Product Security Professional Services

In today's rapidly evolving digital landscape, ensuring product security is a highly demanding and multi-dimensional challenge. By placing the product at the center, our Product Security Professional Services leverage a dynamic, engineering-driven execution framework to deliver unparalleled results. Whether you are launching new products or enhancing existing features, our team provides tailored services to support your mission in designing, developing, and releasing mature and resilient products.

We are dedicated to delivering services focused on your product’s security goals, while applying scientific methods and principles to enable multilayered defenses. Our successful track record includes supporting Fortune-500, SMEs, research institutes, and start-up organizations in their mission to deliver secure products, innovate in the cybersecurity space, and leverage security features as a business accelerator.

CENSUS Security Foundations Consulting specializes in translating organization-wide security maturity program strategies into product-specific and engineering-driven tasks that focus on setting an efficient and well-defined input for security architecture decisions. With our Requirements Engineering service, we aim to translate high-level requirements and business goals into concrete security building blocks that can be used to implement the corresponding security features (end-to-end protection, data isolation, secure multi-tenancy, secure edge computing, etc.). Enhanced by our Technology Maturity Analysis service, CENSUS engineers can perform a tactical analysis of technologies of interest (platforms, frameworks, protocols, libraries, etc.) to ensure their cybersecurity fitness with the product security goals. When combined, these services support the development of Security Architecture Blueprints that can accelerate secure product development, while offering a valuable investment that can be reused across other features and products.

Product Security is a shared responsibility across multiple stakeholders. In CENSUS we work diligently along with your teams, to enable efficient strategies during inception, conception, and design phases of your product's lifecycle. Regardless of your organizational structure or your operating model, our engineers become an essential part of your teams. We seamlessly collaborate with all necessary business functions to empower you, without being disruptive.

Product owners are challenged with developing a comprehensive security architecture that aligns with the organization’s business goals and compliance requirements. A robust architecture serves as the foundation upon which all security controls are built, ensuring coherence and effectiveness across various product layers. Our Architecture Review & Development service can become an invaluable tool to effectively address these challenges by providing attacker-oriented engineering during your architecture decision-making journey. This journey can become extremely demanding under many agile development models that require security design to be executed in parallel with the main development sprints. With our Design Security Review & Enhancement service, CENSUS can support your go-to-market goals while reducing the risk of breaches and fostering trust with your customers and stakeholders. Our holistic approach ensures that the applicable threat vectors are analyzed in the context of the product requirements, aiming to provide a defense-in-depth output design that can address them effectively.

Product security architecture is a continuously evolving asset that must adapt to technological advancements, market demands, and emerging security threats. CENSUS provides engineering-driven Attack Surface Profiling and Threat Modeling services to support your goals in identifying applicable attack vectors and enabling multilayer defenses. Both are important tools for your mission to protect products from known and unknown attacks. Grounded in our Applied Research and in-depth technical expertise, we can deliver strategic security architecture development and detailed design enhancements that can render entire attack classes a low risk to your product.

Assessing the presence, effectiveness, and interoperability of modern product security functions and controls mandates a holistic approach that enables a 360-degree review of the product’s cybersecurity posture. Fueled by our security engineering expertise, real-world attacker mentality, and Applied Security Research, CENSUS Posture Assessment practice provides comprehensive insights and attestations of the product’s true cybersecurity resilience. We push the boundaries of industry-standard testing and validation methodologies, adjusting and embedding them into an execution model capable of adapting to a wide range of cybersecurity goals, product complexities, and development lifecycles.

We have developed an innovative assessment methodology that prioritizes essential success factors such as feature-centric approach (from silicon to the cloud and from edge to swarm and fog computing), context-aware strategy (considering operating platforms, use cases, integrated services, etc.), and requirement-focused methodologies (addressing compliance, business needs, end-customer requirements, etc.). This combination has proven effective across a wide range of technologies, industries and product cybersecurity requirements.

Furthermore, we strongly believe that a successful Posture Assessment must accomplish two primary goals: verifying the implementation against the established design and requirements, and assessing the true resilience of the security features against real-world attacks. We take pride in our ability to accomplish these goals with our end-to-end assessment methodology, which can be scoped across entire products or specific features and areas of interest. Our mission is to provide an effective and valuable service that can be initiated as early as possible in your development lifecycle, support your shift-left strategy, and enable defense in depth without disrupting your business goals.

