing web applications.  Cyberstone will evaluate the implementation of security controls for web applications by simulating real-world attacks.

The exploitation phase of web application penetration testing differs from internal/external penetration testing.  Cyberstone will specifically attempt the following methods of exploitation: SQL injection, cross-site scripting, user context switching, directory traversal, and cookie handling.

Cyberstone uses the Open Web Application Security Project (OWASP) Top Ten framework as a guide to all of our web application penetration tests.  OWASP is an open community meaning it receives input from small and large organizations in just about every vertical market.  The community’s goal is to help organizations develop and maintain web applications that can be trusted. The current Top Ten vulnerabilities facing web applications are:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards

Because Cyberstone cares about keeping your customers safe, we’ll work with them to ensure that a risk mitigation plan is in place prior to any testing efforts.

Our structured approach follows the steps below.

Planning

Defining the scope, rules of engagement, scheduling, communication planning, and acceptance criteria.

Discovery

Information gathering that will be used for the attack. Potential targets, vulnerabilities, and exploits are identified. Discovered assets are compared against known vulnerability databases to aid in penetration testing efforts.

Attack

Exploitation of targets based on discovered information.  We’ll use a combination of manual and automated techniques, scripts, and toolkits to circumvent security controls.

Reporting

Documentation of successful exploits and their corresponding vulnerabilities and assets.

After web application penetration testing is complete, a Cyberstone security engineer will consult with your customer on application security.  Consulting will cover how to best secure sensitive data on the web application backend database.

Cyberstone’s web application penetration testing service will help you customers comply with the following regulations:

• PCI Requirement 11.3.1

• New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)

• Gramm-Leach-Bliley Act §501(b)

• Federal Trade Commission 16 CFR Part 314

Vulnerability assessments play a critical role in an organization’s ability to defend against security threats.  They also help grade the effectiveness of technical controls already in place.

Not all vulnerabilities should be treated the same.  Some will need to be addressed immediately while others may be addressed at a later date.  Our reporting will give your customer an actionable roadmap for remediation.  While other security companies simply run a tool and provide a 400-page report, we spend time ensuring that the results are concise, actionable, and without noise.

Cyberstone will look for areas of weaknesses such as missing patches, outdated firmware, unnecessary open shares, default passwords, incorrect permissions, and rogue devices.  We then provide your customer with a prioritized “fix first” remediation report and step them through what needs to be done to close gaps in their defenses.

We follow the globally-recognized NIST SP-800 115 standard when performing vulnerability assessments.

Cyberstone’s vulnerability assessment services will help your customers comply with the following regulations.

• PCI Requirement 11.2.1 & 11.2.2​

• New York State DFS 23 NYCRR 500 §500.05(a)(2)

• Gramm-Leach-Bliley Act §501(b)

• Federal Trade Commission 16 CFR Part 314

Cyberstone is adamant about doing security the right way.  We find that organizations are quick to spend money on firewalls, endpoint protection, and other “common” controls.  They then try to wrap policy around their technology purchases.  Finally, they reach out to a security provider to grade their work.  This has to be reversed.

To best secure your clients,  a holistic assessment should come before written policy and expenditures on technical controls.

In our security assessments, we’ll ask your customer what gets them up every morning, what their corporate vision is, and what their 5-year and 10-year plans are.  From this basic understand of their goals and objectives, we’ll be in a suitable position to discuss their unique risks and vulnerabilities.

Security assessments are fitting for organizations where one or more of the following is true:

• There was a recent breach and prevention of a future one is critical.

• There is a looming audit and stakeholders can’t sleep at night.

• Company leadership is concerned about keeping the lights on from a cybersecurity best-practices perspective.

As part of the assessment, Cyberstone will interview key personnel, catalog existing security policies, procedures, and controls, and examine information technology assets.  By following the NIST SP800-115 guideline for information security assessments, Cyberstone will effectively uncover organizational and regulatory gaps.

Cyberstone’s reporting will provide your customer with a roadmap for adhering to industry best practices around cybersecurity.  After the assessment, your customer will have a better handle on the effectiveness of existing information security investments.  They’ll know where their money is being well-spent and where they may need to pivot.

