SAG’s Cyber Security Services provide companies with preventative testing, remediation, compliance, and forensic services.
SAG deploys penetration testing teams capable of conducting internal and external network and risk assessments for commercial clients and government agencies. SAG also conducts penetration testing of mobile applications and SCADA systems. SAG’s portfolio of security testing services includes NERC CIP audits and security code reviews. SAG employs expert web application testers and adheres to OWASP guidelines.
SAG can develop customized security programs and applications, as well as reverse-engineered, custom applications to strengthen client systems. SAG develops custom IOCs (Indicators of Compromise) and custom python and hadoop clusters for data analysis. SAG has also developed new Burp Suite plugins to help with web application testing. We can dismantle phone applications and perform source code reviews to find vulnerabilities that would be impossible to identify through more traditional methods.
Detection / Remediation
As global cyber threats continue evolving, a prevention strategy alone is inadequate. SAG augments prevention with expert detection and remediation services. SAG’s incident response process rapidly identifies threats and penetrations to block an attacker and minimize damage. All findings are comprehensively documented, vulnerabilities are validated, and remediation solutions are provided. SAG incident response services can also include liaison with law enforcement authorities, and routine or sustained testing services, as well as information security training specifically tailored to client needs, including Application Security Training, Boundary Defense, Data Protection, and Penetration Methodologies.
SAG can develop or enhance cyber security compliance programs to prevent problems before they occur, reduce legal exposure, and ensure regulatory adherence to existing and emerging requirements. SAG cyber security compliance services include the evaluation of existing compliance programs, design of new and updated policies, implementation of requisite procedures, and technical upgrades. Since compliance programs require ongoing vigilance, SAG can also provide sustained, independent verification and monitoring. Sample compliance services include:
• Securities & Exchange Commission (SEC)
• Federal Deposit Insurance Corporation (FDIC)
• Federal Information Security Management Act (FISMA)
• North American Electric Reliability Corporation (NERC)
• Critical Infrastructure Protection (CIP)
SAG is capable of performing complex cyber forensic investigations on various types of hardware, software, and media, including computer/disk, e-mail, social media, mobile device, and database investigations. If needed, SAG's cyber security professionals can utilize forensic science techniques to gather and preserve evidence from devices in a way that is suitable for presentation for law proceedings.