CyberSecurity within the government and commercial spaces has become a necessity in today’s ever changing cyber landscape. Hackers, state sponsored criminals, and script kiddies are constantly generating and implementing new and innovative ways to launch malicious attacks on networks systems, and big data. With Cyber Hygiene as a constant worry for CISOs, CEOs, and CIOs, a broad and detailed approach to CyberSecurity is a must. InQwest has spent years establishing this approach to CyberSecurity through the implementation and execution of Information Assurance, Independent Verification and Validation (IV&V), Security Engineering, and Penetration Testing.

PENETRATION
TESTING

PENETRATION TESTING

Penetration Testing facilitates the identification and discovery of exploitable vulnerabilities within IT networks and applications. Reconnaissance and discovery activities outline assets within a system and network to provide a baseline of attack vectors and serve as initial sources for information gathering activities in order to provide a real world representation of a system or network. InQwest implements a Blue/Red Team Hybrid methodology that allows for testing from an insider threat perspective with system knowledge while leveraging any identified findings for use in external exploitation.

This methodology not only includes all typical Red Team testing but also adds an additional layer of internal exploitation. This internal component will identify additional exploits that would not be found when performing external Red Team testing. The Hybrid approach provides a more in depth vulnerability assessment of implemented technical controls.

SECURITY ENGINEERING

Security engineering includes all of the necessary technical testing associated with the Accreditation and Authorization (A&A) process. Testing is driven by network and system boundaries with associated asset inventory. InQwest is fluent in providing automated and manual assessments on web applications, web services, databases, infrastructure devices, servers, workstations, and security appliances.

This includes automated and manual dynamic testing as well as static code analysis and manual configuration assessments. Raw data analysis is performed to identify false positives and a findings report is generated to support the overall A&A technical testing assessment.

SECURITY
ENGINEERING

INFORMATION
ASSURANCE (FISMA)

INFORMATION ASSURANCE/FISMA COMPLIANCE

Information assurance and Federal Information Security Management Act (FISMA) services focus on compliance with the FISMA and National Institute of Standards and Technology (NIST) guidelines. The support includes facilitation of communication with key stakeholders, scheduling of A&A activities, generating necessary plan and accreditation documentation, reviewing A&A testing results, creation of Plans of Action & Milestones, and final accreditation package.

InQwest A&A services are tailored to accommodate each specific agency in order to satisfy compliance requirements and streamline the A&A process.

IV&V

The IV&V service provides a third party external assessment of system and application processes, procedures, and internal implementation. This outside perspective facilitates a fresh take on long established and familiar establishment approaches to internal and external security practices. This approach is essential in identifying gaps in management, operational, and technical implementations that are common place with regards to system administration, security configuration, defense in depth capabilities, and documentation.

InQwest has been providing IV&V services for government clients to identify critical areas with elevated risk within agency.

IV&V SYSTEM
APPROACH

VULNERABILITY
ASSESMENTS

VULNERABILITY ASSESMENTS

Vulnerability Assessments facilitates the identification and discovery of vulnerabilities within IT networks and applications. Discovery activities outline assets within a network and provide an attack surface to facilitate additional testing. InQwest implements a standard Blue Team approach that allows for internal white box testing from an insider threat perspective with system knowledge.

This methodology includes testing with and without credentials on all workstations, servers, databases, web applications, network devices, and security appliances. Automated tools and manual testing methodologies are implemented to provide a holistic review, minimize false positives, and identify as many network and system vulnerabilities as possible. InQwest vulnerability assessments drive to increase the overall security posture of commercial and agency networks and systems.

CYBER HUNT

Cyber Threat Hunting involves proactively investigating network flow and datasets for advanced and sophisticated threats that may have evaded everyday detection. Based on InQwest knowledge of these profiles and patterns, we bring to light hard to detect activity at various stages of the attack chain, from adversary privilege escalation to insider threat data exfiltration. When combined with industry leading tools, and a vast threat intelligence network, our analyst are able to help provide early warning indicators of compromise and deep rooted threat actor activity.

CYBER HUNT

INCIDENT
RESPONSE

INCIDENT RESPONSE

Incident Response involves a structured response to security incidents, cyber attacks, internal threats, and other incidents of compromise. InQwest implements a four phase NIST based approach for responding to malicious threats that occur frequently in today’s cyber driven landscape. Phase 1 – Preparation is key to planning how to react to future incidents that may occur within the organization. Phase 2 – Detection and Analysis involves identifying the cause of the breach so that the incident can be contained, this involves review and analysis of network device and asset information such as network detection and prevention systems, SIEMs, Logs, EDR, AV, and other information. Phase 3 – Containment ensures that the incident will not be persistent within the environment and will not propagate through out the organization, this can include simple and complex modification or implementation of security measures. Phase 4 – Eradication facilitates recovery of affected systems, assessment of the damage and severity of the incident, and any additional investigations that are needed. Notification to the proper internal or public points of contact occur in Eradication along with prevention of future attacks through lessons learned, training and IR plan improvement.

The InQwest team is well versed in IR plan review and implementation which provides a seamless introduction into the organization security team. Being able to provide the proper skillset for Detection and Analysis is key to the Containment of the incident and proper Eradication so that sensitive and proprietary data is kept safe and malicious actors are not present within the network.