Most of our security assessments uncover severely lacking or outdated written information security policy.  After an assessment closeout meeting, we can help your customer in this area as well.

Risk assessments are at the heart of every healthy cybersecurity program.  They uncover the unique risks facing an organization and tie them to a custom-built risk-reduction roadmap.  Risk assessments address what to do to minimize the impact of:

• natural disasters

• technology failures

• ransomware or other malware outbreaks

• sudden loss of key employees

• myriad other potential events or disasters

Cyberstone’s risk assessments provide a comprehensive evaluation of your customers’ information security risks, a mitigation strategy for the identified risks, and a foundation for the risk management process. The risk assessment service is based on the globally-recognized NIST SP800-30 Guide for Conducting Risk Assessments.

Our security engineers will review the information systems and processes of your customer’s business to determine areas of risk including their likelihood and impact.

The risk assessment service is conducted in a highly-structured manner involving the steps below.

1. System Characterization

2. Threat Identification

3. Vulnerability Identification

4. Control Analysis

5. Likelihood Determination

6. Impact Analysis

7. Risk Determination

8. Control Recommendations

9. Results Documentation

The output of the risk assessment is a document that includes risk statements with scored priorities and recommendations for safeguardswhere appropriate.  This document will serve as a security plan for initiatives in the coming year and beyond.

Cyberstone’s risk assessment service will bring your customers closer to complying with the following regulations.

• PCI Requirement 12.2

• HIPAA §164.308(a)(1)(ii) (A)

• New York State Department of Financial Services 23 NYCRR 500 §500.09

• Gramm-Leach-Bliley Act §501(b)

  • Federal Trade Commission 16 CFR Part 314 §314.4

Information security policies provide organizations with clarity and standardization. They govern how security controls are installed and configured and also tell employees what  behaviors are expected and acceptable while interfacing with information systems.

Policies are not static.  Over time, corporate objectives may change, company cultures may change, and technology absolutely changes. As such, policy review should be a regular component of all cybersecurity programs.

We help organizations write comprehensive policies to address today’s unique cybersecurity challenges such as bring-your-own-device (BYOD) and the movement of workflows to the cloud.

Cyberstone will:

• Research and analyze the organization to determine policy priority and gaps in the organization’s policy library.

• Create new or modify existing policies.

• Document and deposit new policy in the organization’s policy library.

• Publish new policy to the impacted employees of the organization.

Frequently-requested policies:

• Governing Policy

• Password Policy

• Physical Security

• Backup Policy

• Vulnerability Mgmt

• Acceptable Use

• Incident Response

• Access Control

• Remote Access

• Third-Party Vendor Mgmt

With trillions of dollars in assets continually moving across complex infrastructures and around the world, it is no wonder that the financial services industry has long represented the holy grail for today’s most sophisticated cyber-criminals. And while the companies therein have responded by investing in high maturity security systems, these systems are predicated on an approach to cyber defense that has been antiquated by fundamental shifts in the nature of the cyber-attack.

One such shift is the rise of insider threats, which now account for 74% of business cyber security incidents. Because legacy security tools generally look outward to spot potential attacks, they miss these insider threats that imperil today’s financial institutions. Malicious employees have the advantage of familiarity with the networks and information they manipulate, and their credentials allow them to exfiltrate the most sensitive such information without raising red flags. Moreover, even well-intentioned employees present major security risks thanks to the emergence of personalized spear phishing emails, which trick victims into infecting their networks with malware by posing as friends and colleagues.

Another critical development in the cyber threat landscape has been the dramatic increase in the speed of such threats: modern strains of ransomware, for instance, can encrypt a network in under 30 seconds. As a result, even security tools that manage to alert incident responders to potential dangers are no longer sufficient. The reality is that these responders cannot counter machine speed threats on their own, and regardless, they are often flooded with hundreds or thousands of alerts — far too many to investigate before it’s too late.