Our Applied Research practice aims to bridge the gap between theoretical security concepts and practical implementation, shaping real-world solutions that enhance the security posture of products according to their security requirements. The activities we conduct are pragmatic, goal-oriented studies aimed at solving specific challenges related to product security. These challenges can range from discovery-centric analysis of the landscape and capabilities of emerging technologies (such as confidential computing, decentralized user trust protocols, Zero Trust architectures, end-to-end encryption, key escrow, secure backup and restore, AI and ML data protection, and more) to more specific feasibility studies of compatible technologies in the context of a product’s security requirements (such as root of trust ownership, multi-tenant and multi-user protections, Trusted Computing Base firmware ownership, and more).

Furthermore, CENSUS Applied Research services can be tailored to address more advanced requests that explore improvements in hardening security controls (such as exploitation protection, obfuscation and white-box cryptography, Trusted Computing Base reduction, and more) and extensions to the security capabilities of technologies of interest (such as hypervisor-backed system attestation, execution isolation compartments, HSM secure applications, protocol federation, hardware-backed cryptography, migration to post-quantum cryptography, and more).

ORGANIZATION SECURITY TESTING

Tiger Team

As the cornerstone of cybersecurity offensive services, this type of assessment allows organizations to reveal the blind spots and weaknesses in their digital and physical defenses that may not be evident through traditional pentesting methods while challenging the readiness of their incident response teams. The Tiger Team targets the core business, testing all layers of the organization's security architecture, making every effort to remain undetected and sharing information about the attack only with upper management. This black box-only engagement does not have a specific project plan or scope. The attack may occur anytime.

CENSUS’ Tiger Team simulates real-world hostile threat actors turned against the organization. The team’s objective is not only to identify security flaws but also to mimic the top-notch tactics, techniques, and procedures (TTPs) employed by such malicious actors. The team consists of experts in technology and attack methods and can both apply existing attack vectors or create new ones to greatest advantage. They seek to exploit vulnerabilities and security weaknesses not only in an organization's technology, such as the deployed systems, applications, and network infrastructure, but also in the used internal processes and the human element. The team may also assess the deployed physical security measures, such as access control systems, surveillance, and security personnel, to identify vulnerabilities in an organization's physical security infrastructure.

The primary purpose of the Tiger Team is to provide a realistic assessment of an organization's security posture. The members of the Tiger Team are capable of executing operations in multiple geographies and are able to sustain clandestine operations over a long period of time. By emulating an adversary’s behavior in a non-defined time frame and without prior warning, while concealing the source of the attacks, the team identifies vulnerabilities that might otherwise go undetected in traditional pentesting exercises.

Finally, this assessment type serves as a form of stress testing for an organization's defenses. By employing advanced attack techniques, not revealing the exact time of the attack, and trying to keep the origin of the attack secret, the Tiger team pushes the limits of the organization's security measures, revealing how they perform under pressure on unexpected attacks.

Shifting from Red Team engagements: Breaking out of the defenders’ comfort zone

Running multiple Red Team engagements or one holistic Red Team assessment will provide accurate and precise insight on the organization’s weaknesses. However, by also challenging the readiness of an organization under situations of distress, shock, and confusion, the Tiger Team assessment moves ahead and pushes the limits of the organization’s cyber defenses. The Tiger Team keeps a vigilant watch over the organization's overlooked security measures and create strategies surrounding them. Veiled in shadows, the members of the Tiger Team choose the right moment to conduct an asymmetric attack, capitalizing on the weakest link of the organization’s defenses.

The results of this assessment can lead to highly customized security recommendations, since they provide insights that are directly applicable to an organization's unique risks and challenges.

In a world where cyber security is paramount, the role of the Tiger Team assessment is distinctive and vital. This is a one-stop solution available in the arsenal of cybersecurity services, that covers all aspects of an organization's Infrastructure, People, Processes and Policies, and a tool that can assist organizations in evaluating their security measures comprehensively and in enhancing their resilience to real-world cybersecurity threats.

