We are dedicated to developing security solutions specifically tailored to the customer’s business objectives, resources, and overall mission. Our methodologies have been developed over the last decade as the founding partners secured some of the Nations most sensitive systems. We foster an environment that demands exceptional integrity and challenges industry dogma. We deliver solutions that provide lasting value and will adapt and evolve with changing threats.
Attack Surface Management
Internet-facing assets are a significant source of risk for organizations of any size. These assets, including on-premise servers, cloud storage, third-party applications, B2B integrations, APIs, and subsidiary-owned assets, collectively make up an organization's attack surface. Effective Attack Surface Management (ASM) and risk reduction requires continuous information gathering (domains, subdomains, web applications, web services, APIs, etc.) data validation, and analysis. BLS analysts combine all 3 functions to create our ASM service offering. Our analysts employ BLS tools and utilities to identify, enumerate, and test externally facing assets. Verification and validation testing for each vulnerability discovered reduces the incidence of false positives and provides for a more accurate determination of attack surface risk. Based on the risk analysis, the BLS team prioritizes vulnerable assets for triage and remediation and validates any fixes deployed.Learn More
For many organizations out there, the first time they get to see whether or not those expensive network security appliances or endpoint solutions work as promised is when they are under direct attack from a real-world adversary; much the same can be said for the incident handling process itself. No matter how good our gear is we never want to field our teams and play for the championship without having practiced our playbooks 100s of times before! Information Security Programs should be approached in exactly the same way. We need to give our defenders multiple if not continuous opportunities to implement and execute the defensive playbook. This is the BLS “Attack to Defend” mindset. That is, the fundamental objective of a Red Team Engagement or Penetration test is to provide for a better defense. We exist for the explicit purpose of improving and empowering network defenders, protecting the organization, and reducing overall risk.
Types of Testing:
- External Network Penetration Testing
- Internal (On-Site) Network Penetration Testing
- Wireless Penetration Testing
- Web Application Penetration Testing
- Red Teaming
Organizations today have deployed numerous technologies to handle near constant communication and to support day-to-day operation of the business. Businesses within virtually every market vertical have deployed IT systems to handle their most sensitive assets, infrastructure, and resources. Although these changes have resulted in unprecedented gains in productivity, they also provide new and exciting opportunities for the attacker. Wireless, Web-enabled, Mobile, and VOIP technologies have all added to the “attack surface” that is exposed by an organization. BLS offers a suite of Cybersecurity assessments to help organizations identify vulnerabilities, develop mitigation strategies, and better manage overall risk.
Types of Assessments:
- Attack Surface Management
- Risk Assessment
- Vulnerability Assessment
- Web Application Assessment
- Wireless Assessment
Regulatory requirements include the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) regulations for the Healthcare and Social Services and Retail Trade industry sectors, respectively. HIPAA violations can run anywhere from $100 – $50,000 per violation with a maximum fine of $1.5 million dollars per calendar year. Fines for PCI non-compliance can be as high as $100k per month for level 1 businesses and in the event of a breach, each credit card holder record lost will cost the company between $50 – $150 dollars. BLS provides security services that specifically address PCI-DSSv3.2 and HIPAA regulatory requirements. We specialize in understanding each client’s regulatory needs and design our services to not only demonstrate compliance but also to effectively defend and protect critical data.
Most vulnerability assessments and scanners will leverage publicly available information to identify well-known vulnerabilities and common misconfigurations. This information provides the basis for a solid mitigation strategy and is the first step to securing critical resources. However, for organizations facing a determined and well-resourced adversary this may not be enough. BLS engineers will conduct exploratory research and analysis of complex systems for the express purpose of discovering new and/or undisclosed vulnerabilities. The objective is to discover these vulnerabilities and take corrective action before they can be exploited by an attacker.