Darktrace is the next generation of cyber defense, proven capable of identifying and autonomously responding to subtle attacks that bypass all other security tools. Deployed by many of the largest financial institutions in the world, Darktrace’s AI technology gives industry leaders unprecedented visibility into all their digital activity, as well as the unparalleled ability to detect and contain fast-acting threats in seconds. With Darktrace, security teams are afforded the critical time and knowledge they need to protect the world’s financial assets.

The media and entertainment industry faces a fundamental challenge in the Digital Age: monopolizing content and services at a time when information flows more freely than ever before. This challenge is nowhere greater than in the case of cyber-crime, which threatens the intellectual property at the heart of the industry’s business model.

Such intellectual property is essential for media companies in particular, which spend enormous resources to create films and television shows that they must then defend from threat actors across the world. Yet modern consumers expect media that is highly digitized, with content readily available on multiple platforms — an expectation that is difficult to reconcile with the ideal of data security. In an age of advanced cyber-threat, media and entertainment companies must balance availability and exclusivity to avoid damaging leaks that could severely harm their reputations.

For entertainment companies, the imperative of protecting IP is accompanied by the need to defend sensitive customer data and lucrative digital operations. Online poker sites, for instance, house thousands of users’ credit card numbers, while a ransomware attack that shuts down its services can cost millions in lost revenue. Beyond their direct financial ramifications, security breaches can inflict lasting damage to a company’s brand name.

Many of the world’s leading media and entertainment companies have turned to Darktrace to protect against today’s sophisticated threats. Darktrace’s Enterprise Immune System technology enables these organizations to detect and defend against cyber threats in real time, protecting their key assets and foundational intellectual property with AI that learns on the job. Darktrace also provides total network visibility, affording its users an unprecedented awareness of all the routes that a potential threat could take. With Darktrace’s AI, media and entertainment companies can effectively safeguard their valuable intellectual property while remaining dynamic and innovative.

The media and entertainment industry faces a fundamental challenge in the Digital Age: monopolizing content and services at a time when information flows more freely than ever before. This challenge is nowhere greater than in the case of cyber-crime, which threatens the intellectual property at the heart of the industry’s business model.

Such intellectual property is essential for media companies in particular, which spend enormous resources to create films and television shows that they must then defend from threat actors across the world. Yet modern consumers expect media that is highly digitized, with content readily available on multiple platforms — an expectation that is difficult to reconcile with the ideal of data security. In an age of advanced cyber-threat, media and entertainment companies must balance availability and exclusivity to avoid damaging leaks that could severely harm their reputations.

For entertainment companies, the imperative of protecting IP is accompanied by the need to defend sensitive customer data and lucrative digital operations. Online poker sites, for instance, house thousands of users’ credit card numbers, while a ransomware attack that shuts down its services can cost millions in lost revenue. Beyond their direct financial ramifications, security breaches can inflict lasting damage to a company’s brand name.

Many of the world’s leading media and entertainment companies have turned to Darktrace to protect against today’s sophisticated threats. Darktrace’s Enterprise Immune System technology enables these organizations to detect and defend against cyber threats in real time, protecting their key assets and foundational intellectual property with AI that learns on the job. Darktrace also provides total network visibility, affording its users an unprecedented awareness of all the routes that a potential threat could take. With Darktrace’s AI, media and entertainment companies can effectively safeguard their valuable intellectual property while remaining dynamic and innovative.

The retail sector was the number one cyber-attack target among all industries in 2017. In just the past few years, industry giants from Target to Neiman Marcus have seen their reputations diminished by massive leaks of personally identifiable information, each of which affected tens of millions of customers. These companies themselves face lasting repercussions beyond just reputational damage: Home Depot’s breach, for instance, will likely cost the company $179 million once all its lawsuits finalize.

There are more than half a trillion cashless transactions every year, while e-commerce sales alone are projected to reach roughly $5 trillion by 2021: a virtual treasure trove for cyber-criminals to plunder. Given the hyper-competitive nature of the retail space, companies are vying with one another to maximize ease-of-purchase, a concern that is difficult to balance with the need for robust cyber security.

