While mobile, cloud and virtualization technologies have led to enhanced productivity it has also led to an array of new attack vectors for a wide variety of malicious and non-malicious actors. Our comprehensive approach to cyber security looks at the whole of your system and takes into account how your users access and use data. We design solutions to achieve resiliency by minimizing risk and maximizing technology investments. Solutions can be installed and run on premise, via the cloud or in a hybrid model.
Commercial Solutions for Classified (CSfC) – create a solution that leverages clearly defined and approved approaches to support specific U.S. government security requirements.
Network and Endpoint Defense – protect data by separating trusted and untrusted networks and strengthening external borders against unauthorized access and attack.
Threat Visibility – provide visibility into traffic traversing the network to obtain a baseline of normal traffic flows and, from that baseline, be able to detect misconfigured devices and malicious attacks.
Remediation and Response – the possibility of malicious attacks entering the network will always exist. It is critical to have the security tools in place before attacks happen to speed response time.
Data Protection – protecting your most valuable asset – data – with visibility into who is accessing it, how and when.
Policy Enforcement/Risk Management Framework – develop, automate and enforce authentication and authorization policies to control system and application access.
Cloud Security – meet compliance requirements and apply technical solutions that provide frameworks that can be used to ensure cloud solutions are secured.
Programmability (Orchestration + Automation) – you may use 50 or more tools to do your job. Combine the functionality of similar products, create dashboards and enable a single action to be implemented across multiple products.
Iron Bow in Action
Understanding Threats for Better Planning
Threat visibility is part of a Continuous Diagnostics and Mitigation (CDM) approach to security. Being able to see what threats are hitting your network allows for more effective security and budget planning. In one case, an Iron Bow client began using a threat visibility tool and immediately saw probes from foreign countries and traffic from the client network going to those countries. This visibility provided two critical functions. First, it was a graphical method of easily seeing when a breach has occurred. Second, it provided clear justification for further investment into the security budget. In this case, the attacks were unsuccessful, but the client learned they were being attacked on regular basis from places they never imagined. Examination over time brought to light a data exfiltration problem. It was not malicious but instead was tied to a user that was trying to make sure that the data they used was preserved by archiving records to an unapproved storage device. The user did not realize the security ramifications if this device was compromised. User education closed that vector. While that attack was really a non-issue, having the visibility into the threats coming at the network day in and day out, the IT team was able to better justify ongoing security investments.
Planning for the Worst
Remediation and response technologies and plans must be in place before an incident compromises data. Planning for the worst minimizes impact and speeds resolution. For example, a recent ransomware attack was identified and stopped using the tools in place. The organization could see that files on local computers and on file shares were being encrypted, but could not make sense of why those files were being targeted. Based on the traffic, the attackers were using an account that had full read write access as well as laptop and Active Directory rights. The organization was able to cut off a branch organization that appeared to be the source and at the same time limit write access for all users to stop the flow until the root cause was identified. Next Gen IPS was used to show where traffic was exfiltrated and look for matching signatures. Netflow-based tools provided visibility into all flows traversing the network and quickly identified the malicious flows. Anti-malware agents identified any files that were known malicious and quarantined them helping identify possible source computers. Once the initial computer and attack was identified, they implemented remediation for all machines that addressed the current attack as well as all machines to prevent any future attacks.
You Don’t Know What You Don’t Know
Most organizations have well-defined security practices that have been in place for years without a major incident. This does not mean they are completely secure. Our vulnerability assessments take a deeper look at network traffic to discover unknown anomalies that may not impact performance or security today, but pose a threat nonetheless. In one case, we discovered, through a combination of raw data and user interviews, a client was open to malicious actors via several well-known and well-used workarounds. The weakness had not been targeted yet, but posed a huge risk. Iron Bow provided a detailed network vulnerability assessment and was able to lay out a prioritized plan for increasing the client security posture that dramatically shrunk the potential attack vectors, increased visibility and stayed within the client budget.
In-depth knowledge on the latest attack methods and how to defend against them.
Customized cyber security reference architectures to meet domain and environment-specific needs.
Laser-focused on developing solutions that reduce risk and enable mission and business success.