Sample Use Cases

• The Tiger Team was assigned to conduct operations against an organization that is internationally recognized and is one of the largest producers of aluminum products in Europe. The team was able to impersonate the legitimate employees by trespassing into the premises from an unprotected side-entrance and stealing the official work uniforms from the lockers room. This outfit allowed the team members to blend in the with other personnel, explore the installation, plant a malicious device that provides remote access, and steal corporate documents.

• CENSUS' Tiger Team was requested to carry out operations against large international financial institutions in both the Banking and Investment sectors in Middle East and the United Kingdom. The team was able to identify leaked credentials for numerous employees and compromise the corresponding accounts in exposed corporate web services. Furthermore, using tailgating techniques, it was possible to access protected areas inside the HQ buildings.

• The team was engaged to perform operations against a world-renowned construction organization that provides services on an international basis. The results showed that an adversary impersonating a member of the cleaning staff, could circumvent the existing physical access controls, trespass into the premises, reach the internal offices and plant a malicious device that provides remote access into the internal corporate network. Moreover, the team was able to use collaboration platforms and communication channels to trick the employees to use malicious payloads.

Assume Breach

In the ever-evolving landscape of cybersecurity, breaches are not a matter of 'if', but a matter of 'when’. In the recent years, organizations invested heavily in fortifying their digital defenses, aiming to create impenetrable security perimeters. However, recognizing that breaches will occur despite having the best security measures in place is an unfortunate harsh reality that must be accepted. This dynamic environment of escalating cyber threats, led to the advent of the "assume breach" cybersecurity paradigm that places a strong emphasis on readiness and resilience.

The engagement begins with a simulated compromised frontline asset under breach conditions, much further into the attack timeline, and attempts to assess in-depth the deployed security controls, using different techniques and in a controlled-manner. Organizations can use this tool to determine if an attack is likely to spread laterally throughout their network, and if so, the extent of the impact on their digital assets.

A shift in security thinking: Towards a cybersecurity strategy designed for improved resilience

A company that employs the Assume Breach model will be better prepared to withstand the financial, reputational, and operational impacts of a security breach. This assessment type not only reveals gaps in the security controls on different layers of the organization infrastructure, policies, and procedures, but also helps organizations to adapt their security measures and to improve their ability to detect and mitigate breaches swiftly. This resilience is a critical factor in today's threat landscape and a necessity for maintaining a robust security posture.

A tailored Red Team assessment: Rapid & Effective

With Assume Breach, an organization can rapidly and cost-effectively test its controls using narrowed-down scopes. The process includes similar tactical network exploration with Red Teaming, but reduces the complexity and time required to gain an initial foothold in the simulated compromised asset. Overall, the Assume Breach service offers a more targeted approach, enabling organizations to focus on specific areas of concern and assess the effectiveness of internal security controls. This approach reveals how well an organization can handle a breach rather than just identifying weaknesses on the frontline assets in isolation. Assume Breach can be seen as a tailored red team assessment with varying starting points that is designed to answer specific organization concerns.

Unveiling the true business impact of a breach

The Assume Breach service can assist organizations into fostering a realistic understanding of cybersecurity risks, by demonstrating the true business impact of a breach. The output of the assessment can be used by the senior leaders to better grasp the importance of cybersecurity and its role in overall corporate governance, as a tool that allows not only recovering from incidents but also maintaining essential operations during and after a breach.

Sample Use Cases

• CENSUS was asked to simulate a malicious actor who has compromised a corporate mailbox. Phishing emails and data breaches are the most significant causes of email account compromise. The engagement started with a simulated adversary who had already gained access to the user credentials and could authenticate at the corporate email. The team used this access to exfiltrate data from the associated Microsoft 365 mailbox, the accessible SharePoint folders, and from files that were found in the user's OneDrive folder. Furthermore, the team leveraged the compromised mailbox access to send emails as the original user to recipients inside the organization. The target was to steal any identified commercial secrets and to move laterally based on staff relationships. Furthermore, the team attempted to assess if other employees could detect the ongoing internal social engineering or if the breach would be detected by existing security controls.

