REQUEST FOR INFORMATION

Transcription

1 Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September Loisdale Rd, Ste 325 Springfield, VA Contact: Andrea Suzara Bennett i

2 Table of Contents I. introduction:...2 Cloudburst Security brings over 8 years of proven experience providing Incident Response services to numerous government and commercial clients. We have led Incident Response efforts for high-profile, mission critical government agencies, in several cases our staff received customer awards for their dedication and positive impact on response and mitigation efforts. We stand ready to partner with the State of Florida to improve cyber security posture and respond appropriately to cybersecurity incidents....2 II. Background:...2 III. COntact information...2 Iv. Response Pre-INCIDENT services...2 a. Incident Response Agreements Terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident....2 b. Assessments - Evaluate a State Agency s current state of information security and cyber-security incident response capability....2 c. Preparation Provide guidance on requirements and best practices....3 d. Developing Cyber-Security Incident Response Plans Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security incident. 3 e. Training Provide training for State Agency staff from basic user awareness to technical education Post incident services...3 a) Breach Services Toll-free Hotline...3 b) Investigation/Clean-up...3 c) Incident response...4 d) Mitigation Plans...4 e) Identity Monitoring, Protection, and Restoration...4 1

3 I. INTRODUCTION: Cloudburst Security brings over 8 years of proven experience providing Incident Response services to numerous government and commercial clients. We have led Incident Response efforts for high-profile, mission critical government agencies, in several cases our staff received customer awards for their dedication and positive impact on response and mitigation efforts. We stand ready to partner with the State of Florida to prepare for cybersecurity incidents and to provide rapid expert incident response and mitigation services should an incident occur. II. BACKGROUND: Today s cyber threat environment requires advanced Incident Response capabilities to rapidly respond and mitigate impact from cyber incidents. No organization is immune. Cloudburst Security draws upon our advanced cyber threat intelligence, security operations, security engineering, and incident response capabilities to bring a complete and optimized Incident Response solution to our customers, which minimizes negative impacts from cybersecurity incidents. III. CONTACT INFORMATION Company Name: Cloudburst Security POC: Andrea Suzara Bennett, President Phone: andrea.bennett@cloudburstsecurity.com The Cloudburst Difference Provided key surge support to Office of Secretary of Defense during APT Incident Over 8 years experience dealing with Advanced Persistent Threat (APT) Incident Response Team has average of 14 years experience Offering Incident Response as a Service to multiple government & commercial clients Advanced cyber threat intelligence capability Women-Owned Small Business IV. RESPONSE 1. PRE-INCIDENT SERVICES a. Incident Response Agreements Terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident. Cloudburst Security offers Pre-Incident Services to both commercial and government clients. For example, we provided Pre-Incident Services as well as surge Incident Response support to the Federal Housing Finance Agency, Office of Inspector General (OIG). This includes annual review of their Incident Response capabilities, processes, and procedures, review of their security tool configurations, and urgent incident response services should an incident occur. b. Assessments - Evaluate a State Agency s current state of information security and cybersecurity incident response capability. We provide assessments of information security and incident response capabilities. We have performed over 300 cybersecurity assessments for both commercial and government clients, including incident response capabilities. Our information security assessment experience includes a wide range of assessment types, including vulnerability assessment, risk assessment, penetration testing, spear phishing exercises & training, physical security assessments, social 2

4 engineering, security operations capability assessments, incident response capability assessments, application security, compliance-focused assessments (HIPAA, FISMA, PCI, etc.), and security architecture assessments. c. Preparation Provide guidance on requirements and best practices. Cloudburst offers incident response preparation services based on customer and industryspecific requirements and best practices such as NIST Special Publication , and others, as well as our own practical experience gained from over 8 years performing Incident Response. d. Developing Cyber-Security Incident Response Plans Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security incident. A well-written, oft-exercised Cybersecurity Incident Response plan is a crucial component in a mature Incident Response capability. Cloudburst Security has deep experience not only developing plans, but also in creating realistic scenarios and leading Incident Response exercises. e. Training Provide training for State Agency staff from basic user awareness to technical education. We provide cybersecurity training of several types and levels. For example, we recently developed a cybersecurity awareness training for a local bank s business users. We have also coordinated training events, developed and delivered highly technical training for government clients such as the Office of the Secretary of Defense (OSD). Cloudburst Security has over 8 years corporate cybersecurity experience, and our average consultant has over 14 years cyber experience this experience and our passion for protecting client networks and educating users on cyber threats uniquely qualifies us to provide cyber training services for the state of Florida. 2. POST INCIDENT SERVICES a) Breach Services Toll-free Hotline Cloudburst Security does not offer this service. b) Investigation/Clean-up We offer a premier capability to rapidly investigate, respond, and remediate serious network incidents. For example, at OSD, we provided crucial surge support during an urgent Advanced Persistent Threat (APT) incident. Upon confirming the critical nature of the incident, our staff began incident response services within 1 hour. Our staff led rapid engineering and deployment of an enterprise forensics tool suite, performed network sweeps to determine the extent of the incident, and worked with internal and external teams to isolate and eradicate the threat, return to normal operations, and develop tactical and strategic plans to prevent similar recurrences. 3

