Strong Crypto Innovations (SCI) Strengthens Cyber Security Portfolio with SentinelOne’s Next Generation Endpoint Protection

Strong Crypto Innovations, leaders in providing information security solutions to the Federal government, and commercial organizations of all sizes; today announced it has selected SentinelOne’s next-generation endpoint protection platform as an important component of its cyber security strategy.

SentinelOne provides an advanced solution that protects organizations from becoming victims of advanced malware, such as ransomware, and exploit-based attacks. Unlike signature-based security products that rely on static analysis, SentinelOne’s Dynamic Behaviour Tracking (DBT) engine closely monitors each newly-created process on a machine through its lifecycle, identifying malicious patterns and eliminating threats in real-time. This approach defends against advanced cyber attacks and insider threats that use stealthy evasion techniques, which can bypass traditional security methods.

Comments Alexander J. Fry, President at Strong Crypto Innovations

“SentinelOne’s solution is an important offering in our comprehensive approach to cyber security, and further strengthens the protection that we can offer customers as cyber attacks become harder to detect. As we’ve seen in recent months, the volume of ransomware attacks has grown substantially. In fact, today the Federal Trade Commission is holding several panel discussions on ransomware. So it’s more important than ever that we provide customers with the most advanced solutions to protect them from these threats, including zero day variants. SentinelOne’s solution stood out to us as providing an innovative and dynamic new approach, combining sophisticated machine learning with real-time threat intelligence to ensure customers have the best possible endpoint protection. SentinelOne is also the Only Endpoint Protection Company to Guarantee its Technology. If they’re unable to block or remediate the effects of a ransomware attack, they will reimburse the company or organization up to $1000 per endpoint, or $1,000,000 in protection overall for the company.”

Comments Magali Bohn, Head of Worldwide Channel Sales at SentinelOne

“We’re delighted to partner with Strong Crypto Innovations. The Federal government and commercial organizations that SCI serves have some very real challenges in this new era of ransomware and our solution is designed to help them keep pace with these and to protect what is often seen as the ‘soft’ target by cyber criminals: their endpoints.”

The realities of data security in the U.S. today

The realities of data security in the U.S. today

…what government agencies, businesses, and the public NEED to know!

 

Luray, VA:  It’s no secret that technology today is moving faster than ever… but is data security keeping up? In a recent Washington Examiner interview, Strong Crypto Innovations President and Principal Security Consultant, Alexander J. Fry, talked about the realities of the data security landscape, and how government agencies can become better protected.

Read the interview here: http://www.washingtonexaminer.com/4-ways-the-government-can-improve-its-tech-talent/article/2598518

 

What’s the REAL risk?

For most Americans, the fear of a nuclear attack has long been the greatest perceived threat to the nation. Yet with highly sophisticated cyber-hackers already penetrating security walls, an attack that could paralyze businesses, a major city, or even the entire country, is well within the realms of possibility. Experts like Alexander J. Fry are acutely aware of these realities.

Fry and his team have provided security to the Department of Homeland Security, Internal Revenue Service, Social Security Administration, NASA, Department of Labor, Department of Commerce, Department of the Army and the Department of Housing and Urban Development. A holder of the prestigious GIAC Security Expert (GSE) designation (held by only 150 individuals worldwide), Fry is recognized as one of the best in his field – and he’s passionate about helping organizations to achieve their optimal strategic security objectives.

Said Fry, “Agencies and businesses simply aren’t keeping up with the mindset and skills of the hacker.

 With the security talent pool currently available in the U.S., no organization needs to go unprotected, and both government and corporate secrets, and the personal information of the American people, can be well secured. Agencies need to re-think their hiring protocols and make jobs more appealing to the kind of employee they need to attract.”

 

About Strong Crypto Innovations

Strong Crypto Innovations provides information and software security solutions to businesses and government agencies. The company’s solutions-based approach to data security not only aids organizations in protecting their data, but also assists them in recovery in the case of a breach.

See the full suite of Strong Crypto data security solutions at https://www.strongcrypto.com, or contact Alexander J. Fry at 703.574.4975 for more information.

Alexander J. Fry holds the following certifications: SANS GIAC – GSE, GCPM, GPEN, GMOB, GCIA, GCIH, GSEC, GSSP-JAVA, GWAPT ; EC-Council – LPT, ECSA, CEH ; (ISC)² – CSSLP, ISSAP, ISSEP, CISSP ; IAPP – CIPP/E, CIPP/US, CIPT ; Red Hat – RHCE ; Microsoft – MCP ; Cisco – CCNA. ; CompTIA – CompTIA Network+, CompTIA A+ ; Sun – SCJP1.1 and SCJP2.

