Build automations, understand threats, and train with us
Our Services
-
Threat Landscape
We will map out the threat landscape your organization faces, and instruct your security teams on how to best anticipate those threats from materializing. We will also brief your executives on security and intelligence issues, as well as the inverse: brief your technical teams on organizational and executive views and interests. We are particularly good at bridging gaps between audiences even within the same organization.
To do all of this, we apply best practices from the U.S. intelligence community for threat analysis and briefing. We will emphasize structured analysis of the entire threat space, challenge any existing assumptions in place about said landscape, and point out data gaps that might impede further certainty. Upon concluding, our threat analysis will point your organization to the specific sources of information, products, or internal practices that we advise you to pursue in order to improve your security posture relative to the identified threats. We can also work with you directly on building those capabilities.
For specific topics and regions we can bring in specialists with deep language and regional skills. Examples include, but are not limited to, world-class experts on the Russian and Chinese threat landscapes.
-
Vendor Replacement
Your organization likely relies on vendors, who charge annual service fees, to mitigate certain security risks. We can lead your engineers in building an in-house solution that will replace said products. This investment can generate hundreds of thousands of dollars in savings over the medium term, depending on what is being replaced. Moreover, it reduces your organization’s dependency on external security providers who introduce or discontinue features, pricing points, quotas, branding, and even entire products beyond your control.
This type of engagement is the longest but also the most innovative and potentially profitable for your organization. We are not averse to all vendors at all: our founder, Pablo Brum, got started and made his career at one of them: CrowdStrike. Nonetheless, there are likely to be significant opportunities for your organization to create its own security solutions for problems it hasn’t tackled yet, or to replace an existing vendor. There are also points in between: you may seek our services to help with a specific component of a larger application unique to your organization, such as scraping or scanning methods, query logic, business logic, or infrastructure deployment.
The savings here are remarkable: the difference between the cost of this one-time engagement versus the annual cost of today’s Software-as-a-Service (SaaS) offerings can be significant. As noted above, over time your organization will save large amounts in SaaS costs, not to mention retain greater control over its security stack and generate valuable know-how in your IT organization.
The following are our core vendor replacement offerings:
Credential theft prevention and neutralization
Website and social media phishing detection and neutralization
Monitoring of online communities and social media to automatically take necessary actions
Monitoring of news and other developments to automatically take necessary actions
Monitoring of code repositories for data leaks
Internet scanning of exposed customer, adversary, and third-party infrastructure to determine technologies, vulnerabilities, and threats present
Single-panel search engine for all your security data sources
Internal phishing simulation engine
Anti-click fraud + anti-scraping solutions
Monitoring of illicit online markets (particularly Tor hidden services)
-
Security Preparedness
We will build or help mature your security team in case it is currently insufficient for your needs. This includes providing advice, or direct action, in recruitment, training, budgeting, identifying product needs, and other tasks. We will help you review the security risks your organization faces, and develop or deploy controls to mitigate those risks. We will also advise you on evaluating and comparing vendors for various types of security products.
To do this we leverage best practices implemented by Chief Information Security Officers (CISOs) to comprehensively enumerate and mitigate security risks in corporate and government environments. While the threat landscape focuses on the world outside of your organization, this engagement is designed to review your organization internally, independently of outside threats, and identify your strengths and weaknesses.
Our specialists possess proven experience with assembling vast ranges of IT infrastructure in general and security in particular.
Some of the specific projects we tackle in Security Preparedness engagements involve:
Reviewing or creating security controls: DLP, EDR, MDM, IAM, network defense, secure coding, anti-phishing, bug bounties
Reviewing or creating security policies: MFA, zero trust
Crafting security analytics: Risk management, Account takeover forensics
News digestion: Monitoring global developments for automated, actionable responses
Insurance: working with brokers and providers to acquire the right cyber incident insurance policy for your organization
-
Incident Response
You may add us to an ongoing incident at your organization in order to boost your response efforts. We can also provide advice on dealing with incidents at third parties that are relevant to your organization, such as vendors or suppliers you rely on. We are also available to review your incident response protocols and readiness, particularly in shifting toward a SOCless stack.
To do this we will leverage our experience working on incident response across geographic and sector boundaries. This ranges from high-profile incidents involving political actors and hacktivists to engaging with manual extortion actors, rogue insiders, malware detections in your organization, breaches of PCI data, attacks on infrastructure, incidents involving third parties that impact your organization, and many more.
The broad incident categories we have most experience with include:
Access & networking incidents. Brute force login attempts, denial of service attacks, Server-side request forgeries (SSRF), Content Security Policy (CSP), asset inventory troubleshooting, and AWS issues
Account-related incidents: Employee credential leaks, employee accounts at third-party services, insider incidents, cookie-related incidents, theft of funds attacks
File-related incidents: Detection, download or execution of Windows and MacOS malware, detection of traffic to C2 infrastructure, file exfiltration (DLP) incidents, issues with ambiguous applications like TeamViewer, applications spoofing your brand
Fraud incidents: Insider-facilitated fraud, credit card fraud
Data ransom and ransomware attacks: dealing with threat actor communications, particularly extortive threats
-
Training & Recruitment
We provide both extensive and intensive training for your security organization, as we have done so both in the corporate world and in academia. Topics include fundamentals of cybersecurity, state-sponsored threats, cybercrime, hacktivism, destructive incidents, intelligence analysis, risk management, and much more. Our training will be crafted specifically to your organization’s needs and budget, and as such ask you about recipients of the training in order to better tailor our training to their needs. We are also ready to adapt the contents of our graduate-level coursework to your organization’s needs on short notice.
Additionally, we can help your organization staff its ranks by contributing to your recruitment process: finding candidates, interviewing them, and so on.
-
Advanced Projects & On-Demand Services
Mature organizations looking to improve on an established defensive posture will benefit from additional services we offer specifically for them.
One example is the development of offensive intelligence programs designed to better neutralize threats to your organization.
Another is to review the output of your security teams to develop better metrics, analytic findings, incident retrospectives, and general reporting to upper spheres of the organization. Revamping these products can often lead to new security insights of great benefit to the organization.
Lastly, we can also provide single-case or on-demand specialized services such as:
Malware reverse engineering
Actuarial analysis
Blockchain analysis and cryptocurrency investigations
Investigations of actors and organizations of interest in Latin America, Russia, the Middle East, China, and other regions
-
For Individuals
It is not unusual for individuals in positions of influence but with limited understanding of information technologies to have concerns over their personal devices and accounts. We are available for such engagements, beginning with a one-hour consultation to determine the features of the case.
-
Retainers
We can work with your organization under retainer conditions.
-
Pro Bono
We consider such requests on a case-by-case basis, depending on availability and salient points of the proposal