IPKeys Cyber Lab as a Service™ (IPKeys CLaaS™)
GSA CONTRACT NUMBER: GS-35F-419CA | SPECIAL ITEM NUMBER 132-51 IT PROFESSIONAL SERVICES
IPKeys Cyber Lab as a Service™ (IPKeys CLaaS™) provides best-in-breed cybersecurity capabilities and experts delivered as a single service that dynamically monitors and reports to the client the defensive posture of their IT infrastructure. IPKeys CLaaS™ can be deployed on-premise using hardware or virtual solutions for protection of the client systems and data. IPKeys CLaaS™ can accept software source code in our secure lab for analysis during your software development life cycle thereby addressing security issues and protecting systems and data at the design phase. This approach can reduce after-deployment remediation costs by as much as four to five times. (Periodic scans are required to maintain Federal compliance. IPKeys CLaaS™ ensures compliance.)
Protecting IT Infrastructure, Data, and Brand Integrity
With the ever-present and continually evolving sophistication and malignancy of cyber threats that can exploit the smallest vulnerability, infrastructure assets from applications to the entire network can be compromised in moments. Damage can include exposed or corrupted data, loss of intellectual property, the costs of ransom and/or system recovery, and potential loss of brand value. Accordingly, the federal government has issued mandates to all healthcare organizations, federal agencies, and financial institutions requiring compliance with policies, principles, standards, and guidelines for protecting their systems and data. Typically, the complexity and cost of compliance will preclude an in-house solution.
IPKeys CLaaS™ was developed to address the federal mandates for protection of systems and data and comes fully-equipped with the latest in cybersecurity technology, expert personnel, and effective policy directives.
Cybersecurity Risks and Federal Remediation Guidelines
Information security incidents reported by federal agencies to the U.S. Computer Emergency Readiness Team (CERT) continue to increase. In fiscal year 2006, there were 5,503 reported incidents. By fiscal year 2015, the number of reported incidents had jumped to 77,183, an increase of over 1,300%. The costs of exploited vulnerabilities can be significant for organizations:
- The FBI estimates that victims spent at least $1 billion in ransom payments in 2016.
- Cyber attacks cost companies an average of $4 million each, according to the Ponemon Institute.
- Juniper Research estimates the overall cost of cyber crime will reach $2 trillion by 2019.
GAO Study and Recommendations
In its September 19, 2016 study of Federal Information Security, the U.S. General Accounting Office (GAO) indicated that the policy framework established for federal government data security has had inconsistent implementation and that further action was needed:
- Effectively implement risk-based information security programs.
- Improve capabilities for detecting, responding to, and mitigating cyber incidents. Even with strong security, organizations can continue to be victimized by attacks exploiting previously unknown vulnerabilities. To address this, need to expand the capabilities and adoption of its intrusion detection and prevention system, and agencies need to improve their practices for responding to cyber incidents and data breaches.
- Expand cyber workforce and training efforts.
How IPKeys CLaaS™ Can Help
IPKeys CLaaS™ was developed to address the GAO’s Federal Information Security study. IPKeys CLaaS™ is delivered ready to serve organizations with the latest in cybersecurity technology, expert personnel, and effective policy directives that:
- Allows customers to focus on their core mission and business with a consistent security implementation;
- Reduces cost and schedule while increasing performance to achieve and maintain security authorization through a single solution;
- Supports mandated requirements for protecting systems and information;
- Optimizes remediation by clearly specifying the types and methods required to resolve discovered issues; and
- Preserves client brand integrity.
The IPKeys CLaaS™ Three-Facet Security Model
IPKeys CLaaS™ provides visual mapping of the "as is" IT infrastructure establishing a static view of the system and baselines for the system and associated assets at a given time.
These scans and assessment can identify vulnerabilities and provide reports that visually indicate any deviations from their IT infrastructure baselines while giving clear insights on current and emerging threats and costs that can impact that infrastructure.
IPKeys CLaaS™ has the capacity to understand the context of the IT infrastructure. IPKeys CLaaS™ continually monitors and can provide a dynamic view of the IT infrastructure's monthly operations and potential vulnerabilities while alerting the customer to changes in this IT infrastructure map as they occur.
Sensing classifies deviations from the established “normal” baseline for the IT infrastructure and alerts the customer when changes exceed preset parameters.
IPKeys CLaaS™ transforms the mapping and sensing data into actionable information that can be used to proactively drive changes within the IT infrastructure. Responding provides the optimal mix of capabilities within the defined budget with maximum automation and continuous monitoring.
Moving from “human in the loop” to “human on the loop” ensures proactive responsiveness necessary to understand and mitigate the dynamic threat exposure.
Benefits and Features Under IPKeys CLaaS™
|Software system hardening assessment|
|Coverage of over 100 generic vulnerabilities with great performances against all Open Web Application Security Project (OWASP) top 10|
|Scan host or particular branch of website|
|Support for numerous types of attack insertion points|
|Vulnerability scanning of IT Infrastructure|
|Tune scans to suit unique requirements|
|Perform detailed analysis of the results|
|Run secondary tools|
|Recommend and apply mitigation to vulnerabilities|
|Increase security posture of IT Infrastructure|
|Provide continuous monitoring IAW RMF|
|Alert stakeholders of zero-day or other threats|