Automating Web Application Vulnerability Scanning in Amazon Web Services with Netsparker

diag

 

The above high-level data flow diagram illustrates a custom-solution we developed for a client who has migrated their software development environment and production applications to Amazon Web Services (AWS).

Many organizations are migrating their software development, quality assurance (QA), and production environments to Amazon Web Services (AWS). Netsparker Professional Desktop can be deployed in this environment to scan applications in both QA and Production. The scanning can be automated and vulnerabilities can be manually submitted to an issue tracking system. The above diagram is an example of how to deploy Netsparker Professional for automated scanning of a Web Application in QA.

  1. Netsparker Professional is installed on an EC2 instance in the Security Management Virtual Private Cloud (VPC).
  2. The Web application to be scanned is located in a QA VPC with its supporting build and deployment systems.
  3. A Jira issue tracking system is located in the Development VPC.
  4. The VPCs are initially configured with private IP addresses and Security Groups that do not allow inbound access. The connection from the Security Management VPC to the QA VPC; and Security Management VPC to Development VPC is configured with VPC peering. “A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.”1
  5. A scheduled task in Windows executes a batch file that launches Netsparker, scans the Web application in the QA environment, generates a detailed scan report2, and sends an e-mail notification when the task is triggered, and upon completion.3
  6. If there are any vulnerabilities, they can be submitted directly to Jira from Netsparker using the “Send To Action” feature.4

References:

1 – http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html#create-vpc-peering-connection

2 – https://netsparker.zendesk.com/entries/121421-reading-target-websites-from-a-text-file

3 – https://technet.microsoft.com/en-us/library/cc748993.aspx

4- https://www.netsparker.com/blog/docs-and-faqs/integrate-netsparker-web-security-scanner-bug-tracking-system/

 

Strong Crypto Innovations Leverages Netsparker Cloud to Secure the SDLC

Strong Crypto Innovations LLC, a software security services firm in Northern Virginia, today announced its partnership with Netsparker. Strong Crypto Innovations will start offering web application security scans to its customers using Netsparker Cloud, the only false positive free online web application security scanner.

Strong Crypto Innovations is an official Netsparker reseller of both Netsparker’s online service offering Netsparker Cloud, and the desktop edition of the scanner Netsparker Desktop.

“We are pleased to announce this technology alliance,” said Ferruh Mavituna, Netsparker CEO. “By providing web application security scans and reselling the service and software, Strong Crypto Innovations is helping organizations integrate web application security scans in their SDLC and ensure they all build and maintain secure web applications”.

The Netsparker Cloud web scanning solution complements penetration testing delivered by Strong Crypto and provides additional security assurance for Strong Crypto customers. “Offering Netsparker Cloud provides Strong Crypto’s customers with the tools to strengthen their web application security programs in a long-term and sustained way,” said Alexander J. Fry, President at Strong Crypto Innovations. “With Netsparker Cloud, our customers can quickly and easily implement a continuous monitoring program as well as address FISMA and PCI compliance.”

About Strong Crypto Innovations LLC

Strong Crypto Innovations LLC has provided world-class software security services and solutions to organizations since being founded in 2006 by Alexander J. Fry.

Strong Crypto provides penetration testing services that are carefully scoped to meet its customer’s needs, professionally conducted and competitive within the industry. Its penetration testing engagements have grown over the years from individual mobile and Web applications to large-scale wireless networks; offices, retail locations, point of sale; cloud and Internet infrastructure.

Strong Crypto’s mission is to improve the security and reliability of customer software and protect their applications on a wide range of technologies and architectures. Strong Crypto ensures that their clients’ applications are “self-defending” for their target environments and meet compliance requirements such as DIACAP, FISMA, PCI, HIPAA, and the EU Data Protection Directive. Strong Crypto will “teach your software self-defense”™. To learn more about Strong Crypto Innovations, visit https://www.strongcrypto.com

About Netsparker Cloud

Netsparker Cloud is an enterprise level false positive free online web application scanner developed by Netsparker Ltd. It is a fully scalable multi user service that enables users to easily scan hundreds and thousands of websites simultaneously. Its vulnerability management tool and fully documented API allow enterprises to easily manage the long term security of their web applications and integrate automated web application security scans in their SDLC and Continuous Integration system. Netsparker Cloud is built around the already proven scanning technology of Netsparker Desktop, which is used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.

