Cybersecurity is one of the core service lines within Business Integra (BI), and our company’s security service portfolio covers the full landscape of information security needs of our clients. We have the very best information security resources in the business that have supported just about every industry imaginable. We are currently supporting the FAA, the NRC, the IRS, NASA, the Centers for Medicare and Medicaid Services (CMS), the National Association of Child Care and Resource and Referral Agencies (NACCRRA) and DOS with their incident response, threat hunting, information security, security validation, FEDRAMP compliance, cloud security and vulnerability management objectives. In addition, Business Integra was proudly selected as a prime cybersecurity provider for Navy SPAWAR. We have offerings in all aspects of information security such as penetration testing, enterprise security architecture, security policy development, implementation services and federated identity management; furthermore, we have specialized abilities in security automation, threat hunting and applied threat intelligence and experience implementing the NIST Cybersecurity Framework (CSF) for hybrid and traditionally structured enterprises.
In the environment of persistent, advanced cybersecurity stresses and attacks, cyber resiliency combines a strategic, flexible approach: anticipate, withstand, recover, and adapt.
To be effective, cyber resiliency must be applied and communicated across all levels in an organization. Cyber resiliency, as documented in the NIST 800 series of publications, supports the link between risk management decisions and the organization’s risk management strategy. At every level, cyber resiliency elevates the importance of communication, informed action, and reporting. The result is that dynamic risks are continually and safely managed, operations are secured, and trust is maintained.
What does it mean to put a strategy for cyber resiliency into practice?
Cyber resiliency requires a comprehensive risk management strategy:
- Frame the cyber threats
- Set strategies to achieve cyber resiliency goals
- Select factors to prioritize and interpret cyber resiliency objectives at the mission/business level and at the system level
What do these mean? They mean that the organization takes an integrated process approach – a contextually aware, engineered solution:
- Anticipate: Deterrence, avoidance, and prevention are strategies for anticipating potential threats. Other strategies include:
- Planning: Identifying and planning to use available resources.
- Preparation: Varying the available resources and exercising plans.
- Morphing: Regularly changing the system in order to change the attack surface
- Withstand: Strategies for withstanding potential threats, even when those threats are not detected, include:
1. Absorption: Accepting some level of damage to a given set of system elements, taking actions to reduce the impacts to other system elements or to the system as a whole, and repairing damage automatically.
2. Deflection: Transferring threat events or their effects to different system elements or to systems other than those that were targeted or initially affected.
3. Discarding: Removing system elements or even a system as a whole, based on indications of damage, and either replacing those elements or enabling the system or mission/business process to operate without them.
- Recover: Strategies for recovery include:
1. Reversion: Replicating a prior state which is known to be acceptable.
2. Reconstitution: Replicating critical and supporting functions to an acceptable level or using existing system resources.
3. Replacement: Replacing damaged, suspect, or selected system elements with new ones or repurposing existing system elements to serve different functions in order to perform critical and supporting functions, possibly in different ways. Detection can support the selection of a recovery strategy. However, a system can apply these strategies independent of detection to change the attack surface.
- Adapt: Strategies for adaptation include:
1. Correction: Removing or applying new controls to compensate for identified vulnerabilities or weaknesses.
2. Redefinition: Changing the system’s requirements, architecture, design, configuration, or operational processes.
Organizational risk management strategy includes aspects which can limit the set of cyber resiliency solutions it will consider. These aspects include:
- The organization’s risk mitigation philosophy. For example, compliance with standards of good practice, incorporating state-of-the-art technologies and making trade-offs between standards of good practice and leading-edge protection technologies, pushing the state-of-the-art through cyber defense DevOps.
- The types of external coordination in which the organization will participate. For example, consumer of threat intelligence, bi-directional threat information-sharing, cooperation or coordination to counter threats, collaboration.
- Whether and how deception can be used.
Together, these strategies and supporting techniques make the organization agile, resilient, and coordinated in an era of persistent and sophisticated cyber risk. Throughout the system life cycle, trust is protected.
