Seattle, WA – July 28, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today announced the launch of its Advisory Services practice, offering strategic security consulting that leverages IOActive’s testing and research expertise to help customers better align their security programs with business objectives.
IOActive’s mission is to help customers define, prioritize, and measure the effectiveness of their organizations’ security efforts at a strategic level. The IOActive Advisory Services practice takes a unique approach to this by utilizing years of world renowned research and hacking experience. While most risk management services are based primarily on legal, accounting, or audit/compliance pedigrees, IOActive is in a distinctive position to assess security programs from the perspective of actual attackers. The company’s vast experience on the cutting edge of offensive security provides valuable and unique insight to IOActive Advisory Services customers well before threats, countermeasures, and best practices make their way into the legal or compliance standards that form the basis for conventional advisory services.
IOActive’s Advisory Services stem from emerging customer needs that are routinely identified as a result of delivering its other core security consulting services. Subsequently, IOActive began delivering Advisory Services in specific customer engagements earlier in the year to validate the market need.
“IOActive is leading the way with what I would consider the next generation of Risk Assessments,” said Ryan English, VP of IT at Insight Global. “The Program Efficacy Assessment surprised us with its clear description of where we were and what exact steps we should take to reduce the most risk.”
IOActive’s Advisory Services’ unique approach aligns to a specific and evolving need, explained Daniel Miessler, Director of Advisory Services at IOActive, “With 18 years of experience as elite testers and researchers, IOActive orients its risk management practice around the real-world risk presented by actual adversaries, not around audits and compliance.”
“The launch of our new Advisory Services practice, with its adversary-based approach, gives us the ability to measure risk and provide weighted recommendations in a way that other companies are simply not equipped to provide,” continued Miessler. “This approach allows organizations to allocate their limited resources in the most practical and efficient manner possible, and based on real-word risks, as opposed to compliance or published best practices.”
IOActive Advisory Services have five key offerings launching in 2016:
- Program Efficacy Assessment: A look at the real-world efficacy of an organization’s security program from the perspective of its most likely attackers. After completion of the Program Efficacy Assessment, clients receive ratings for each area of the program, with weighted recommendations for improving their real-world security posture.
- Threat Scenario Analysis: A tabletop exercise focused on prevention, detection, and response to the most likely and dangerous scenarios. Results of this exercise highlight methods for handling these scenarios, with actionable next-step recommendations prioritized by risk.
- Data Security Mapping: A consulting engagement that identifies and classifies company data and then maps its movement through the organization using standard business practices. This process then overlays likely threat actor methods for attacking the organization, and provides weighted recommendations for the prevention, detection, and response to these attacks.
- Secure Product Development: A look at the complete development lifecycle of a company’s primary products. Including requirements, design, implementation, and maintenance, Advisory Services looks at the many considerations that go into creating and maintaining the security of a flagship technology product. This offering also includes multi-dimensional considerations, such as supply chain security, public vulnerability management, and more.
- Adversary Emulation Services: A unique approach to Red Team services that focuses on reproducing the techniques, tactics, and procedures used by the threat actors an organization is likely to face in the real world, as opposed to internal, vendor preferred, or compliance-based techniques. This offering also evaluates internal Red Teams in the key areas of Organizational Independence, Defensive Coordination, Continuous Operation, Adversary Emulation, and Efficacy.
Today, deliverables produced by most strategic security consulting services are aimed solely at security audiences, as opposed to business decision makers. These typically include reports that can take days or weeks to even translate into usable form. IOActive’s Advisory Services deliverables are concise, transparent, and business-contextual, providing actionable, prioritized, risk-weighted recommendations that help a business to better protect its assets and achieve its short- and long-term strategic objectives.
To learn more visit http://www.ioactive.com/services/advisory-services.html or register here to attend IOActive IOAsis Las Vegas 2016 on August 3rd, 4th, and 5th. IOActive’s Advisory Services will be featured in various discussions, including Daniel Miessler’s presentation, “An OFFESC Approach to Risk Management” on August 3rdat 5:00 p.m. PDT. View the full schedule here.
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.