About Netsparker Ltd

Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive web application security scanners Netsparker Desktop and Netsparker Cloud. Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products. Founded in 2009, Netsparker’s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank, Skype and Ernst & Young.

Media Contact:
Alexander J. Fry, President/Principal Security Consultant
14001C St. Germain Drive, Suite 210
Centreville, VA 20121-2338
+1 (703) 574-4975
alex@strongcrypto.com
https://www.strongcrypto.com

[dt_gap height=”40″]

Strong Crypto Innovations Publishes Ethical Hacking Case Study For US Department Of Labor

Washington D.C. area veteran ethical hacking company Strong Crypto Innovations was asked by the U.S. Department of Labor to conduct an Independent Security Assessment. Recent security breaches have necessitated more of such exercises to help prevent the theft of key personal information.

For the last decade Alexander J. Fry and his company, Strong Crypto Innovations, have been working in the business of keeping critical information secure. Certainly in the last year there have been spectacular breaches of sensitive personal information, and a possible endgame for such marauding could be as dramatic as the takedown of an economy. Recently Strong Crypto published a case study of their work for the U.S. Department of Labor to illustrate the usefulness of ethical hacking assessments.

“Too many organizations focus most on compliance, with only a nod toward security,” said SCI founder and owner Alexander J. Fry. “We understand the need for both and we teach organizations how to leverage compliance to improve security. By introducing the right mix of security best practices, the organization is better able to protect itself and ultimately ends up meeting compliance mandates.”

To be successful the Strong Crypto team had to work after hours and on non-business days, and within a specific timeframe for the completion of the assessment. Another challenge in the procedures involved the CSAM application (in which assessment findings were required to be input/validated) as it resides on a Department of Justice system that is outside the control of DOL. Results delivered to DOL included vulnerability findings and remediation advice, backup and contingency planning recommendations, component inventory and configuration management recommendations and operational process improvement recommendations.

“To protect your intellectual property, it is imperative to build-in custom countermeasures such as embedding a beacon on ex-filtrated data to identify the sources of attack, or embedding code on the stolen data that can corrupt the perpetrators’ systems. At SCI we think in terms of parry then thrust when it comes to creating defenses for our clients,” said Alexander J. Fry. “In cyber security, it’s a war that requires a strong offense as well as complex protection.”

Strong Crypto Innovations specializes in working with the U.S. Federal government and Fortune 500 clients in industries such as financial services, health care, software development, digital media, and publishing. More information about services and deliverables can be found on the Strong Crypto Innovations website.

About Strong Crypto Innovations
Strong Crypto Innovations has provided world-class software security training and services to organizations with critical applications since being founded in 2006 by Alexander J. Fry. Strong Crypto’s mission is to improve the security and reliability of client software and protect their critical applications on a wide range of technologies and architectures. Strong Crypto ensures that their clients’ applications are “self-defending” for their target environments and meet compliance requirements such as DIACAP, FISMA, PCI, HIPAA, and the EU Data Protection Directive. Strong Crypto will “teach your software self-defense” ™. To learn more about Strong Crypto, visit https://www.strongcrypto.com.

Media Contact:
Alexander J. Fry, President/Principal Security Consultant
14001C St. Germain Drive, Suite 210
Centreville, VA 20121-2338
+1 (703) 574-4975
alex@strongcrypto.com
https://www.strongcrypto.com

August 19, 2013 – Alexander J. Fry Named ISSA Senior Member

Summer Class of 2013 Recognized for Contributions
to the Cybersecurity Community

Northern Virginia – August 19, 2013 – Strong Crypto announced today that Alexander J. Fry has been named a Senior Member by the Information Systems Security Association (ISSA). ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure.

Twice each year an exemplary group of longstanding ISSA members are recognized in three categories: Senior Members, Fellows and Distinguished Fellows. Senior Member honors established cybersecurity professionals with ten or more years of experience for their contributions to the security community and commitment to the mission of the association.

“The Fellow Program attracts a highly competitive pool of candidates and I am pleased to announce that 58 members from 21 chapters have been awarded Senior Member status during the summer 2013 selection cycle,” said George Proeller, ISSA Fellow Chair. “We congratulate Alexander J. Fry and greatly appreciate his contributions to this association and the international cybersecurity industry.”

