Download PDF
Suppliers > United States > Independent Security Evaluators
Independent Security Evaluators Logo

Independent Security Evaluators

Overview
HQ Location
United States
Year Founded
2005
Company Type
Private
Revenue
< $10m
Employees
11 - 50
Website
Twitter Handle
Company Description

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment.

IoT Solutions

Threat Modeling

System resiliency doesn’t happen by chance; instead, its’ roots can be traced directly back to Threat Modeling. A threat model is a critical aspect of any security program, and is the foundation upon which any resilient system must be built. In most engagements, ISE works with the customer to build out the threat model, identifying and describing the three primary components of this crucial security plan: assets, adversaries, and attack surfaces. Without a threat model, an organization does not have a security plan in place. With a threat model, an organization can effectively consider risk and make informed decisions about how to reduce it.

Manual Assessment

Adversaries are human. As such, we use human intelligence to perform manual assessments to discover all possible ways compromise could occur. Manual assessment entails thorough investigation of ways in which a dedicated adversary could manipulate a system’s functionality for unintended consequences. ISE investigates manually in order to emulate the level of care that a committed adversary would apply in the pursuit of an attack. Automated tools do serve a purpose in any investigation, as running such tools is the first step that any attacker would take. However, it is only with manual assessment that higher level, sophisticated, custom attacks can be defended against.

Custom Tests

We dig deeper because it matters. Customization is a critical component to any successful security assessment. As all systems are custom, so, too, are all ISE security hardening processes. ISE utilizes a white box methodology, wherein ISE reviews all publicly and privately available documentation and design documents, workflow diagrams, firewall rules, and any other supporting documentation. ISE interfaces with key engineers as well as business and technical leadership. From there, ISE designs and performs custom tests, both to gather more information about how a system operates and is implemented, as well as to test for custom-tailored, unique security vulnerabilities. These assessment tasks are predominantly manual, and involve strategic thinking from the perspective of the adversary.

Mitigation Roadmap

ISE does not perform security assessments for the sole purpose of finding problems. Instead, we do it to provide solutions. While it is important to identify security problems, it is equally important to identify effective solutions. ISE devises proven mitigation strategies that dovetail with business objectives, and then works with client engineers to ensure they are well understood, properly implemented, and do not introduce any new vulnerabilities. ISE assists the customer in developing and adapting the mitigation roadmap as business needs, industry conditions, and stakeholder demands evolve over time.

Key Customers

We serve numerous industries and have been honored to partner with some of the world’s leading pioneers like Disney, Google, Amazon, Microsoft, Netflix, Warner Brothers, Qualcomm and many more.

IoT Snapshot
Independent Security Evaluators is a provider of Industrial IoT cybersecurity and privacy technologies.
Technology Stack
Independent Security Evaluators’s Technology Stack maps Independent Security Evaluators’s participation in the cybersecurity and privacy IoT Technology stack.
  • Devices Layer
  • Robots
    Drones
    Wearables
  • Edge Layer
  • Automation & Control
    Processors & Edge Intelligence
    Actuators
    Sensors
  • Cloud Layer
  • Platform as a Service (PaaS)
    Infrastructure as a Service (IaaS)
  • Application Layer
  • Functional Applications
  • Supporting Technologies
  • Analytics & Modeling
  • Application Infrastructure & Middleware
  • Cybersecurity & Privacy
  • Networks & Connectivity
Technological Capability:
None
Minor
Moderate
Strong

Podcasts.

Ep. 075
Ethical hacking to secure IoT systems
Ted Harrington, Executive Partner, Independent Security Evaluators

Twitter Feeds.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.