Overview of Research and Innovation Services
to view information on Matthew Neely's new book!
SecureState’s Research & Innovation (R&I) Team provides the ability to develop, adapt and imagine methodologies and capabilities for unknown, dynamic or challenging environments. It is paramount for an organization to verify and validate compromises, collect evidence, contain and eradicate threats, and rapidly recover from impact. Therefore, SecureState requires a sustained, efficient, repeatable and effective strategy to combat advanced threats against the architecture and its assets and data. We accomplish this goal by integrating the R&I Team with all services and practice methodologies. Our Research and Innovation allows our consultants and clients to get rapid solutions and answers to threats and challenges, while building an extension of the organization’s security team to minimize the impact and risks and maximize the capabilities and expertise.
SecureState’s Research and Innovation Team is a core component for gathering, interpreting and presenting precise intelligence about the tools, methodologies and techniques used by attackers. This intelligence is interwoven within Threat Modeling and Advanced Persistent Threat analysis, and is used to evaluate, correlate and monitor all end-points and network nodes within the environment. Additionally, the Research and Innovation Team continuously provides precise, updated and tested intelligence about attacker tools, techniques and risk through the integration of SecureState’s practices and methodologies:
- Ability to extend the consultant knowledge pool, and the organization’s security team with the latest capabilities, advanced threat detection and intelligence
- Develops SecureState’s end-point and network-based threat and data discovery agents
- Develops custom identification, containment, eradication, and remediation solutions
- Conducts continued and direct testing and forensic investigation based upon a white-hat/ black-hat architecture and exploitation platform
- Develops SecureState’s remote incident response agents, management stations, and console architecture
- Governs the Audit and Compliance research and controls for systems, assets, and data; and defines customized roles and responsibilities, escalation and notification and best practices for an organization’s security program
- Spearheads the enterprise Risk Management, remediation, and security baselines that define and mature an organization’s resiliency
- The Research and Innovation Team consists of hackers, and integrate SecureState’s Profiling and Penetration consultants to learn and develop tested countermeasures through data infiltration, physical penetration, social engineering, and advanced exploit development
- Manages the readiness and response tactical solutions, and ensures the resources and programs are matured with the latest intelligence, tools and attack methods.
- Develops the system and network base-lining solutions, network and host-based monitoring, and signature detection and creation
- Creates custom indicators of compromise and countermeasures
- Maintains and implements the MyState Secure Portal for SecureState’s Virtual Incident Response Team (VIRT) and Persistent Threat Modeling intelligence. This portal provides an organization and consultants with the ability to instantly access intelligence, attacker techniques and threat tactics, as well as view, coordinate and correlate incident details
Advantages of a SecureState Solution
Staying on the forefront of the security industry as thought leaders, our R&I team is often invited to present at conferences such as DefCon, SchmooCon, and BlackHat or submitting new exploits and tools to frameworks such as MetaSploit and BackTrack. SecureState’s team of R&I focus on testing products, developing new exploits and tools, and solving complex/unknown problems. The team is made up of individuals with industry-leading certifications, government and military backgrounds, and poses top-secret security clearances. SecureState consultants include former communication officers, intelligence officers and CERT team leads that have experience providing, leading and creating response teams, innovation labs and security solutions for the U.S Government and Military, and Fortune 500 companies.
- SecureState has identified more than 4 “zero-day” vulnerabilities and developed over 9 new and custom exploitation methods this year alone
- We have released 12 customized tools and frameworks used within forensic, incident response and penetration frameworks
- All R&I team members are required to perform assessments to ensure that developed ideas solve real business problems
- Our experts in all disciplines of security are contributors to the team: Audit and Compliance; Risk Management; Advisory; Profiling and Penetration; and Incident Response.
- Our team is the chosen expert of several publications on trends and threats facing the security industry today
- We pull research from both our commercial and Federal government experiences including DoD and Intel disciplines
- The Research and Innovation is interwoven within all services and consultant methodologies; we enforce a dedicated R&I focus that drives an identified need to improve, create and support practice engagements and processes
- Develops the ability to adopt new signatures of an advanced threat or compromise
- Develops the capability to rapidly collect live data from suspect systems
- Develops SecureState’s base-lining and anomaly detection
- Provides an extension and reinforcement of the organization and consultant team’s ability to identify, respond and eradicate threats
- Combine technical capabilities of consultants, with strategic planning and resiliency focus, with an R&I lab to backup findings, techniques, recommendations, and solutions
Our Approach to Research and Innovation
SecureState follows a stringent methodology which incorporates industry-leading frameworks when providing Research & Innovation for the security community and for our clients. For each offer, our process may be tailored; however, the general process follows four steps which will ensure that all areas of a particular problem or subject are covered.
- Idea Generation: During this stage, the R&I process begins with ideas from customers, issues discovered during SecureState’s testing, common issues within the industry, market surveys, or strategic command from executive management. The team reviews formal descriptions and specifications to evaluate the feasibility of aspects such as technological, marketing or synthetic feasibilities.
- Planning: During the planning stage, a project team is developed based on the best resources within SecureState to tackle the problem. It has always been our belief that no one person knows everything about security; as such, we will leverage key members from each one of our service lines. During this stage the team also determines a schedule with specific milestones and due dates.
- Design and Testing: During the Design and Testing stage, SecureState’s team hypothesizes ways to resolve the issue, build the idea and test the product in focus. Whether it is developing a new framework, vulnerability, tool, identifying new threats, or testing a product, the team will develop several hypotheses that would be of best benefit to individuals within the security industry. Once these hypotheses are designed, the team will then perform tests.
- Conclusions: Once the design and testing stage is completed, the team will then develop conclusions that may be documented in the form of a white paper, blog, article, etc. These conclusions will render opinions on new threats the industry may be facing, effectiveness of a specific product, or demonstrate ways to use a new tool or exploit a new vulnerability which SecureState has developed.
SecureState provides a variety of services within the R&I group. Whether it is reviewing a new technology or developing a new exploit, our R&I team can tackle the toughest problems. The following is a list of services that the R&I team offers:
- Threat Lab Services:
- 0-day development
- Advance proprietary code for exploitation, detection and eradication
- Threat Analysis
- Network and user-agent monitoring for Advanced Persistent Threats
- VIRT support and development for network-wide monitoring and response
- Cloud Computing
- Develop platforms for labs, interconnectivity of labs, cause-and-effect learning
- Data Discovery/Pillaging
- Lessons Learned Integration (Special Projects):
- Educate clients on the necessity of integrating lessons learned within the overall maturity of the organization’s planning and readiness
- Provide the capability to proactively continue to monitor, research and analyze the company after the engagement
- Mobile Device Platform Architecture:
- Mobile pentest and VA, and developer training
- Security assessment for mobile device
- Forensic and IR investigations
- Risk and Threat Models