The industry is also lucrative prey for online threat actors due to the ease with which they can monetize retailers’ assets, which include mountains of credit card numbers and personal information that can all be rapidly sold on the Dark Web for profit. E-commerce sites also directly transfer virtual funds, while many of the security tools protecting these transfers remain susceptible to innovative malware that such tools aren’t programmed to detect.

If anything can be gleaned from the barrage of attacks bombarding retailers globally, it is that these companies must fundamentally shift their approach to cyber defense. Several leading retailers have already spearheaded this shift, entrusting Darktrace’s cyber AI to protect their network from never-before-seen threats, while relying on Darktrace Antigena to autonomously respond to those threats with machine speed.

Cyber-attacks targeting technology and telecommunications firms represent the most significant threat to their sensitive customer data and invaluable intellectual property. When successful, such attacks cost these firms dearly, not only in terms of immediate loss of revenue but also in the form of subsequent reputational damage.

Technology firms that provide digital services or house vast quantities of user information are particularly at risk, as demonstrated in the Uber breach that exposed the personal information of more than 25 million users. Regulations around personal data, such as GDPR, increasingly require technology firms to adopt a robust cyber defense strategy that can detect cyber-threats at an early stage.

Cyber-attacks aimed at technology firms with lucrative IP have also become a fact of life in the Information Age. Often perpetrated by nation-state actors with advanced capabilities, these attacks are now remarkably subtle and stealthy, with some of the latest examples beginning to incorporate AI elements. For tech companies that rely on IP to maintain their competitive edge, these subtle and AI-powered threats have rendered static security systems no longer a viable option as a last line of defense.

The world’s most inventive companies are paving the way for a safer and smarter future, but that future is seriously imperiled by the modern cyber-threat, which legacy tools are ill-equipped to counteract. These innovators must therefore be willing to adopt equally innovative cyber security solutions, most obviously for the sake of their reputations and their bottom lines, but not least for their customers around the globe who increasingly entrust them with their livelihoods.

Protecting increasingly interconnected critical infrastructure from new cyber threats is a significant challenge faced by the transportation sector. Damage to critical infrastructure has the potential to cause major knock-on effects for business reputation and customer satisfaction. Striking the balance between functionality and security is of vital importance for transportation companies as they provide critical services.

Cyber-attackers may target transportation companies not only to gain access to customer databases or other confidential data that may be monetized, but also to deliberately disrupt critical services, whether for political or ideological reasons. By interrupting the operational technologies managing transport infrastructures, cyber-threats can irreparably damage company reputations and pose a real threat to passenger safety.

Darktrace works with some of the world’s leading transportation companies, from airport groups to train companies, to provide defense against some of the most difficult and subtle threats within their networks.

The unique ability of Darktrace’s Enterprise Immune System to learn the normal behavior of each user, device and network, enables it to spot deviations from the norm and calculate the probability that those deviations represent genuine problems that require investigation. Darktrace detects threats as they emerge, providing total network visibility and ensuring that critical infrastructure can function reliably and safely, without interruption.

Cyber security is today an unavoidable concern for law firms and the legal sector at large, which oversees disproportionately large volumes of sensitive data and which is therefore an attractive target for sophisticated threat actors. From confidential information about mergers and acquisitions to disclosures made under attorney-client privilege, today’s law firms are inundated with data that would be disastrous if leaked, both for the results of individual cases and for these firm’s long-term reputations.

Indeed, this reputational damage diminishes the very trust upon which the legal profession is predicated, jeopardizing client relationships and hindering customer acquisition. Legal organizations lose 5% of their clients following a data breach, while significant or high-profile breaches can even prompt a firm’s eventual collapse, as was the case for Mossack Fonseca in the infamous Panama Papers breach.

In today’s increasingly digital business world, even the most private legal documents are now regularly revised online, transferred over email, and stored in the cloud. This shift creates an urgent need for cyber defenses that can safeguard these files across complex and hybrid infrastructures. Yet most law firms are relatively small, many do not employ large security teams, and few have adequately prepared themselves for the stealthy behavior and machine speed of modern cyber-attacks.

