Services
Security Assessment
A security assessment helps clients discover security concerns in their products and mitigate issues before they become problematic. Security assessments let our clients resolve vulnerabilities in their products, increase confidence in the cybersecurity aspects of their products and development processes, and meet compliance requirements.
Our security assessment approach begins with identifying the risks present in the product. From this, a plan of attacks is created to guide the assessment efforts. Research is performed against the target to identify weaknesses, vulnerabilities, and opportunities for hardening. Finally, a report and presentation is delivered with specific guidance on how to mitigate issues and increase the security posture of the system.
Design Advisory
Due to the complexity of modern systems, security needs to be integrated early in the design process. Early product security requirements, component selection and schematic design have major implications for the security attributes of a product. When security is not considered early in the process, fixing issues becomes prohibitively costly. This can be avoided with security design advisory throughout the process.
We have unique experience that combines security with the development, design, and testing of embedded systems. This experience lets us integrate with your engineering teams and advise on security topics in a manner that best suits the team.
Cryptography Services
Vulnerabilities within cryptographic systems can be subtle and are often poorly understood. These vulnerabilities can linger undetected for years, and the impact of their exploitation can be disastrous. Leverage our years of industry experience to ensure that your cryptographic systems can deliver the security guarantees that your product design demands.
We can assist with the design and review of your cryptographic primitives, protocols, implementations, systems, and applications – including post-quantum cryptography. We also have extensive experience working with Privacy Respecting technologies including Multi-Party Computation and encrypted messaging. From Asymmetric Cryptography to Zero-Knowledge protocols, we have you covered.
Supply Chain Security
How can you build a secure product if you don’t trust licensed components or the factory you use to manufacture? Practical support, timing, and cost considerations have made vertical integration a rarity; other-sourced components and outsourced manufacturing means that at least some portion of your product is produced in untested facilities. Moreover, your products are likely to include untold amounts of third-party IP in the form of components and firmware, all of which bring potential vulnerabilities which may affect the security of your products.
We have first-hand experience investigating and mitigating counterfeiting and other supply chain risks at scale, as well as assessing the security of the firmware supply chain. We can assist your organization in identifying, mitigating, and remediating risks in these areas.
Product Lifecycle Support
The life of a product does not end once it is shipped. If it has your company name on it, it has the power to affect your brand. To ensure the best customer experience and maintain their trust, we can help you with all aspects of the post-sale lifetime of a product.
- Response preparedness, incident management and root-cause analysis
- Product security updates, rollout and fleet management
- Forensics and data recovery
- Reverse Engineering, anti-counterfeiting and IP theft detection
Training
For companies seeking to educate staff on how to strengthen and improve security during the design, implementation, quality assurance and maintenance of software and products, we provide a variety of training services. Our courses are an extension of the research completed day-in and day-out in the field during engagements. This includes sharing proofs of concepts that provide insight into both the struggles organizations face on practical difficulties and the novel work being done on cutting-edge technology. Our courses include:- Reverse Engineering Firmware with Ghidra
- Security Assessment for Embedded Systems
- Cryptography for Developers