Download PDF

Independent Security Evaluators

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment.

more...
  • SNAPSHOT
  • United States
    2005
    Private
    < $10m
    11 - 50
    Open website
  • TECHNOLOGY STACK
  • Independent Security Evaluators’s Tech Stack maps Independent Security Evaluators’s participation in the IoT tech stack.
    • Application Layer
    • Functional Applications

    • Cloud Layer
    • Platform as a Service
      Infrastructure as a Service

    • Edge Layer
    • Automation & Control
      Processors & Edge Intelligence
      Actuators
      Sensors

    • Devices Layer
    • Robots
      Drones
      Wearables
    • Supporting
      Technologies
    • Analytics & Modeling
      Application Infrastructure & Middleware
      Cybersecurity & Privacy
      Networks & Connectivity
    Technological Capability
    None
    Minor
    Moderate
    Strong
  • IOT SNAPSHOT
  • Independent Security Evaluators’s IoT Snapshot maps the range and focus areas of Independent Security Evaluators’s IoT business across Technologies, Use Cases, Industries, and Services. Only categories with active products will be shown. Missing categories indicate that there is no activity in those areas.
    Technologies
    Cybersecurity & Privacy
    Application Security
    Cloud Security
    Security Compliance
    Services
    Cybersecurity Services
  • IOT SOLUTIONS
  • Threat Modeling

    System resiliency doesn’t happen by chance; instead, its’ roots can be traced directly back to Threat Modeling. A threat model is a critical aspect of any security program, and is the foundation upon which any resilient system must be built. In most engagements, ISE works with the customer to build out the threat model, identifying and describing the three primary components of this crucial security plan: assets, adversaries, and attack surfaces. Without a threat model, an organization does not have a security plan in place. With a threat model, an organization can effectively consider risk and make informed decisions about how to reduce it.

    Manual Assessment

    Adversaries are human. As such, we use human intelligence to perform manual assessments to discover all possible ways compromise could occur. Manual assessment entails thorough investigation of ways in which a dedicated adversary could manipulate a system’s functionality for unintended consequences. ISE investigates manually in order to emulate the level of care that a committed adversary would apply in the pursuit of an attack. Automated tools do serve a purpose in any investigation, as running such tools is the first step that any attacker would take. However, it is only with manual assessment that higher level, sophisticated, custom attacks can be defended against.

    Custom Tests

    We dig deeper because it matters. Customization is a critical component to any successful security assessment. As all systems are custom, so, too, are all ISE security hardening processes. ISE utilizes a white box methodology, wherein ISE reviews all publicly and privately available documentation and design documents, workflow diagrams, firewall rules, and any other supporting documentation. ISE interfaces with key engineers as well as business and technical leadership. From there, ISE designs and performs custom tests, both to gather more information about how a system operates and is implemented, as well as to test for custom-tailored, unique security vulnerabilities. These assessment tasks are predominantly manual, and involve strategic thinking from the perspective of the adversary.

    Mitigation Roadmap

    ISE does not perform security assessments for the sole purpose of finding problems. Instead, we do it to provide solutions. While it is important to identify security problems, it is equally important to identify effective solutions. ISE devises proven mitigation strategies that dovetail with business objectives, and then works with client engineers to ensure they are well understood, properly implemented, and do not introduce any new vulnerabilities. ISE assists the customer in developing and adapting the mitigation roadmap as business needs, industry conditions, and stakeholder demands evolve over time.

  • KEY CUSTOMERS
  • We serve numerous industries and have been honored to partner with some of the world’s leading pioneers like Disney, Google, Amazon, Microsoft, Netflix, Warner Brothers, Qualcomm and many more.

  • CASE STUDIES
  • HARDWARE
  • SOFTWARE
  • PODCASTS
  • EP075 - Ethical hacking to secure IoT systems - Ted Harrington, Executive Partner, Independent Security Evaluators
    Tuesday, Nov 24, 2020

    In this episode, we discuss the ethical hacking IoT cybersecurity attack service and the best practices for securing IoT products. Steps system operators and end users can take to ensure system security as they progress through digital transformation.  Ted Harrington is an Executive Partner of Independent Security Evaluators. ISE is an ethical hacking firm that identifies and resolves cybersecurity vulnerabilities. ISE is dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective, ISE improves overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment. ise.io/research Contact Ted:ted@ise.iohttps://www.linkedin.com/in/securityted/ Ted’s new book: hackablebook.com  " />
  • MEMBERSHIP
  • INDUSTRIES
  • FUNCTIONS
  • SIMILAR SUPPLIERS
  • UNITY Consulting
    UNITY Consulting, an affiliated firm of UNITY AG, is a management consultancy for future-oriented corporate management. They create bottom line oriented innovative processes and business models – from the initial concept to execution.
    NATION-E LTD
    Nation-E is a global leader in Critical Infrastructure Cyber Security. We offer innovative solutions for defending industrial infrastructure and the smart grid environments. In a turmoil world where cyber security attacks are on the rise, Nation-E is committed to protect vulnerable critical assets. Our cutting-edge solutions, Energy Firewall? and Energy Cerebrum?, are specifically tailored to offer maximum protection for the Operational Technology landscape, where most critical infrastructure assets are connected via serial ports. Focusing on the last-mile of distributed energy assets, our platforms embed cyber-security, risk management, big-data analytics, and full command and control capability into previously unprotected infrastructure. We excel in shielding from a variety of threats and vulnerabilities such as smart-grid hacking and insider threats. The company was founded in 2012 by Daniel Jammer, a renowned entrepreneur, industrialist and philanthropist. Our clients who are protecting their critical infrastructure include Air/Sea ports, Financial Services, HLS and Public Utilities and more.
    Applied Risk
    Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat.
  • PARTNERS
© 2021 IoT ONE