Cyber Security

Secure Your Cyber Environment

Research suggests that data theft and breaches from cyber crime can cost businesses as much as US $1T globally in lost intellectual property and expenditures for repairs annually. Estimated data worth a total of $4.6B are lost and international organizations spend about $600M cleaning up after breaches annually.

Hexagon US Federal's Cyber Security solutions provide dedicated, certified resources that will protect your systems from cyber threats. At Hexagon, we provide our clients with a solution that assures data security without interrupting critical data flow. We address security through four specific focus areas: information assurance, certification and accreditation, management security support, and security management and compliance. Included in these capabilities we provide security application assessment, policy and procedures assessment, and security management and compliance.

Note: This solution is available in the U.S. only.


Penetration Testing

Penetration testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of a Web page(s), data base, application, system, or network.

Our capabilities include:

  • Conducting and supporting authorized penetration testing on enterprise network assets.
  • Analyzing site/enterprise Computer Network Defense policies and configurations and evaluating compliance with regulations and enterprise directives.
  •  Assisting organizations with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).

 

Incident Response

Incident response services help organizations impacted by a Cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.

Our capabilities include:

  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise.
  • Perform command and control functions in response to incidents.
  •  Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

 

Cyber Hunt

Cyber hunt activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunt activities start with the premise that threat actors known to target some organizations in a specific industry, or specific systems, are likely to also target other organizations in the same industry or with the same systems. Use information and threat intelligence specifically focused on the proximate incident to identify undiscovered attacks. Investigates and analyzes all relevant response activities.

Our capabilities include:

  • Collecting intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise.
  • Coordinating with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents.
  •  Correlating incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

 

Risk and Vulnerabilities Assessments

Risk and vulnerability assessments conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Our capabilities include:

  • Network Mapping - consists of identifying assets on an agreed upon IP address space or network range(s).
  • Vulnerability Scanning - comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers.
  • Phishing Assessment - includes activities to evaluate the level of awareness of the agency workforce with regard to digital form of social engineering that uses authentic looking, but bogus, emails request information from users or direct them to a fake Website that requests information. Phishing assessments can include scanning, testing, or both and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months.
  • Wireless Assessment - includes wireless access point (WAP) detection, penetration testing or both and is performed while onsite at a customer s facility.
  • Web Application Assessment - includes scanning, testing or both of outward facing web applications for defects in Web service implementation may lead to exploitable vulnerabilities. Provide report on how to implement Web services securely and that traditional network security tools and techniques are used to limit access to the Web Service to only those networks and systems that should have legitimate access.
  • Operating System Security Assessment (OSSA) - assesses the configuration of select host operating systems (OS) against standardized configuration baselines.
  • Database Assessment - assesses the configuration of selected databases against configuration baselines in order to identify potential misconfigurations and/or database vulnerabilities.
  • Penetration Testing- conducting and/or supporting authorized Penetration Testing on enterprise network assets.

About Hexagon US Federal

Read about our company and what we do.