Cybersecurity as a Service: Incident Response, Penetration Assessment, Tabletop Exercise, Vulnerability Scanning
Iron Bow Technologies, the nextgen technology solutions provider to government, educational institutions, commercial, and healthcare markets joins forces with GuardSight Inc., a cybersecurity operations as a service (SECOPS) and managed detection and response (MDR) company to provide a wide range of detection and response, operations, compliance, assessment, and consulting services to help customers guard their critical assets and reputation against sophisticated cyber threats.
On the Request for Quote, Purchase Order, and all vendor communication, reference contract number: WSIPC RFP 23-02.
WSIPC RFP 23-02 Bid Documents
WSIPC RFP 23-02 Public Notice (PDF)
WSIPC RFP 23-02 Enterprise Cybersecurity & Risk Assessment Solutions (PDF)
RFP 23-02 Addendum 1 - Q&A (PDF)
RFP 23-02 Addendum 2 - Q&A (PDF)
RFP 23-02 Addendum 3 - Q&A (PDF)
RFP 23-02 Affidavit of Publication - DJC - Oregon (PDF)
RFP 23-02 Affidavit of Publication - DJC - Seattle (PDF)
RFP 23-02 Affidavit of Publication - Everett Daily Herald (PDF)
RFP 23-02 Affidavit of Publication - Idaho Statesman(PDF)
RFP 23-02 Affidavit of Publication - Arizona Capitol Times (PDF)
Please send requests for Bid Documentation to the WSIPC Contract Administrator at firstname.lastname@example.org.
On the Request for Quote, Purchase Order, and all vendor communication, reference contract number: WSIPC RFP 23-02.
GuardSight's Incident Response services are designed to address cybersecurity incidents efficiently. We employ digital forensics to collect and meticulously analyze electronic evidence, enabling a comprehensive assessment of the incident's scope and impact. As part of our proactive approach, we swiftly implement containment measures to minimize dwell time, preventing further damage. Furthermore, our dedicated team diligently works on eradicating the identified threats from the affected systems, aiming to restore the integrity of your network.
In our commitment to enhancing your cybersecurity posture, GuardSight responds to incidents and offers support in implementing improvement opportunities identified during the incident response process. These measures are comprehensively documented in the After Action Report, ensuring a structured and strategic approach to incident management.
Our Incident Response services encompass critical aspects, including:
- Critical Asset Compromise Incident Response: Focusing on incidents involving critical assets to ensure swift and effective resolution.
- Digital Forensics and Incident Response Services (DFIR): Leveraging digital forensics techniques to gather and analyze electronic evidence, aiding incident understanding.
- Containment Activities: Implementing containment measures to halt the spread of threats and minimize potential damage.
- Formal Process and Documentation: Adhering to formalized processes and meticulous documentation to maintain transparency and accountability.
- Development of Attack and Response Timelines: Create structured timelines outlining the attack progression and our response actions.
- Evidence Locker Creation and Evidence Preservation: Safeguarding digital evidence in secure environments to maintain integrity and chain of custody.
- Analysis and Recording of Indicators of Compromise (IOC): Carefully assessing and documenting atomic, computed, and behavioral indicators of compromise.
- Attack Vector and Progress Analysis using the Cyber Kill Chain Model (CKC): Analyzing the attack vector and progression using the Cyber Kill Chain model to understand the attack's stages.
- Coordination of Courses of Action (COA): Coordinating various courses of action to effectively counter threats.
- After Action Reporting: Providing comprehensive reporting, including executive briefings and identification of Opportunities for Improvement (OFI), to facilitate informed decision-making and future incident prevention.
GuardSight's Incident Response services are designed to respond to incidents and empower organizations to enhance their cybersecurity resilience through proactive measures and continuous improvement.
GuardSight's pen test services comprehensively assess an organization's cybersecurity posture, utilizing various techniques and methodologies to identify vulnerabilities and weaknesses. These services include:
- Adversary Emulation: Simulating cyberattack scenarios to assess how well an organization can defend against real-world threats.
- Vulnerability Scanning: Scanning and identifying potential vulnerabilities within an organization's infrastructure.
- Application Asset Security Posture Evaluation: Evaluating the security posture of critical application assets.
- Information Gathering (OSINT / Asset Reconnaissance): Collecting information from open sources and conducting asset reconnaissance to understand potential attack points.
- Configuration Analysis and Testing: Assessing the configuration settings of systems and networks for security weaknesses.
- Identity Management Analysis and Testing: Evaluating the effectiveness of identity management systems.
- Authentication Analysis and Testing: Testing the strength of authentication mechanisms.
- Authorization Analysis and Testing: Assessing the effectiveness of authorization controls.
- Session Management Analysis and Testing: Evaluating session management security measures.
- Data Validation Analysis and Testing: Assessing vulnerability data validation processes.
