SimVentions helps ensure cybersecurity is considered both early and often as we guide programs and systems through the development process. Our team of certified cybersecurity engineers has a broad spectrum of capabilities applicable across the domain to include: secure design and development systems, system certification and accreditation (C&A), security and penetration testing, supply chain analysis, and ongoing maintenance and security posture monitoring. SimVentions has applied cybersecurity best practices to the development, integration, and maintenance of enterprise systems, core networks, labs, and critical systems.
SimVentions offers a highly experienced cybersecurity assessment team with multifaceted backgrounds in non-invasive and invasive assessments and testing. We have multiple personnel who have planned, led, and executed both covert and overt cybersecurity assessments on multiple systems ranging from enterprise assets to stand alone tactical networks. Our penetration testers assess the organization’s ability to protect, detect, react, and restore in response to an advanced persistent threat attack. Our team can also help with non-invasive vulnerability assessments to provide a snapshot in time of an organization’s security posture, followed by remediation and technical training to reduce risk and implement security posture changes.
Code Review & Analysis
SimVentions follows a software security and development checklist, which addresses a number of software development best practices from a security perspective. We have experience using tools to scan code for weaknesses, identify bad code, and isolate security concerns. By integrating our team of cyber security engineers with our software developers, we can quickly recognize and address security concerns, threats, and weaknesses so code can be developed in adherence to security best practices to include Open Web Application Security Project (OWASP) standards.
Threat Modeling/Vulnerability Mangement
SimVentions has experience understanding and analyzing threats to assess their applicability, potential impact, and overall risk. Threat modeling and vulnerability assessments must be continuously updated as potential threats are discovered. We approach threat modeling from a potential attacker’s perspective, so our development teams can effectively analyze and mitigate security risks throughout the software development life cycle. Our experience with threat modeling includes: analysis of the threat mapping of the threat the potential application, understanding the probability of success, probability of detection after attack, concern for retribution, payoff from attack, and identification of potential mitigation or avoidance options.
Security architectures provide the framework for analysis to determine net-centric interoperability, policy implementation, duplications, synchronization, and support the identification of capability gaps and redundancies. We have developed security architectures to integrate the network-perimeter, host-perimeter, and system-level security controls to protect information assets against cyber adversaries. We do this by separating logical configurations from physical infrastructures with feasible and collapsing security boundaries into a single security architecture that reduces the external attack surface and standardizes security controls. Additionally, the security architectures we develop lay out a way forward for the end user to securely perform their job, maintain greater cyber situational awareness, and support better information flow control across the network.
SimVentions has been awarded a $49M contract for providing Cybersecurity and technical support to the Naval Surface Warfare Center Dahlgren Division, as well as the Combat Direction Systems Activity, Dam Neck.