CyberSecurity within the government and commercial spaces has become a necessity in today’s ever changing cyber landscape. Hackers, state sponsored criminals, and script kiddies are constantly generating and implementing new and innovative ways to launch malicious attacks on networks systems, and big data. With Cyber Hygiene as a constant worry for CISOs, CEOs, and CIOs, a broad and detailed approach to CyberSecurity is a must. InQwest has spent years establishing this approach to CyberSecurity through the implementation and execution of Information Assurance, Independent Verification and Validation (IV&V), Security Engineering, and Penetration Testing.

PENETRATION
TESTING

PENETRATION TESTING

Penetration Testing facilitates the identification and discovery of exploitable vulnerabilities within IT networks and applications. Reconnaissance and discovery activities outline assets within a system and network to provide a baseline of attack vectors and serve as initial sources for information gathering activities in order to provide a real world representation of a system or network. InQwest implements a Blue/Red Team Hybrid methodology that allows for testing from an insider threat perspective with system knowledge while leveraging any identified findings for use in external exploitation.

This methodology not only includes some typical Red Team techniques but also adds an additional layer of internal exploitation. This internal component will identify additional exploits that would not be found when performing external Red Team testing. The Hybrid approach provides a more in-depth vulnerability assessment of implemented technical controls.

SECURITY ENGINEERING

Security Engineering is the implementing security measures to protect the operational and technical components of an organization. InQwest believes that security early and often is the key to ensuring the Confidentiality, Integrity, and Availability of all critical and non-critical assets. Everything from the DHS Security Engineering Life Cycle to the Software Development Life Cycle, Acquisition Life Cycle, and Agile methodologies in SecDevOps. These standards are the guidelines to ensuring that security is an integral part of an organization and at the forefront in everything from operations to development.

Security Architecture review and design is also a main offering within the InQwest Security Engineering service as it offers a thorough review of your existing security posture but also provides an “Outside In” approach to identifying gaps in security. InQwest has been providing detailed technical architecture reviews on physical, virtual, and cloud environments within the Federal and Commercial sectors.

SECURITY
ENGINEERING

INFORMATION
ASSURANCE (FISMA)

INFORMATION ASSURANCE/FISMA COMPLIANCE

Information Assurance and Federal Information Security Management Act (FISMA) services focus on compliance with the FISMA and National Institute of Standards and Technology (NIST) guidelines. The support includes facilitation of communication with key stakeholders, scheduling of A&A activities, generating necessary plan and accreditation documentation, automated and manual testing activities in order to identify the true security posture of the system under test, review and analysis of A&A testing results, creation of Plans of Action & Milestones, and final accreditation package.

InQwest A&A services are tailored to accommodate each specific agency in order to satisfy compliance requirements and leverage custom made toolsets to streamline the A&A process.

ADVERSARIAL ASSESSMENTS (AA)

Adversarial Assessments (AA) are technical cyber resilience assessments with a focus on system operational impact conducted within the confines of agreed upon test scenarios and associated test cases. AAs are conducted as a component of an Independent Testing Agent in support of an agency Acquisition Lifecycle Framework and System Engineering Life Cycle milestones usually incorporated into an Agile development process. This Department of Homeland (DHS) specific testing function ensures that the known impact of systems and equipment is thoroughly tested against cyber resilience standards and requirements.

InQwest has had the opportunity to establish and execute highly technical testing methodologies, tactics, techniques, and processes (TTPs) in support of AAs within the DHS components, Transportation Security Administration (TSA), United States Citizenship and Immigration Services (USCIS) and the Federal Emergency Management Agency (FEMA) information systems and Transportation Security Equipment (TSE). Specifically, InQwest has been the sole provider of TSA AAs for TSE Checkpoint Property Screening Systems (CPSS), Advanced Image Technology (AIT), Credential Authentication Technology (CAT), and the DHS Financial Systems Modernization Solution (FSMS).

ADVERSARIAL
ASSESSMENTS (AA)

VULNERABILITY
ASSESSMENTS

VULNERABILITY ASSESSMENTS

Vulnerability Assessments facilitates the identification and discovery of vulnerabilities within IT networks and applications. Discovery activities outline assets within a network and provide an attack surface to facilitate additional testing. InQwest implements a standard Blue Team approach that allows for internal white box testing from an insider threat perspective with system knowledge.