Many law firms across the world — including Magic Circle and Am Law 100 firms — have deployed Darktrace to pre-empt emerging threats before it’s too late. Darktrace’s world-leading cyber AI security has allowed these firms to demonstrate a serious cyber security strategy, one in line with client expectations, and to increase confidence in their defenses against both insider and external threats.

Governments and the defense sector face some of the most pernicious cyber-attackers, including state-sponsored ones. The stakes are high and governments are continually confronted with new, unseen threat methodologies that change quickly, move subtly, and are very difficult to detect.

Despite the best perimeter defenses, advanced attackers continue to challenge this sector, while insider threats that evade such perimeter protections are particularly devastating. As the Edward Snowden case proved, insiders render even the world’s most well-defended organizations vulnerable to attack, since legacy tools can rarely detect the malicious behavior of credentialed users. Indeed, non-malicious, legitimate network users also introduce risk, thanks to the increasing prevalence of targeted spear phishing campaigns that seek to trick employees into infecting their networks.

Darktrace works with governments and the defense sector to deliver the best-in-class, most resilient defense against today’s attackers and tomorrow’s threats. It assists governments in achieving oversight and visibility of their myriad networks and users, and it increases their confidence in being able to catch in-progress threats before they do damage.

With our unique heritage in government intelligence – our experts have decades of experience in cyber defense for national security, working in high-risk environments in the US, Canada and the UK – Darktrace is uniquely placed to help protect critical assets and national infrastructures. Darktrace fights back with the same level of sophistication and speed as the adversary, whoever or whatever they are.

With the digitization of healthcare records and medical processes, and the premium that is paid on the dark web for medical records, the healthcare industry is increasingly becoming an attractive target for cyber-attackers across the world. Indeed, the healthcare industry faced no less than 142 known security breaches in Q2 of 2018 alone, which represents a significant increase from past quarters.

The healthcare sector has, in particular, experienced a rising number of ransomware attacks, in which cyber-criminals encrypt a network’s data and hold it hostage. These criminals consider such healthcare organizations low-hanging fruit for such attacks, as many lack the high maturity defenses to protect themselves effectively.

For pharmaceutical companies, cyber-attacks threaten the intellectual property at the very heart of their businesses, since their multibillion-dollar research is often guarded only by legacy security tools that become more antiquated each day. As these tools remain fixed in their understanding of what constitutes suspicious behavior, cyber-criminals are circumventing them by perpetually creating more and more innovative attacks.

Darktrace’s Enterprise Immune System offers the industry the means to stay ahead of emerging threats that jeopardize the entire sector. We work with hospitals and healthcare providers to deliver real-time awareness and visibility of all digital interactions, and our solution automatically flags emerging behaviors that require investigation. In addition to the Enterprise Immune System’s real-team alerting, Darktrace Antigena can autonomously contain attacks like ransomware in seconds — before they do irrevocable harm.

Manufacturing companies face significant challenges in an age of increasing digitization, where corporate IT networks are coming to share more functions with traditional operational technologies. Protecting IT and OT environments, as well as ensuring that the supply chain is secure, means that manufacturing companies face cyber-threats from multiple angles.

Manufacturers depend on availability and reliability – machinery must be available to operate, and trusted to deliver. An undetected cyber attack could undermine the production process and cause substantial damage to finances and reputation. Insider threat poses a significant problem too – insiders could be well-placed to access critical systems to deliberately disrupt vital services, but also inadvertent mistakes could allow cyber-attackers to access operational technologies by using the corporate network as a through route. Manufacturing executives are increasingly aware of the greater risk of cyber-attack, and are taking steps to improve on existing security practises.

By working with leading manufacturing companies around the world, Darktrace is helping to defend against cyber-attacks and ensure organizations can operate without disruption. Darktrace’s self-learning technology is uniquely capable of learning a ‘pattern of life’ across both corporate IT networks and operational technologies, enabling it to detect anomalous activity in real time. Darktrace also provides total network visibility, aiding the investigative ability of security teams and providing boardroom executives with greater business oversight.