Security Automation Adoption Service
The Need For Speed: Automated malware attacks like WannaCry, NotPetya and as far back as SQL Slammer (2003) spread globally and were executed at a phenomenal rate, nearing machine speed (near light speed). If some attacks have spread across the entire globe in under 10 minutes, how much of our network can be compromised while our Change Control Boards are consulted for approved responses? The answer, “All of it”. Business Integra security practitioners are experts at categorizing your own incident response tactics into groups that:
Can be fully automated – repetitive, error prone tasks such as creating and updating trouble tickets, sending notifications, patching and checking patch compliance
- Can benefit from human triggered automation – automated courses of action that can be triggered after an operator has picked the appropriate course of action to run – such as immediately quarantining malware, automatically stopping an identified attack or instantly stopping record theft in process
- Are not appropriate for automation – but can benefit from automated data enrichment, meaning decision support tools will be automated so decisions can be reached quickly and with confidence
- Once the categorization is complete, we design, build, test and implement the new capabilities (complete with training and on demand 24×7 support). We also have services for operating the Automated Courses Of Actions (ACOA) as a service – AaaS. The end result is incredibly faster containment of attacks and malware spread and is more time for your analysts to work security-related tasks rather than administrative tasks.
Applied Threatelligence© (Operationally Applied Threat Intelligence)
Threat Intelligence shines a light in the darkness when it comes to knowing your enemy. But few organizations know how to make a tangible difference in their security with Threat Intelligence. Business Integra’s Threatelligent© offerings monitor and consolidate threat feeds to find the adversaries that can hurt you severely. They also apply that information directly to your individual operations and tool sets and give you very specific directions on what to do to protect your organization. These services not only make you more secure but also serve as excellent sources of budget justification. Business Integra will tell you where you should spend your funds and how to cover yourself in areas where you do not yet have sufficient defensive capabilities. These offerings are also one of the inputs to the Business Integra Intelligence Driven Threat Hunting service. All Business Integra offerings are available as services or as Turn-Key deliverable.
Threatelligent Hunting©: Business Integra Intelligence-Driven Threat Hunting (BIT Hunting©)
The Best Detection Tools Don’t Matter Without Threat Hunting. Would you build a dome around a city as the only measure to keep mosquitoes out? No. Because some mosquitoes are already living inside, and there are other vectors like rivers that allow them in. So even a perfect perimeter detection and prevention capability – if there were one – is not enough (and there is not one). It is imperative to continue looking for what is already there and what has come in using unexpected vectors. Business Integra’s Threatelligent© Hunting (BIT Hunting©) integrates into your security operations processes and is fed by your tools and logs, as well as by the Threat Intelligence feeds that are available in your environment. The Business Integra Threatelligent Hunting© solution is also equipped to feed directly to your security infrastructure, meaning that as soon as a new vector of attack, malware component or vulnerability is discovered, your defenses will be updated to keep that from happening in the future. BIT Hunting© is available as a service or as a Turn-Key deliverable.
SOC Optimization Service – Detect, Protect and Correct – Global Best practices
Business Integra’s SOC Optimization Service is a consulting offering that leverages expertise in the world’s leading models for Security Operations, such as the NIST Cybersecurity Framework, the ISD 35, the CIS 20 and others in order to evaluate your organization for areas of increased effectiveness and reduced costs. We align our recommendations with the cyber kill chain steps and provide a plan that will take your organization from current state to optimal state. We also synchronize the roll-out timeline to your budget and priorities, whether those priorities come from our Threat Intelligence Service recommendations or from your own leadership. If needed, Business Integra also offers delivery options that offload the majority of SOC Transformation duties from your staff, allowing them to continue normal duties while our experts set up your new Information Security capabilities and processes. Our staff will train and support your staff in transitioning to the Turn-Key new SOC tools and methods, or they can remain in place as long as needed.
Insider Threat Deterrence Program – Detect protect and Correct cycle
Business Integra followed the US Department of Defense’s recommendation that DETERRENCE needs to be part of a total cybersecurity strategy and developed a first of its kind approach to stopping insider threat issues with a very cost effective, largely automated solution that complies with the most strict privacy laws, including those going into effect May 25, 2018 via the General Data Protection Regulation (GDPR) regulations in Europe.
This program integrates with many specialty commercial tools and open source software packages and can be stood up in as little as 3 months. The nature of this program keeps us from publicly describing it. But for confidential details on how this offering works, please contact the Business Integra Cybersecurity team at 301-474-9600.