Defensive Services

We use our offensive testing experience to design solutions that are resistant to an expert attacker.

Security Architecture and Risk Reviews


We provide security guidance to our clients throughout the secure system development life cycle. We do not conduct academic review exercises that don't reflect real-world risks. We employ "mental hacking" - our term for applying how we penetrate or reverse engineer systems - how would we break the system being reviewed? We combine that with security best practices that we know from experience will prevent or add significant security speed bumps to an attacker.

Our reviews include a wide spectrum of systems such as mobile devices, sensors, applications, networks, and cloud environments.

Patent Infringement Investigations


We serve as a force multiplier to patent engineering and legal teams.

Our patent infringement investigative support began when a Fortune 50 software vendor asked us to use our black box testing experience to provide advanced technical evidence collection services that its current vendors were unable to provide.

Today, we provide open source collection (OSINT), claim-charting, black box testing, and technical training to patent engineering and legal teams. While the requirements of each case dictate our specific approach, the primary objectives are to provide inference or proof of infringement, technical evidence to support discovery phase, and or evidence that leads to settlement.

We apply innovative data collection methods, reverse engineering, protocol analysis, source code examination and black box testing skills to patent cases typically in new technology areas such as cloud, machine learning, big data, Internet-of-Things (IoT), mobile, and web services.

Training


We provide custom security training; primarily at the request of current clients. Typically, the training is presented from the perspective of a skilled attacker and is based on the real-world security experience and ethical hacking techniques of KoreLogic security engineers. The following are representative examples:

  • Current Trends and Methods: Clients invite KoreLogic to annually present key security trends, practices and methods we have observed.
  • Web Application Security Training: We deliver annual web application security training to this Fortune 500 firm's application development and security staff. In addition to industry best practices, KoreLogic creates scenarios and attack simulations specific to its business units.
  • U.S. Special Forces: This training was presented to operators to raise their awareness of the cyber threats they face when operating in hostile environments without their secure communications gear. Topics covered included electronic footprints and information leakage resulting from the use of public wireless and mobile networks.
  • Incident Response Tabletop Exercises: For multiple clients, KoreLogic conducts IR drills to test the readiness and effectiveness of their IR program. We can integrate the results of our penetration tests into the drills to help security teams understand how we evaded their threat monitoring.

Other Defensive Services


When our clients ask us for support that falls into a custom or specialized area, we accept these projects if we feel we have the requisite skills. The projects are often an offshoot of previous testing projects with the goal of improving the client's IT resiliency. Here are a few examples:

  • Security Roadmap: Developed a roadmap to meet a CIO's need to create a more resilient security posture using risk-prioritized requirements and to enable the CIO to clearly answer the question "what are we doing about security?"
  • Antivirus Product Benchmarking: KoreLogic was retained by a large anti-virus (AV) vendor to benchmark their product against their top competitors. KoreLogic created a test environment that consisted of a distributed malware sandnet where infected system images (real or virtual) were compared against known baseline images to determine whether or not a given system was infected, when it was infected, and which registry settings and/or files were modified, created, or deleted.
  • Forensic Capability Maturity Model (FCMM): KoreLogic developed a model for assessing an organization's computer forensic capability and includes forensic program elements (business and technical). Business elements involve the overall management and support of the forensic operation (e.g., training employees) and technical elements involve actions directly related to performing forensics work (e.g., imaging a disk drive).
  • Incident Response Program Assessment, Design, and Validation: For multiple clients, KoreLogic has evaluated existing IR programs, designed new programs, developed IR playbooks and delivered tabletop IR exercises.