Alexander J. Fry is an occasional speaker and co-author of the Certified Secure Software Lifecycle Professional (CSSLP) prep course for the ISSA-NOVA chapter. He is active in several areas of security research including mobile application and device security and custom solutions for protecting intellectual property.

“The appointment to Senior Member is an honor that ISSA bestows upon those members who have demonstrated a long-term commitment to both the profession and the organization. These are the types of people who are leaders in the field and deserving of such acknowledgement from their peers,” added Ira Winkler, ISSA President.

About Strong Crypto
Strong Crypto is a consulting firm that specializes in software security, mobile application and device security, and bespoke security solutions. Strong Crypto helps organizations improve the security and reliability of their software and protect their critical applications on a wide range of technologies and architectures.

About the ISSA
The Information Systems Security Association (ISSA)® is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries – from communications, education, healthcare, manufacturing, financial and consulting to IT – as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Visit ISSA on the web at www.issa.org and follow us on Twitter at @ISSAINTL.

###

Media Contact:
publicrelations@issa.org
866-349-5818 x102

April 22, 2013 – Strong Crypto Adds ThreadStrong e-Learning to its Application Security Education Portfolio

Northern Virginia and San Antonio Texas – April, 2013 – Strong Crypto, LLC, a software security consulting firm in Northern Virginia, announced today its agreement to offer ThreadStrong’s comprehensive library of secure development e-Learning courses.  Strong Crypto is committed to facilitating the tools required for developers to gain the secure coding knowledge needed to build fundamentally secure software.

“We are pleased to announce this educational alliance with Strong Crypto,” said John Dickson, Denim Group Principal. “By leveraging the ThreadStrong secure development e-Learning library, Strong Crypto is able to provide a distributed learning approach for client development teams.”

The ThreadStrong E-Learning solution complements classroom training delivered by Strong Crypto and provides year-round training capability for Strong Crypto clients.  “Offering ThreadStrong provides Strong Crypto’s customers with the tools to strengthen their application security programs in a long-term and sustained way,” said Alexander Fry, CEO at Strong Crypto. “With ThreadStrong e-Learning, our customers can quickly and easily implement a secure development training program as well as address DIACAP and STIG compliance.”

About Strong Crypto, LLC

Strong Crypto, LLC has provided world-class software security training and services to organizations with critical applications since being founded in 2006 by Alexander J. Fry. Strong Crypto’s mission is to improve the security and reliability of client software and protect their critical applications on a wide range of technologies and architectures.  Strong Crypto ensures that their clients’ applications are “self-defending” for their target environments and meet compliance requirements such as DIACAP, FISMA, PCI, HIPAA, and the EU Data Protection Directive.  Strong Crypto will “teach your software self-defense”™. To learn more about Strong Crypto, visit https://www.strongcrypto.com

About ThreadStrong

ThreadStrong application security e-Learning courses have trained thousands of developers in secure development practices globally, demonstrating the effectiveness of the online training.  Used internationally by Fortune 500 companies and more, ThreadStrong’s modularized content addresses specific learning objectives using a structured, building-block approach. This helps ensure that each lesson facilitates the learning objectives in the most effective way for each individual in training while enabling team members to learn at their own pace.  In addition,  the course modules are continually available as a reference tool that developers can return to even after training to refresh their knowledge.  ThreadStrong also provides a practical, cost-saving solution for organizations with developers scattered across the globe. Regular updates to course content keep developers up-to-date with the newest security threat and attack technique discoveries on a regular basis.

Utilizing ThreadStrong ensures that software developers, QA analysts, database administrators, and technical project managers receive the critical training they need in order to develop more secure applications. Strong Crypto has leveraged ThreadStrong to meet Information Assurance training requirements such as those mandated by the DoDD 8570.01 and referenced in the DISA Application Security and Development STIG which states, “Education and Training should be provided to all levels of management, including Team Leads, Program Managers, and upper management.  A critical step in improving application security is educating managers, designers, developers, and testers. This education should focus on the security aspects of the development process relevant to an individual.”

About Denim Group

Denim Group is the leading secure software development firm. The company builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that they bring significant core competencies in software security to the table which offers an innovative blend of secure software development, testing and training capabilities that protect a company’s biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense industries. The depth of experience building large-scale software development systems in a secure fashion has made the company’s leaders recognized experts in their fields. Denim Group has been identified as one of the 5,000 Fastest Growing Company’s by Inc. Magazine several years in a row, and has won multiple awards including its recent accolades as one of the best places to work in San Antonio. For more information about Denim Group visit http://www.denimgroup.com.