- Error Code Analysis and Testing: Identifying security issues related to application error codes.
- Client Side Analysis and Testing: Assessing security on the client side of applications and systems.
GuardSight's assessments provide:
- Risk of Compromise Ratings: Assessing the likelihood of asset compromise or breach.
- Remediation Recipes: Offering expert recommendations for addressing critical findings.
- Report Documentation: Providing detailed reports on vulnerabilities, weaknesses, and recommended actions.
The assessments align with industry standards such as OWASP (Open Web Application Security Project) and PTES (Penetration Testing Execution Standard) to ensure best practices are followed.
GuardSight deploys qualified personnel with certifications including OSCP (Offensive Security Certified Professional), GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GPEN (GIAC Penetration Tester), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker) to conduct assessments. GuardSight offers remediation assistance through expert recommendations and remediation recipes.
Tabletop Exercises (TTX) are invaluable tools for organizations seeking to proactively assess diverse risk scenarios and fortify their defenses against potential cyber threats. The primary aim of Tabletop Exercises is to ensure the readiness of an organization's Incident Response capabilities. Furthermore, they serve as a mechanism to expedite adaptive processes and integrate a culture of long-term resilience.
TTX Key Results:
- Operational Role Definition: Clearly define and assign operational roles within the Incident Response team to ensure efficient coordination.
- Operational Choreography Definition: Establish well-structured operational choreography, enabling seamless communication and collaboration during incident response.
- Review of CSIRT Tactics, Techniques, and Procedures: Thoroughly assess the effectiveness and relevance of Cyber Security Incident Response Team (CSIRT) tactics, techniques, and procedures to stay current with emerging threats.
- Critical Containment Asset Review: Identify and evaluate critical assets for containment purposes, enhancing the organization's ability to protect vital resources.
- Incorporating IT Support Teams: Discuss strategies for integrating IT support teams into the incident response framework to bolster technical assistance.
- Business Stakeholder Preparedness: Explore methods to prepare and engage business stakeholders in the incident response process to ensure a comprehensive organizational response.
- Fatigue Management: Address fatigue management strategies to maintain operational efficiency during extended incident response scenarios.
- Initial Response Rehearsal: Practice the initial response to simulated attack scenarios to refine the organization's ability to react swiftly and effectively.
- Identification, Review, and Planning for TTX Gaps: Identify, review, and devise plans to address any gaps or shortcomings discovered during the Tabletop Exercise.
- Report with Evaluation and OFI Gap Analysis: Compile a comprehensive report summarizing the evaluation of the Tabletop Exercise, along with an analysis of Opportunities for Improvement (OFIs) and suggested remedies.
Tabletop Exercises foster a proactive cybersecurity stance within organizations, equipping them with the tools and insights to effectively navigate the ever-evolving threat landscape.
Vulnerability scanning is a proactive and systematic approach to identifying and addressing potential security weaknesses in private and public-facing assets within an organization's network or digital infrastructure. This process involves continual monitoring and assessment to ensure that vulnerabilities are promptly identified and addressed in an organized manner, prioritizing the most critical risks to enhance overall cybersecurity.
- Continual Monitoring: Vulnerability scanning is an ongoing process involving regular and automated assessment of an organization's digital assets, such as servers, applications, databases, and network devices. This continuous monitoring helps ensure that emerging vulnerabilities are promptly detected.
- Risk Assessment: The scanning process assesses the vulnerabilities discovered and assigns a risk rating based on potential impact and exploitability factors. This risk assessment helps organizations prioritize which vulnerabilities to address first.
- Prioritization: Vulnerabilities are not all equal regarding their potential impact on security. Vulnerability scanning tools categorize and prioritize vulnerabilities, focusing on those that pose the most significant risk to the organization. This allows for efficient resource allocation and remediation efforts.
- Prompt Remediation: Organizations can develop a structured plan to address vulnerabilities promptly after identifying and prioritizing them. Remediation can involve applying software patches, configuration changes, or other security measures to mitigate the identified risks.
- Private and Public-Facing Assets: Vulnerability scanning covers private and public-facing assets. Private assets typically include internal systems and resources, while public-facing assets are those accessible from the internet, such as websites, web applications, and cloud services. Ensuring the security of both types of assets is crucial for protecting sensitive data and maintaining a strong cybersecurity posture.
- Compliance and Reporting: Vulnerability scanning often plays a crucial role in compliance with industry regulations and standards. Organizations can generate detailed reports demonstrating their efforts to identify and address vulnerabilities, which can be essential for regulatory audits and assessments.
Vulnerability scanning is a proactive cybersecurity practice that continuously assesses an organization's digital assets to identify potential security weaknesses. By prioritizing and addressing vulnerabilities systematically, organizations can enhance their overall security posture, reduce the risk of data breaches, and comply with regulatory requirements.