• The team was requested to simulate an attack against the Active Directory service of an organization that was deployed on premises and was integrated with other cloud solutions provided by Microsoft (Microsoft Entra / Azure Active Directory). This was a dedicated attack scenario focused on the AD security configuration and simulated an adversary who has compromised an authenticated user. Most of the times, a compromised account of a phishing attack has access to Azure AD services. Such access can lead to Azure AD compromise, critical services compromise and even internal (on-premises) network access. The team performed a comprehensive set of tests using the most effective attack vectors and identified risky configurations and security vulnerabilities.

• The team was engaged to simulate an adversary who has gained internal access in the SWIFT Infrastructure of a financial institution in Europe. The team performed targeted attacks to evaluate the security and resilience of the organization's SWIFT infrastructure, and its capabilities to prevent fraud, cyberattacks, and disruptions to the global financial system.

• CENSUS was requested to simulate an adversary who has gained access in the vessel’s OT environment a renowned company in the maritime sector. The task of the team was to explore the variety of devices, RTUs, firewalls, PLCs and to identify potential weaknesses. Furthermore, the team was asked to move laterally in a logical model and attempt to reach controls related to the vessel’s propulsion system, power management, monitoring, deck machinery, communication and navigation components.

• The team was asked to evaluate the effectiveness of the ERP system's security controls and provide insights into the system's resilience. The assessment simulated a compromised low-privileged user who attempted to escalate their privileges in every possible means, to exfiltrate financial records, customer information, and proprietary business data, or to tamper with existing data.

• The team was requested to simulate an adversary who has gained access in the Mainframe systems, (commonly used as Online Transaction Processing (OLTP) systems) of a major Banking industry. CENSUS performed an extensive penetration testing to z/OS mainframe facilities, including CICS which is used as a middleware that sits between the z/OS IBM mainframe operating system & business applications and supports commercial electronic transactions, such as withdrawing money from an ATM, paying with a credit or debit card etc. Furthermore, CENSUS has also performed attacks against the iSeries (AS400) components which are used to administrate, control, and audit ATMs and POSs, as well as carry out credit and debit card transactions.

ADVISORY SERVICES

CENSUS offers Advisory Services to help companies create, acquire, and deliver secure products and software. Our Advisory Services team can guide you through the creation of a comprehensive Application Security Program that will help you set up all necessary policies, guidelines, procedures, and standards that will enable you to produce secure applications and products. CENSUS cyber security consultants have significant experience in Security Design and Architecture and have performed numerous Threat Modeling projects. Our team can also help you fulfill product pre-market and post-market cybersecurity and compliance requirements in various sectors (e.g., medical device FDA pre-market submission requirements, NIST SSDF, and more.).

Governance

-Maturity Assessment and Roadmap

-AppSec Program Strategy – “Shift Left” Security -

Training

Design

-Secure Design

-Security Architecture

-Threat Modeling

Maturity Assessment and Roadmap - CENSUS offers a specialized Application Security Maturity Assessment service that aims to measure the maturity of an organization in terms of software assurance. Based on the OWASP SAMM model and combined with the experience and best practices from client engagements, CENSUS assessment methodology is used to assess the status of security activities in all stages of the development lifecycle. Our methodology ensures a consistent and reproducible outcome that helps you create and follow a roadmap for improving your software assurance posture with measurable results.

AppSec Program Strategy

Creating secure software is by no means a trivial task. Several methodologies have been proposed for adopting a Secure Development Lifecycle (SDLC). At the same time, modern software has evolved with technologies like containers, the Cloud and the concept of CI/CD completely changing the way that applications are now developed.

CENSUS offers consulting services that go beyond the establishment of a SDLC. Our goal is to help you adopt a “shift left” security strategy and implement security practices throughout the entire development lifecycle, rather than just in the end, by guiding you through the creation of a comprehensive Application Security Program that will help you set up all necessary policies, guidelines, and standards in order to produce secure applications. Furthermore, it provides full visibility into your application security posture and enables you to monitor the security level of your applications.

CENSUS AppSec Program Strategy advisory services can be offered to all types of companies; from boutique software houses to large organizations. CENSUS can also prepare other required security documentation such as a Product Security Plan, a Security Architecture document, a Data Classification document or a Product Disposal Plan. Moreover, necessary procedures, documentation, and risk assessments can be prepared to fulfill product pre-market / post-market cybersecurity and compliance requirements (e.g., medical device FDA pre-market submission requirements, NIST SSDF, and more.).

