Information Security

Malicious actors have a singular focus to wreak havoc and impact the data and operations of organizations. As the threat environment evolves, ITS Agile cybersecurity services also evolve to mitigate new and emerging threats while insuring our federal customers maintain compliance with all relevant policies and regulations.

Active Cyber Defense

ITS Agile provides a wide range of cybersecurity services all centered on providing an ‘Active Cyber Defense’ (ACD) which continuously addresses the threat landscape and enforces a defensive posture insuring business operations are maintained.  This ACD approach is based on the DHS Intrusion Defense Chain approach which looks to disrupt malicious actors and prevent data from leaving protected enclaves.

Our staff provides hands on cyber engineering utilizing the latest commercial cyber vendor toolsets and has extensive experience coordinating with DHS US-CERT to quantify and deploy Indicators of Compromise (IOC) for operational environments.

Security Operations Center

ITS Agile’s SOC analysts and incident responders utilize a wide range of cyber tools to understand threat vectors as they get identified and seek to minimize any and all impacts to IT system users.  We focus on people, process and technology continuous enhancements in order to improve the overall effectiveness of SOC daily operations.  We are skilled at analyzing observed threat vectors and generating readable reports that get shared out across an enterprise reducing the risk of re-infections and of malware propagation.

For NOAA, the ITS Agile team designed and deployed a multi-agency Trusted Internet Connection Access Point (TICAP) which enhanced federal cyber security by routing traffic through a common access point and enabling system log content rules to evaluate the network traffic and probe for exploits.

Incident Response Forensic investigation

We utilize a range of techniques to conduct root cause analysis insuring cyber threats are understood from the point of intrusion and that mitigation actions are enabled across the enterprise infrastructure.

To understand the external threat landscape and create a wide aperture on threat mitigation we have integrated commercial and federal and open sources into a consolidated dashboard view supporting SOC analysts and incident responders.  Automated content rule execution enables billions of transaction events to be evaluated for further forensic analysis reducing the labor required to thwart cyber issues such as malware, rootkits and command and control server beaconing.

Key specific services include:

  • Security Operations Center (SOC) establishment and maintenance

  • Incident Response forensic investigation

  • Federal Cybersecurity policy compliance

  • SOC analyst and incident responder playbook creation

  • Obtaining Authority to Operate (ATO)

  • Identity and Credential Management (ICAM) to enable Single Sign On (SSO)

  • Vulnerability scanning and active management

  • NIST SP 800-53 Security Control mapping

  • Web content and email filtering

  • Cyber Service Level Agreements (SLA)

  • Business Impact Analysis

  • Security Incident and Event Management (SIEM) operations

  • Security data analytics through utilization of Splunk

  • System and network administration of cyber hosts and devices

  • Implementation of Agile principles and techniques into cyber operations