Testing as a Service

Vigilant Cyber Systems serves clients who provides capabilities to the warfighter and directly contribute to security of the greatest nation on earth. A “once and done” approach to security is and always has been a failed premise that our adversary continues to use to their advantage. 

While attackers are in a constant state of flux and adaptation, most security and defense providers remain stagnant and in “reaction mode” instead of leveraging the tools at their disposal to mount a proactive defense.

Security is a verbnot a state of being.

Effective cyber protect / defend requires constant monitoring and tuning. If the human mind can conceive process and capabilities to protect and defend, the human mind can devise ways to overcome. Testing as a Service embraces this fact and provides data required to actively tune detection / protection strategy to counter evolving threats.

Heres how were helping businesses servicing DoD customers overcome this challenge.

We provide a persistent, recurring view of target environment through the eyes of an attacker.

We’ll give DevOps teams proactive and data-driven feedback required to adequately secure and defend their development, testing, staging, and production environments.

Why Vigilant?
  • Extensive knowledge and experience testing DoD systems of record to include traditional systems, OT / Cyber Physical, and Cloud / DevOps
  • Familiar with DoD mission and well-versed supporting program offices and providing artifacts required to satisfy AO requirements for C-ATO.
  • Established history of identification and exploitation of complex / critical vulnerabilities (e.g. punching programs in the face)
Is This Right For Us?

This product is built to serve:

  • Businesses servicing DoD customer for delivery of systems.
  • Principal Use Case: Customers targeting development (CI/CD) / deployment of containerized / virtualized and clustered workloads via cloud services LaaS, PaaS, SaaS.

Objectives: Target enumeration: strategy development / Scoping
Tasks:

  • Enumerate target environment
  • Identification of high-impact targets and data within the environment
  • Threat modeling / OSINT
  • Strategy development
  • Cooperative vs. Red
  • Rules of Engagement

*Limited assessment of primary areas of concern

Deliverables:

 

  • Assessment Report containing:
    • Threat Model
    • Test strategy / Plan
    • Assessment results

Objective:

  • Identify / exploit weaknesses and vulnerabilities (before adversary)
  • Monitor open-source feeds for exploits / attack TTP
    • Emulate TTP against target environment
    • Report exploitable weakness / vulnerability to DevOps
    • Validate fix actions
  • Internal Assessment:
    • Insider / persistent threat
    • Assessment of internal controls – role / privilege escalation
  • External assessment:
    • Persistent attack surface monitoring
      • OSINT
      • Active Scanning
    • Exploitation
      • Incident detection / response
      • Foothold / pivot / persistence
  • Consulting Support:
    • Provide design review / risk assessment support