Think Like An Atacker, Act Accordingly
PURE
​
PLAY
​
NextGenSECURITY
Meet The Team
30+ years experience as an Industry-leader in the security, consulting and software development market. Experience managing global clients across multiple disciplines
CISO and consulting experience with over 30 years creating and managing corporate-wide information security, assurance, and risk management programs, developing and overseeing legal and regulatory compliance initiatives directing security architecture and engineering projects and managing global security operations in the national intelligence, Federal and state governments, military and multiple commercial industries."
30 years of full stack experience across 15+ industries. From Data Centers, DevOps to Strategic Planning to Apps, SAAS and Disaster Recovery. Experience managing global organizations. Security incorporated in all aspects of his experience, from Data Centers to Apps to Contracts.
Meet Your Adversaries
NATION STATES
HACKTIVISTS
CRIMINALS
INSIDERS
Meet The World As it Is
Attack Methods are getting Smarter:Threat actors are using some common methods including compromised word Macros opened up by an unsuspecting user:
​
-
Phishing with Word-enabled Macro, Most Malware is able to:
-
Determine if running in sandbox and/or with and without privileg
-
Change the service description to something innocuous
- Collect system information such as process name and system information
- Encrypt system information such as the process name and system information
- ​Encrypt collected information
- Encrypt the information and POST to the Command and Control Server
- Download additional malware (sometimes)
- Start the malware service
- Create a new service as auto start to make malware persistent
-
​​
Living off the Land
-
Attackers and developers of penetration-testing frameworks are increasingly leveraging Windows PowerShell to conduct their operations. By default, PowerShell does not leave many artifacts of its execution in most Windows environments. The combination of impressive functionality and stealth has made attacks leveraging PowerShell a nightmare for enterprise security teams*
​
Threat Fatigue
-
Threat Fatigue Leads to delayed Incident Response: On average clients see 17,000 malware alerts per week, with less than 5% investigated, per Verizon report.
​​
Threat Detection and Remediation
-
Per the same Verizon report, it typically takes 170 days to detect and 39 days to remediate a compromise once it is found. In other words, its greater than 200 days from compromise to remediation, giving the bad guys lots of time to move laterally.
​
​
Common Threats
We understand the world as it is today (and what we think it will look like tomorrow) including:
-
Improving nation-state, hacktivist, insider evasion and cybercriminals that, once they have a foothold within your network, are moving laterally within hours OR lying dormant for months or years
-
Many are moving away from signature-based attacks, leveraging Operating-System native tools (living off the land)
-
Most run their campaigns like a software development shop, verifying their code’s ability to evade defenses
-
​​
-
Expanding attack surfaces for clients as they move away from the legacy on-prem, perimeter-based approach to explosion of data and endpoints via IoT devices, BYOD, cloud, Saas, hybrid, etc.
​​
-
Increasing statutory requirements (and penalties) for compromises along with decreasing time to respond to compromises
​​
-
Increasing compromises via “Upstream” and “Downstream”
-
50% of compromises in 2018 were due to partners being compromised FIRST
-
-
Insider threats STILL represent close to 40% of compromises to-date
-
See UK-based dev-ops resource recently imprisoned for destroying firm’s infrastructure
-
The Ovation team is uniquely qualified to assist clients
Experience:
-
Regulated and Non-Regulated Industries: Our team has experience in heavily regulated industries, to include Government, Financial, HealthCare, and Energy companies
​​
-
Critical Infrastructure: Our team has experience with SCADA systems including experience in the power/energy sector
​
-
Assessment Experience: We specialize in cybersecurity and have performed assessments for commercial and state clients. Assessments range from very technical “Red Team” exercises, to strategic assessments helping clients build out and mature their security programs.
​​
-
Compliance: We have built and managed compliance programs for many clients to meet their internal and external requirements
​
-
App and Infrastructure Experience: From data center build out, global network infrastructure, App development (NodeJs, Python, Go, Golang, Java, otherers), DevOps/CI/CD (bare metal through serverless)
​
-
Incident Management/Operational Management Experience
​​
-
Threat hunting: We leverage active threat hunting tools, we help clients look for threats, whether on-prem, cloud, or even your SaaS vendors*
Differentiators:
-
Attacker’s mindset: We evaluate IT and SCADA assets with an attacker’s mindset in order to build defensible security controls.
​
-
Auditor’s/Compliance Mindset: We have decades of experience working at public accounting firms where were actively engaged in audit and compliance assessments
​
-
Implementation Experience: we have extensive experience implementing enterprise wide security controls to include, network solutions from SIEM, firewalls, cloud, IA&M, CASB and other solutions for on-prem and cloud deployments
​​
-
SCADA/ICS Process Control Systems: We have experience assessing and securing SCADA environments
​​
-
Global Clients with local requirements: We have worked with global clients, keeping in mind their local requirements
​​
-
Long-term Partner: We value long-term relationships with clients. Your threats are constantly evolving and we can help you prepare to proactively and reactively defend critical infrastructure.
​
​