This methodology includes testing with and without credentials on all workstations, servers, databases, web applications, network devices, and security appliances. Automated tools and manual testing methodologies are implemented to provide a holistic review, minimize false positives, and identify as many network and system vulnerabilities as possible. InQwest vulnerability assessments drive to increase the overall security posture of commercial and agency networks and systems.

CYBER HUNT

Cyber Hunting involves proactively investigating network flow and datasets for advanced and sophisticated threats that may have evaded everyday detection. Based on InQwest knowledge of these profiles and patterns, we bring to light hard to detect activity at various stages of the attack chain, from adversary privilege escalation to insider threat data exfiltration. When combined with industry leading tools, and a vast threat intelligence network, our analysts are able to help provide early warning indicators of compromise and deep-rooted threat actor activity.

InQwest Cyber Hunt activities have been employed in the commercial sector in response to defacement and other technical related incidents. With the use of proprietary toolsets and targeted technical information gathering techniques, InQwest is able to identify external, criminal, and possible state sponsored malicious activities that had previously evaded detection and prevention defense in depth measures.

CYBER HUNT

INCIDENT
RESPONSE

INCIDENT RESPONSE

Incident Response involves a structured response to security incidents, cyber-attacks, internal threats, and other incidents of compromise. InQwest implements a four phase NIST based approach for responding to malicious threats that occur frequently in today’s cyber driven landscape. Phase 1 – Preparation, is key to planning how to react to future incidents that may occur within the organization. Phase 2 – Detection and Analysis, involves identifying the cause of the breach so that the incident can be contained. Phase 3 – Containment, ensures that the incident will not be persistent within the environment and will not propagate throughout the organization. The final Phase 4 – Eradication, facilitates recovery of affected systems, assessment of the damage and severity of the incident, and any additional investigations that are needed.

The InQwest team is well versed in IR plan review and implementation which provides a seamless introduction into the organization security team. Being able to provide the proper skillset for Detection and Analysis is key to the Containment of the incident and proper Eradication so that sensitive and proprietary data is kept safe and malicious actors are not present within the network.

HIGH VALUE ASSET

The Office of Management and Budget, the Department of Homeland Security, and all other Federal Agencies have deemed the High Value Asset (HVA) a critical and top priority for Cyber Security implementation, review, and protection. InQwest has developed a method for providing High Value Asset Assessments to the government space by leveraging existing past performance with Vulnerability Assessments, Security Control Assessments, Ongoing Authorization, Infrastructure Review, and the System Development Life Cycle (SDLC). Whether the HVA is of Informational Value, Mission Essential, or Federal Civilian Enterprise Essential, the InQwest HVA Assessment applies across the spectrum.

Leading with the methods implemented in the Vulnerability Assessment service to identify vulnerabilities while also leveraging a Security Architecture Review to provide a holistic analysis of agency processes, documentation, and implementation of Cyber Security components and systems. A Systems Security Engineering review is also conducted to identify, analyze, and reduce risk of vulnerabilities associated with the SDLC process used to implement the system environment and components. This review can include physical security, data security, endpoint security, infrastructure security, just to name a few.

HIGH VALUE ASSET

CMMC CONSULTING

CMMC CONSULTING

The Cybersecurity Maturity Model Certification (CMMC) is a recent push to establish standards and best practices for cybersecurity within the Defense Industrial Base. CMMC combines existing NIST security controls and industry best practices across 5 maturity levels from basic to advanced. InQwest has been certified as a CMMC Registered Provider Organization and has several Registered Practitioners and future CMMC Assessors on staff.

The InQwest CMMC RPO methodology consists of a 4-phased approach including Review, Evaluate, Strategic Implementation, and Reporting. Our phased approach allows for the Review of existing security control implementations, Evaluation against NIST/CMMC standards, Strategic Implementation of security controls within the organization, and Reporting of all implemented cybersecurity processes and procedures necessary to obtain a CMMC Levels 1-3 accreditation.

CYBER RESILIENCE

Presidential Policy Directive 21 defines resilience as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. It also involves establishing requirements, often referred to as resilience requirements, which establish the ways assets are protected and sustained.

Protection is concerned with the traditional security controls such as firewall to protect an IT Environment and guards to protect a building. Sustainment is concerned with ensuring that assets and services remain viable when protection measures fail or during other adverse events. This included conducting regular backups and developing and maintained a service continuity plan. InQwest has incorporated the Resilience, Protection, and Sustainment activities into our Cyber Resilience review and implementation services.

CYBER RESILIENCE