Security Services
1.
Ronin Security Assessments
If you engage with many security companies today, they will potentially only scan for threats at the network or application level. Ronin specializes in our "mile wide inch deep" (MWID) assessments, which act as an early warning system to your business, highlighting potential threat vectors.
With our state-of-the-art security assessments, we detect and identify potential gaps throughout your environment. Once we have presented the gaps to you, we can work with you there and then in order to create a program of work to mitigate these threats. Alternatively, we can then invoke our “inch wide mile deep” (IWMD) assessment. Here we drill all the way down to your crown jewels, to whatever is of most value to your business, be it customer information or even intellectual property. Finally, we will spend time carefully reviewing every layer in between, in order to understand the end to end risk, again presenting back to you with a roadmap to mitigate the risks. Many businesses underestimate the risks in supply chain attacks, here at Ronin we also support your business in creating or responding to 3rd party Security questionnaires and assessments.
With our state-of-the-art security assessments, we detect and identify potential gaps throughout your environment. Once we have presented the gaps to you, we can work with you there and then in order to create a program of work to mitigate these threats. Alternatively, we can then invoke our “inch wide mile deep” (IWMD) assessment. Here we drill all the way down to your crown jewels, to whatever is of most value to your business, be it customer information or even intellectual property. Finally, we will spend time carefully reviewing every layer in between, in order to understand the end to end risk, again presenting back to you with a roadmap to mitigate the risks. Many businesses underestimate the risks in supply chain attacks, here at Ronin we also support your business in creating or responding to 3rd party Security questionnaires and assessments.
2.
Penetration Testing
Ronin operates an adversarial attack methodology. Our team does not simply run an automated tool and present findings. We will attempt to act like the bad guy, and gain entry into your business.
Protecting your business, customer information or preserving intellectual property presents a challenge to every organization. The outcome of a successful compromise will lead to your organization experiencing potentially devastating loss of revenue and reputational damage.
The Ronin penetration test (pen test) can help you address this challenge. Pen testing simulates a bad guy attempting to breach your organization's security controls, meaning we are able to deliver a clearer understanding of the risks and consequences of an attack.
Our team's ability far exceeds any off-the-shelf tools, Ronin approaches your business from the attacker's perspective to identify the highest risk vulnerabilities and provide actionable recommendations for remediation. Our Offensive Security Engineers (OffSec) have successfully operated in multiple technologies such as:
Our team's ability far exceeds any off-the-shelf tools, Ronin approaches your business from the attacker's perspective to identify the highest risk vulnerabilities and provide actionable recommendations for remediation. Our Offensive Security Engineers (OffSec) have successfully operated in multiple technologies such as:
- Web Services
- Mobile Applications
- Infrastructure
- Wireless
- Cloud Environments
3.
Code Review
Ronin engineers are globally recognized for their unrivaled skills and experience across the full spectrum of languages.
Ronin consultants have proven experience of code review and consistently support organizations with the complex security challenges that can be introduced when developing new products.
Our experienced team of Application Security Engineers also identify vulnerable points in a design, such as legacy interoperability, and uncover flaws that can result in a security compromise. We deliver complete documentation to your technical teams of the location and nature of each problem, we can advise and train your developers on how to address the immediate problem as well as avoid similar issues in the future.
Our code review can include:
Ronin consultants have proven experience of code review and consistently support organizations with the complex security challenges that can be introduced when developing new products.
Our experienced team of Application Security Engineers also identify vulnerable points in a design, such as legacy interoperability, and uncover flaws that can result in a security compromise. We deliver complete documentation to your technical teams of the location and nature of each problem, we can advise and train your developers on how to address the immediate problem as well as avoid similar issues in the future.
Our code review can include:
- Threat Modeling
- Risk-based reviews
- Fuzzing
- Entry-point analysis
- Full coverage reviews
- Reverse engineering
4.
