Cyber Security


CFR provides customized and innovative computer and network security services to commercial and government clients.

CFR's Cyber Security professionals forged their skills working for top tier National Security agencies against some of the world's most complex and persistent threats. Having transferred their expertise to the private sector, CFR is proud to offer clients the services and solutions of this highly cohesive and collaborative team of information security experts.

Since all CFR Cyber Security professionals maintain active U.S. Government security clearances, clients are assured of the integrity of those entrusted with accessing and securing their most critical systems. 

Specific areas of expertise include:

Prevention

CFR deploys penetration testing teams capable of conducting external and internal network and risk assessments for commercial clients and government agencies. CFR also conducts penetration testing of mobile applications and SCADA systems. CFR’s portfolio of security testing services include NERC CIP audits and security code reviews. CFR employs expert web application testers and adheres to OWASP guidelines.

CFR can develop customized security programs and applications, as well as reverse-engineer custom applications, to strengthen client systems. CFR develops custom IOCs (Indicators of Compromise), custom python and hadoop clusters for data analysis. CFR has also developed new Burp Suite plugins to help with web application testing. We can rip apart phone applications, perform source code review and find vulnerabilities that would be impossible to identify through dynamic methods.

Detection / Remediation

As global cyber threats continue evolving, a prevention strategy alone is inadequate. CFR augments prevention with expert detection and remediation services.  CFR’s incident response process rapidly identifies threats and penetrations to block an attacker and minimize damage. All findings are comprehensively documented, vulnerabilities are validated, and remediation solutions are provided. CFR incident response services can also include liaison with law enforcement authorities, routine or sustained testing services, as well as information security training specifically tailored to client needs, including Application Security Training, Boundary Defense, Data Protection and Penetration Methodology. 

Compliance

CFR can develop or enhance cyber security compliance programs to prevent problems before they occur, reduce legal exposure and ensure regulatory adherence to existing and emerging requirements. CFR cyber security compliance services include evaluation of existing compliance programs, designing new and updated policies, and implementation of requisite procedures and technical upgrades. Since compliance programs require ongoing vigilance, CFR can also provide sustained, independent verification and monitoring. Sample compliance services:   

  • Securities & Exchange Commission (SEC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Federal Information Security Management Act (FISMA)
  • North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

Cyber Readiness Assessment (CRA)

CFR provides a detailed and effective Cyber Readiness Assessment (CRA) audit for companies conducting mergers or acquisitions.   The CRA gives the acquisition company valuable information on its targets cyber security status, past breaches, and existing breaches.  The information provided in our reports will give wise investors a clear picture the risks they are obtaining and investment needed to bring a target company up to Cyber Security industry standards.

Cyber Forensics

CFR is capable of performing complex cyber forensic investigations on various types of hardware, software, and media to include computer/disk investigations, email, social media, mobile devices, and databases. If needed, CFR's Cyber Security professionals can utilize forensics techniques capable of gathering and preserving evidence from devices in a way that is suitable for presentation for law proceedings.