Actively Protecting Information Systems
Liquid Pear approaches information security with a proven iterative approach that mitigates threats through proactive security practices. Our process encompasses management, operational and technical security controls and solutions ranging from passive protective measures to active defensive responses. We apply best practices and a set of methodologies that enable us to assess the situational security posture of sensitive information and information systems in a consistent and repeatable approach to determine what security measures are needed for securing the valuable information assets.
Liquid Pear performs yearly internal, external, and wireless third-party penetration tests for HIPAA, SOX, GLB, and PCI DSS in support of regulatory compliance requirements that apply to our customers.
Social Engineering Testing
Liquid Pear uses a unique approach to social engineering, “fit in and disappear”. We utilize knowledge of the client that is gleaned from multiple sources to infiltrate their organization digitally and physically. We employ tactics, techniques and procedures from prior agency and industry experience to gain access to the client site. This type of engagement is typically setup as a separate Rules of Engagement to protect the company, the employee’s privacy, and the Liquid Pear team. The use of targeted email, covert operations and off-site surveillance are used to gain information and knowledge of the client environment. All this information is rolled up into a tactical mitigation and remediation plan for the client to further improve their overall security posture.
Penetration Testing (Red Team) and Security Assessments (Blue Team)
Liquid Pear has extensive experience in performing recurring assessment services focusing specifically on wired and wireless security and penetration services for independent testing and continuous monitoring activities. A penetration test is the process of actively evaluating your information security measures. There are many ways that this can be undertaken, but the most common procedure is that the security measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities; the results are then delivered comprehensively in a report to executive management and technical audiences. A security assessment is more passive and will not only help protect important information technology assets and data, but it will also provide the client with an end-to-end process that will allow for the identification of and response to hostile entities in the future. The team has extensive experience in performing recurring active and passive security services focusing on identification and mitigation of vulnerabilities.
We use a five-phased approach for Security Assessments:
Liquid Pear will map and attempt to identify active devices on the client’s network within the ranges identified. During this stage of the activity, Liquid Pear will characterize the target network to develop an understanding of the network architecture, and determine the devices and services available on the network.
Liquid Pear will leverage the results of activities from the network discovery to scan the active devices for potential vulnerabilities. Liquid Pear will be expected to test systems and services provided in the RoE (Rules of Engagement) including all ingress and egress points of the client’s network. The approved RoE will determine what services and access levels are in play for each engagement.
Liquid Pear will attempt to exploit vulnerabilities to confirm a system’s susceptibility to attack. All exploitation activities are strictly based on the RoE. The team will attempt to electronically transgress and access or exfiltrate data to determine the client’s susceptibility to attack. The RoE will determine the level of access that is in scope for the assessment. Any data accessed on the client network from the assessment team will be encrypted in transit and at rest and returned to the client or destroyed at project close.
Full Radio Frequency (RF) Assessment
Liquid Pear will use wireless network discovery and exploitation techniques to identify authorized and unauthorized wireless networks and attempt to gain access to resources through them. Additionally, we may identify any misconfigured wireless client and infrastructure devices that would allow an attacker to bypass the network security controls to access systems and resources. If we discover any misconfigured wireless systems we will attempt to access the associated device in the vulnerability exploitation phase that follows. Based on the RoE we will attempt to access open ports and connections as well as any RF devices including but not limited to Personal Electronic Devices, Tablets, Laptops and systems on the network.
Analysis and Reporting
During the assessment the Liquid Pear team will gather raw data from the discovery, scanning, and exploitation activities. This information may be analyzed using a combination of automated tools and manual methods. A report is prepared and the results of the security assessment are presented to the client’s designated staff. The report will contain an executive summary along with descriptions of work performed, detailed findings, recommended mitigation, and next steps. Raw test data output will be provided in an encrypted electronic format. A security assessment team member will provide a brief presentation to summarize any findings and discuss the significance and recommendations for mitigation.
Security Architecture and Engineering
Liquid Pear extensive capabilities in security architecture design and network implementation, incorporating the existing network, applications, infrastructure, and data protection models. Liquid Pear provides technical expertise, support, and guidance in the establishment of the client’s enterprise security architecture as determined by our findings and recommendations in penetration testing, compliance testing or social engineering testing.