Reverse Engineering
Ronin experts are able to forensically dissect the security protocols and controls of a target to identify weaknesses and vulnerabilities that could allow hackers to retrieve confidential or secret data or to subvert the system for unauthorized use or malicious attack. Our engineers employ advanced techniques unique to Ronin, in order to spot implementation issues, analyze the use of cryptographic primitives, and uncover hidden backdoors, intentional or otherwise.
Ronin has reversed engineered solutions and platforms to identify:
Ronin has reversed engineered solutions and platforms to identify:
- Vulnerabilities
- How a process works, such as an authentication method
- Existing proprietary network protocols or file formats
- The use and storage of sensitive information, such as accounts, certificates, encryption keys
- Necessary information for other testing techniques, such as fuzzing
5.
Threat Theater
Ronin threat theater plays out an attack on your business by a motivated bad guy, this can be a table top or an actual activity, our engineers adopt the tactics, techniques and procedures (TTPs) of a bad guy who is determined to gain access to your network. This approach focuses on dynamic multi-vector, chained attacks (DMVCA), emulating real world methods to penetrate your security defenses. We infiltrate digital assets, networks, human resources and even 3rd parties to determine the risks and vulnerabilities in your organization.
6.
Attack Resilience
Ronin offers colored assessments, Red, Purple or Blue teams. Our aim is to measure how resilient your security operations are against a determined attacker and identify gaps in your organization's response mechanisms. Working with you, we can help you to understand how your company's security controls and processes could survive a sophisticated attack, if you could recover, and how fast?
Our tailored attack patterns are designed to be appropriate to your company's particular environment and industry. We have multiple phases, planning, execution and reporting. We carefully execute attacks based on the intelligence gathered in the planning phase. If you have opted for a purple team assessment, for the duration of the attack, our red team works closely with your blue team to understand your level of attack visibility and validate whether or not existing security controls can detect or block each attack. The key element for our services here is the ability to tailor the assessment to meet the level and requirements of your organization, supporting everything from a full spectrum attack (Social Engineering, Physical penetration and Cyber) down to individual targeted attacks, such as a phishing campaign.
Our tailored attack patterns are designed to be appropriate to your company's particular environment and industry. We have multiple phases, planning, execution and reporting. We carefully execute attacks based on the intelligence gathered in the planning phase. If you have opted for a purple team assessment, for the duration of the attack, our red team works closely with your blue team to understand your level of attack visibility and validate whether or not existing security controls can detect or block each attack. The key element for our services here is the ability to tailor the assessment to meet the level and requirements of your organization, supporting everything from a full spectrum attack (Social Engineering, Physical penetration and Cyber) down to individual targeted attacks, such as a phishing campaign.
7.
Virtual CISO
For large organizations, running security programs can be a challenge. If you look at that from a small to medium business, its daunting and if you are a startup, it doesn't even register. It's so scary and complex. Ronin has a huge range of business and technical understanding across many areas, we have earned our skills in hard won battles, and we know it all begins with - strong leadership.
Even the most established of teams need help sometimes. That's where our Virtual CISO (vCISO) team is ideal, enabling our clients to utilize our depth of experience in building and running some of the most complex enterprise security programs across every industry.
A Ronin vCISO can help your business:
Our vCISO model is flexible, customizable and interchangeable, whether you need a full vCISO, augmented vCISO, or CISO coach or mentor, Ronin can support your business and fill critical leadership gaps.
- Assess the risks to your organization
- Assist with communication of risk to management
- Prioritize responses based on a limited set of resources
- Build your organizations strategic security improvement program
- Create and perform organization level security awareness training
- Create or respond to 3rd party risk assessments
- Stay ahead of the latest threats and vulnerabilities
- Many more...
Our vCISO model is flexible, customizable and interchangeable, whether you need a full vCISO, augmented vCISO, or CISO coach or mentor, Ronin can support your business and fill critical leadership gaps.
Ronin, Empowering Your Data.