CyberSecurity within the government and commercial spaces has become a necessity in today’s ever changing cyber landscape. Hackers, state sponsored criminals, and script kiddies are constantly generating and implementing new and innovative ways to launch malicious attacks on networks systems, and big data. With Cyber Hygiene as a constant worry for CISOs, CEOs, and CIOs, a broad and detailed approach to CyberSecurity is a must. InQwest has spent years establishing this approach to CyberSecurity through the implementation and execution of Information Assurance, Independent Verification and Validation (IV&V), Security Engineering, and Penetration Testing.

PENETRATION
TESTING

PENETRATION TESTING

Penetration Testing facilitates the identification and discovery of exploitable vulnerabilities within IT networks and applications. Reconnaissance and discovery activities outline assets within a system and network to provide a baseline of attack vectors and serve as initial sources for information gathering activities in order to provide a real world representation of a system or network. InQwest implements a Blue/Red Team Hybrid methodology that allows for testing from an insider threat perspective with system knowledge while leveraging any identified findings for use in external exploitation.

This methodology not only includes some typical Red Team techniques but also adds an additional layer of internal exploitation. This internal component will identify additional exploits that would not be found when performing external Red Team testing. The Hybrid approach provides a more in-depth vulnerability assessment of implemented technical controls.

SECURITY ENGINEERING

Security engineering includes all of the necessary technical testing associated with the Accreditation and Authorization (A&A) process. Testing is driven by network and system boundaries with associated asset inventory. InQwest is fluent in providing automated and manual assessments on web applications, web services, databases, infrastructure devices, servers, workstations, and security appliances.

This includes automated and manual dynamic testing as well as static code analysis and manual configuration assessments. Raw data analysis is performed to identify false positives and a findings report is generated to support the overall A&A technical testing assessment.

SECURITY
ENGINEERING

INFORMATION
ASSURANCE (FISMA)

INFORMATION ASSURANCE/FISMA COMPLIANCE

Information Assurance and Federal Information Security Management Act (FISMA) services focus on compliance with the FISMA and National Institute of Standards and Technology (NIST) guidelines. The support includes facilitation of communication with key stakeholders, scheduling of A&A activities, generating necessary plan and accreditation documentation, automated and manual testing activities in order to identify the true security posture of the system under test, review and analysis of A&A testing results, creation of Plans of Action & Milestones, and final accreditation package. 

InQwest A&A services are tailored to accommodate each specific agency in order to satisfy compliance requirements and leverage custom made toolsets to streamline the A&A process.

IV&V

The IV&V service provides a third party external assessment of system and application processes, procedures, and internal implementation. This outside perspective facilitates a fresh take on long established and familiar establishment approaches to internal and external security practices. This approach is essential in identifying gaps in management, operational, and technical implementations that are common place with regards to system administration, security configuration, defense in depth capabilities, and documentation.

InQwest has been providing IV&V services for government clients to identify critical areas with elevated risk within agency.

IV&V SYSTEM
APPROACH

VULNERABILITY
ASSESSMENTS

VULNERABILITY ASSESSMENTS

Vulnerability Assessments facilitates the identification and discovery of vulnerabilities within IT networks and applications. Discovery activities outline assets within a network and provide an attack surface to facilitate additional testing. InQwest implements a standard Blue Team approach that allows for internal white box testing from an insider threat perspective with system knowledge.

This methodology includes testing with and without credentials on all workstations, servers, databases, web applications, network devices, and security appliances. Automated tools and manual testing methodologies are implemented to provide a holistic review, minimize false positives, and identify as many network and system vulnerabilities as possible. InQwest vulnerability assessments drive to increase the overall security posture of commercial and agency networks and systems.

CYBER HUNT

Cyber Hunting involves proactively investigating network flow and datasets for advanced and sophisticated threats that may have evaded everyday detection. Based on InQwest knowledge of these profiles and patterns, we bring to light hard to detect activity at various stages of the attack chain, from adversary privilege escalation to insider threat data exfiltration. When combined with industry leading tools, and a vast threat intelligence network, our analysts are able to help provide early warning indicators of compromise and deep-rooted threat actor activity.

InQwest Cyber Hunt activities have been employed in the commercial sector in response to defacement and other technical related incidents. With the use of proprietary toolsets and targeted technical information gathering techniques, InQwest is able to identify external, criminal, and possible state sponsored malicious activities that had previously evaded detection and prevention defense in depth measures.

CYBER HUNT

INCIDENT
RESPONSE

INCIDENT RESPONSE

Incident Response involves a structured response to security incidents, cyber-attacks, internal threats, and other incidents of compromise. InQwest implements a four phase NIST based approach for responding to malicious threats that occur frequently in today’s cyber driven landscape. Phase 1 – Preparation, is key to planning how to react to future incidents that may occur within the organization. Phase 2 – Detection and Analysis, involves identifying the cause of the breach so that the incident can be contained. Phase 3 – Containment, ensures that the incident will not be persistent within the environment and will not propagate throughout the organization. The final Phase 4 – Eradication, facilitates recovery of affected systems, assessment of the damage and severity of the incident, and any additional investigations that are needed.

The InQwest team is well versed in IR plan review and implementation which provides a seamless introduction into the organization security team. Being able to provide the proper skillset for Detection and Analysis is key to the Containment of the incident and proper Eradication so that sensitive and proprietary data is kept safe and malicious actors are not present within the network.

HIGH VALUE ASSET

The Office of Management and Budget, the Department of Homeland Security, and all other Federal Agencies have deemed the High Value Asset (HVA) a critical and top priority for Cyber Security implementation, review, and protection. InQwest has developed a method for providing High Value Asset Assessments to the government space by leveraging existing past performance with Vulnerability Assessments, Security Control Assessments, Ongoing Authorization, Infrastructure Review, and the System Development Life Cycle (SDLC). Whether the HVA is of Informational Value, Mission Essential, or Federal Civilian Enterprise Essential, the InQwest HVA Assessment applies across the spectrum.

Leading with the methods implemented in the Vulnerability Assessment service to identify vulnerabilities while also leveraging a Security Architecture Review to provide a holistic analysis of agency processes, documentation, and implementation of Cyber Security components and systems. A Systems Security Engineering review is also conducted to identify, analyze, and reduce risk of vulnerabilities associated with the SDLC process used to implement the system environment and components. This review can include physical security, data security, endpoint security, infrastructure security, just to name a few.

HIGH VALUE ASSET