Training

Cyber Security Training is not just another compliance requirement, but an essential element of a cyber security program. CENSUS offers a variety of courses, delivered by expert trainers with vast field experience. Developers, architects, testers, security champions, and anyone involved in software development can benefit from our courses.

Training topics include:

-Application Security Fundamentals

-Building Secure Web Applications and Web Services

-Mobile Application Security - Attack and Defense (covering Android and iOS apps)

-Building Secure Applications in the Cloud (covering Azure. AWS, and GCP)

-Secure Development in Java

-Secure Development in C/C++

-Cyber Security Awareness Training/IT Security Hygiene

-Implementing a Secure Systems Development Lifecycle

Secure Design

Security by Design has become an essential requirement for many legal and regulatory standards. Additionally, establishing security requirements and choosing the appropriate security controls early in the development lifecycle is essential for producing secure software.

CENSUS offers consulting services to assist you throughout the entire design phase. A threat and risk assessment can be performed to identify the risk profile of your applications, identify and review security and privacy requirements, and assist you in handling software supply chain risk and relevant requirements. Our goal is to help you choose and justify the appropriate security controls for your application in order to minimize the identified risks. In addition, CENSUS offers consulting services for the security review of design documents, including the design-level review of new protocols and security controls. The work performed in this phase will stand as a rigorous test to the concepts portrayed in the project design documents and will justify countermeasures that need to be taken in order to minimize the identified risks.

Security Architecture

An essential part of the software design process is Security Architecture. CENSUS provides consulting services for both evaluating and designing the security architecture of your applications and products. The entire project security architecture plan will be reviewed to identify weaknesses and suggest improvements, by following a product agnostic methodology. Our goal is to complement your IT architecture practice with our risk management expertise in order to help you make the right choices in terms of technology.

CENSUS can also provide assistance in creating and maintaining reference architectures across your enterprise. The use of reference architectures in software development aids in streamlining the software design process and harmonizing the use of specific components, frameworks, and technologies. Having an organization-wide reference architecture is even more important for cloud-native or container-based environments that require a completely different approach to application development.

Threat Modeling

Threat modeling is an essential part of the software design process and a hard compliance requirement for many industries, such as medical device manufacturing and automotive. By following a structured approach and involving a variety of stakeholders, including architects, product managers, security champions, and even testers, Threat Modeling can help you identify and manage threats to your applications.

CENSUS can help you develop a threat model to map out important threats and prioritize work on countermeasures. Our consultants can work with your teams to establish a Threat Modeling process that fits your needs. Threat models provide a detailed understanding of an application’s architecture and environment, and help understand architectural and design flaws, as well as the controls that can best mitigate them.

VULNERABILITY RESEARCH

A vulnerability is a state in a computing system that violates that system's security model. At CENSUS we recognize that security is not a goal but a process, therefore we heavily invest in research for unknown vulnerabilities as part of our security assessment services.

Our vulnerability research services ensure that a software product, a system implementation, or a new technology that an organization is planning to invest in meets strict security requirements and does not suffer from vulnerabilities. We can provide detailed deliverables that empower the client to make informed strategic decisions towards new technologies, choose the most secure solution that meets his requirements, and preemptively reduce investment risk.

CENSUS employs a top-down approach which allows the identification of the most exposed applications and systems in a client's IT environment, followed by a thorough investigation for unknown vulnerabilities in these elements. We have extensive experience and specialised knowledge in the field of vulnerability research and we employ focused techniques such as fuzzing, reverse engineering, source code auditing (in cases where source code is available), static and dynamic analysis in order to identify vulnerabilities and clearly demonstrate their impact on a system's security model.

CENSUS also provides training in the field of vulnerability research. Our education services include the detailed analysis of vulnerability classes in software systems (both in userland and kernel space), methodologies for identifying new vulnerabilities, and the development of targeted programs for exposing the impact of vulnerabilities. We normally do not confine our training to a single operating system, giving our clients the opportunity to be educated in a variety of platforms. However, we can provide vulnerability research training on a client-chosen operating system if so required.

If you have a business interest in our vulnerability research services, please contact us so we can provide you with detailed information.