CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES - - PowerPoint PPT Presentation

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING

FOR BOCES PARTICIPATING SCHOOL DISTRICTS RFP #2416

OUR DIFFERENTIATORS

Global Risk Assessment

Atlantic has a deep understanding of “Risk Assessment and Penetration Testing” on a global scale and can significantly impact your school’s efforts toward greater productivity through technology and process enhancements, while reducing cost.

Intelligence-driven penetration testing

Atlantic’s intelligence-led penetration testing employs the same tools, tactics, and procedures actively being used by cyber adversaries as they pertain to your business. Except now they’re working for you.

Unique State of the Art Application Security Software

Our application security assessment will investigate all components of the software you develop and the underlying technologies. Testing explores all possible avenues of attack to ensure that your application can be deployed securely and with confidence.

Human Based T echnology Solutions

Atlantic puts a human behind the wheel. Many web application assessments are highly

• automated. They produce a high volume of false positives, and overlook application

behavior that an expert security analyst would find. Our findings are validated and our consultants will work with your development staff to make sure that no stone is left unturned and that the results of your assessment are accurate.

OUR OFFER

Dedicated Project Manager to preside over the operation of the proposed test. Full service office technology provider with five network operation centers for all your school’s cybersecurity needs. Total Quality Commitment—Atlantic Seal of Satisfaction. Remote monitoring for proactive maintenance, network monitoring, alerts and unit diagnostics integrated into our solution. Predictive analytics tools combined with machine learning artificial intelligence software to anticipate potential threats. Atlantic DOES NOT SEEK reimbursement for travel, lodging, subsistence or

• ther out of pocket costs incurred in connection with this engagement.

OUR SERVICES PROVIDE AN INTEGRATED SOLUTION THAT USES OUR ADVANCED PROPRIETARY SOFTWARE

Application and Security testing for Web and Mobile Apps

• Intelligence Gathering:
• OWASP Web Application Testing

Methodology

Network Penetration T esting

• Security’s Intelligence Led

Penetration Testing Methodology is aligned with the industry accepted PTES (Penetration Testing Execution Standard).

Infrastructure Security Assessment

• Visibility, Detection, Response &

Containment 24/7/365

Vulnerability Scanning for Networks and Applications

• Vulnerability Analysis:

Phishing Expeditions

• Threat Modeling:
• Exploitation:
• Post Exploitation

Deliverables:

• Report to include: Findings Details, Proof of

Concept (Screenshot, Code Snippet, or Video – where applicable), References (Vendor Bulletins, Common Vulnerabilities and Exposures, US-CERT Advisories, Weaponized Malware), Risk Scorecard, Cyber Kill Chain Phase, Recommendations for Remediation, and Affected Asset(s).

INTEGRATED INTO ONE PLATFORM SOLUTION: PROVIDING VISIBILITY, DETECTION, RESPONSE & CONTAINMENT 24/7/365

State-of-the-art technology and years of expertise allow us to provide network and endpoint security monitoring Network Security Monitoring:: Find all assets on your network before a bad actor does with active and passive network discovery. Asset Discovery & Inventory: Identify systems that are vulnerable to exploits with active network scanning & continuous vulnerability monitoring Vulnerability Assessment: Detect & respond to threats faster with our built-in network IDS, host-based IDS, & file integrity monitoring Intrusion Detection: Instantly spot suspicious network behavior with NetFlow analysis, service monitoring, & full packet capture Behavioral Monitoring: Quickly correlate & analyze security event data from across your network with built-in SIEM & log management SIEM & Log Management: Continuous Endpoint Monitoring & Visibility; Threat Intelligence for Prioritization & Attack Action Endpoint Security Monitoring: Root Cause Analysis & Investigation Instant Isolation, Live Response & Remediation One-click Stopping threats at the endpoint Endpoint Threat Banning

ENGAGEMENT WITH PREDICTIVE ANALYTICS TOOLS COMBINED WITH MACHINE LEARNING ARTIFICIAL INTELLIGENCE SOFTWARE

6

Integrated Solution

• Complex mapping activities
• Standardized, domain-specific Excel

templates designed and knowledge captured from organization

• Templates are imported into Expertool,

systematically integrated by each data point, gaps & discrepancies identified

Simulation of complex systems

• Holistic risk model analysis
• Each risk model is duplicated in

Expertool

• Software identifies and links shared data

points

• Additional rules and relationships can be

supplied by experts/literature

• Simultaneous Monte Carlo simulations

are run, with cross-model intermediate impacts processed

Unique Discovery Methods

• Comprehensive sensitivity analysis
• Qualitative and quantitative impact are

modeled between each discrete set of parameters

• Software identifies all discrete values in

each parameter across the entire data set and combines them into one class

• Software links each unique value to all
• ccurrences across parameters
• The scenario for each unique value is

computed and output to Excel or other software.

TEAM MEMBERS

Peter Fiorillo, CPA

• (631) 806-2108

Justin Schwartz MPH

• (917) 647-3431

James Talilento CISSP , GSEC, GCIH, GPEN, GCFA, GCIA, GMON, CEH, SCYBER

• (646) 868-8128

Russell Safirstein, CPA

• (516) 551-5546

7