5 c) Incident response Cloudburst understands the urgency Incident Response situations require, and have over 8 years experience providing Incident Response to federal and commercial clients. We possess experience in computer incident response gained over many years supporting Computer Incident Response Team (CIRT) processes throughout the Federal government and our own managed services and incident response services team. Our Incident Response Team is staffed with highly qualified, certified cybersecurity professionals with instant reach-back to over 100 cyber security specialists in various cyber domains. d) Mitigation Plans Developing effective incident mitigation plans requires a comprehensive understanding of multiple cybersecurity knowledge domains and an ability to rapidly take information from investigation and incident response activities and turn it into appropriate countermeasures. Cloudburst Security has over 8 years experience in all areas of cybersecurity, including security architecture and engineering. For example, at OSD not only did we perform incident response and rapid engineering/deployment during the response process, but we also assisted in mitigation planning and improvements based on information learned from the attacker tactics, techniques, and procedures (TTPs). e) Identity Monitoring, Protection, and Restoration Cloudburst Security does not offer this service. V. SERVICE CATALOG Cloudburst Security s GSA IT-70 Schedule (GS-35F-0235Y) can be accessed through We have also included an overview of cyber security capabilities as separate attachments. 4

6 Full Cyber Threat Intelligence Integration with Security Operations RESEARCH ANALYSIS RESULTS INTEL PORTAL Near real-time Intel/Threat Feeds Indicators of Compromise Malware Database Threat Cards Intel/Threat Report Products CLOUDBURST INTEL-DRIVEN ANALYSIS Threat Analysis & Research Query Engine Real-time Analyst Collaboration 24x7 Network Monitoring & Defense Automated Sensor Integration CUSTOMER BENEFITS Faster identification & remediation of Advanced Threats Reduced cost through focused analysis cycles 24x7 access to threat experts for research & analysis requests Flexible, scalable support & subscription model Cyber threat intelligence is integral to everything we do at Cloudburst, from Tier I Analysts to our senior SME s they are all armed with an arsenal built from almost 10 year s experience dealing with Advanced Persistent Threat (APT) while protecting some of the most critical networks and systems in the country. We ve built an advanced analysis support platform that allows us to quickly categorize events with high confidence level, focus analysis cycles on advanced threats, and move deliberately yet quickly through incident response phases from incident detection to remediation. ADVANCED THREATS DEMAND AN ADVANCED PLATFORM We built our analysis support platform by listening to the needs and concerns of our security operations analysts about their current tools, perceived or real capabilities gaps, and workflow. In a nutshell we asked, what would make your analysis faster, more accurate, and more focused? The result: a highly responsive, collaborative, and dynamic system that enables analysts of all skill levels to spend more of their time focused on detecting the attacks that pose the greatest risk to our clients. Notable Facts: Founded in 2006 Women-Owned Small Business 100% Cybersecurity focused 96% of staff hold TS clearance 95% employee retention rate 90% of staff hold security certifications Headquartered in Springfield, VA Client Sectors Federal Civilian Homeland Security Defense & Intelligence Healthcare Financial Energy/Critical Infrastructure Nonprofit Contact Cloudburst to Learn More Cloudburst Security 6506 Loisdale Rd., Suite 325 Springfield, VA info@cloudburstsecurity.com

7 Proactive Cybersecurity Solutions Do you feel overwhelmed by the flood of cybersecurity threats facing your organization? Are you looking for an experienced, innovative cybersecurity partner that you can rely on to help you face today s serious cyber threats head on? Cloudburst Security can help. Cybersecurity is our business and passion we have provided a full spectrum of cybersecurity services to our clients since 2006, and our consultants have an average of 15 years experience delivering critical cyber support to federal and commercial clients of all sizes and mission types. We pride ourselves on providing the industry s best minds to reduce our client s risk and impact from cyber threats. Unique Approach, Industry Leading Expertise Our consultants are known throughout the federal cybersecurity community for their leadership, professionalism, and timely sharing of high quality analysis and reporting, which assists customers in the protection of their networks. The combination of our industry leading experts and unique approach results in mission assurance for our clients. Service Offerings Our services are designed to fit your overall business objectives, while ensuring your organization s compliance with government, industry, and corporate regulations and policies. Cybersecurity Services: 24x7 Security Operations Monitoring Managed Security Services Security Architecture & Engineering Cyber Threat & Intelligence Analysis Malicious Code Analysis & Reverse Engineering Enterprise Risk Assessment Vulnerability Assessment Penetration Testing Software Assurance Assessment & Authorization Compliance services (FISMA, HIPAA, PCI) Security Policy Development Quick Facts: 100% Cybersecurity Focused Founded in 2006 Headquartered in Springfield, VA within 15 miles of Washington DC Top Secret Facility Clearance Cloudburst Security is a Women-Owned Small Business NAICS Codes: Contract Vehicles: GSA IT-70 Schedule: GS35F0235Y Navy Seaport-e: N D-7817 Supported Clients & Sectors: Department of Treasury Department of Defense Department of Energy Department of Homeland Security Banking & Finance Healthcare Non-Profits Manufacturing