How Solid is Your Security?




Know for Certain
with Tangible Security

Cyber Assessments | Product Security | Consulting

Learn More


Get Our Weekly Newsletter for Top 10 Cybersecurity Trends & News Stories Subscribe >

Securing Patient Data and Safety,
Making Regulatory Compliance Easier

Cybersecurity impacts business risk, patient safety, & privacy

Financial services firms are 300 times as likely
as other companies to be targeted by a cyberattack

Smart Security can Impact the Bottom Line

The banking and financial services industries contend with cybersecurity issues similar to those faced in the defense and intelligence communities. We appreciate the strong presence and reputation we have earned in those national security communities, whose practices epitomize the gold standards of U.S. cybersecurity.

For nearly two decades, we have been developing and implementing innovative methodologies, processes, and technologies in our product security assessments, web application security assessments and mobile app assessments, to ensure security at every stage of information processing, transmission, storage, and access—to protect our clients’ sensitive data, infrastructure, and competitive advantage.

Our executives and Subject Matter Experts (SMEs) are recognized leaders in the cyber security industry. They literally wrote the books on enterprise ethical hacking and Security Information and Event Management (SIEM) implementation. We employ advanced techniques honed on the front lines by first identifying and prioritizing a client’s vulnerabilities from the perspective of hackers. Next we provide our clients with detailed guidance to harden their systems to withstand sophisticated attacks from internal and external threats.
Tangible’s military-grade cybersecurity pedigree drives us to deliver services and software solutions that excel at the intersection of an organization’s security policy, technology, and operations practices—the very point at which breaches occur when there is a failure to balance these factors.

Cybersecurity in the financial sector is often linked to the existence of regulatory mandates and standards. And while there are increasingly loud calls in Congress for ever more stringent controls, many corporate leaders find themselves wondering where best to invest their resources. Tangible’s ethical hacking methods and penetration testing expertise helps ensure that our customers can withstand the sophisticated attacks from their adversaries rather than wasting resources on every possible risk mitigation from every possible threat.

We use the same methods and tactics as those that threaten product vendors' revenues and reputation to provide realistic insights and practical results. We have honed this ethical hacker approach with the military, government, and well-known corporate brands.

Our executives and Subject Matter Experts (SMEs) are recognized as leaders in their fields. They write widely-used books on ethical enterprise hacking, present research findings at major conferences, work on classified projects, and sit on industry panels.

Software-embedded device manufacturers must enable their products to interact with smartphones, tablets, and other user endpoints to survive in today’s increasingly Internet-focused world. Without this Internet-based interaction for their products, companies would almost certainly lose out in the marketplace, but this also comes with risks. For instance, a baby monitor can easily be hacked to allow clandestine surveillance of a family. Incidents like this become the subject of fervent consumer discussion, generate significant bad press, and expose vendors to legal action.

Our solutions are not only based on the exceptional work of our ethical hackers. They also benefit from the experience of our own developers whose software products have operated in mission critical infrastructure serving the military and intelligence communities for years, including software running on thousands of Windows Domain Controllers as well as high assurance identity and access management servers. The gauntlet of security reviews and procedures to achieve this was extraordinary.
Consequently, the services we provide are that much more insightful and effective:



In addition to helping vendors harden their products to frustrate hackers, we help vendors protect their intellectual property, proprietary information, and sensitive customer data. Tangible offers a full range of services:

Tangible Excels At Protecting Software Embedded Devices; We:

Specialize in Software-Embedded Devices with external communications (either private or Internet-based), including total systems ranging from the product itself, to central command/control systems (e.g., web app, enterprise server, etc.), to customer end-user applications on smartphone, tablet, or computer
Work with new customers shortly before a major product release to conduct a product security and risk assessment and assist in remediating the findings
Provide full Secure Development Life Cycle (SDLC) programs consisting of five dimensions that are carefully adapted to existing product development processes: requirements, design, code, testing, and deployment. Combined with early-stage, ethical enterprise hacking and cyber threat assessments, the tangible result is to allow our customers to achieve the ideal—by designing in security from the very beginning, they can create the most cost-effective products possible
Employ a full range of specialists who can work with or test different aspects of a product in parallel (in a highly secure, proven testing environment), expediting time-to-market, and minimizing impacts on potential profits
Assist manufacturers with the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP)

Tangible’s services are centered around ethical hacking to protect the interests of retailers from actual threats, provide the realistic perspective of actual penetrations, and prioritize security needs in a way that helps avoid unnecessary and costly investments based only on theoretical possibilities. We can help discover and fix exploitable vulnerabilities BEFORE hackers do.

 
A breach of credit card data or other sensitive customer information can harm a retailer’s hard-earned reputation, undermine customer trust, and jeopardize revenues. Such a breach can cost a retailer millions per incident. In response, the Payment Card Industry (PCI) has adopted a Data Security Standard (PCI DSS), which prescribes numerous implementations and practices. This includes mandated annual penetration tests and remediation of their findings.
Achieving PCI compliance and managing risks can be complex and overwhelming, leaving retailers concerned both about where to spend their money and how to stay protected. Retailers are smart to worry. Perfect PCI compliance does NOT equate to perfect cyber security.
In many cases, compliance has created a checklist mentality that tends to take precedence over identification of real problems. Additionally, it is difficult for business decision-makers to adequately weigh the costs of prevention versus the cure. Retailers who seek perfect cyber security may overspend limited resources when what they really need to do is erect obstacles to penetration that will deter the vast majority of such threats and tilt the cost-benefit balance in their favor. Tangible’s hacker perspective makes this achievable.
Tangible is certified by the PCI as a Qualified Security Assessor (QSA). Our Managed PCI Services engagements typically span a year and consist of the following steps:
  • Gap Assessment
  • Enterprise Penetration Test (optional but highly recommended)
  • Remediation Guidance
  • Formal QSA Assessment
  • Maintenance Activities
  • Additional steps may include:
    • Satisfying annual PCI requirements for penetration testing
    • Tailored development of a total security program
    • Quarterly vulnerability scanning with analyses and prioritization of findings
    • Selecting, implementing and/or monitoring Secure Information and Event Management (SIEM) capabilities
Our goal is to enable retailers to determine the best, highest-value course of action — implementing sufficient obstacles to send hackers elsewhere without wasting money by seeking unattainable (and unnecessary) perfection.

Analysts and pundits state that “Retail cybersecurity breaches are becoming a dangerously familiar backdrop to the holiday season, making identity-theft threats as predictable as Black Friday but with devastating losses for stores, financial institutions, and shoppers.”

Major news outlets have reported that information from the credit and debit card security breach have flooded black markets.

Reports estimate that “Hackers cost businesses as much as $250 for each credit-card number stolen in the form of legal bills, computer-consulting fees, bad publicity, and restoring customer relations…”

For retailers, the worst news may be that PCI compliance, though costly, does NOT guarantee that their interests are protected from cyber attacks, and they need more and better information to succeed—the type of information that only ethical enterprise hacking can produce.

Target Corporation, the nation’s second largest retailer behind Walmart, presents a worst-case example. Forty million customers had to be notified at the height of the shopping season that hackers had illegally obtained access to their credit card information. Subsequently, Target announced that phone numbers, addresses, and other personal information may also be at risk—and the number affected may reach 100 million shoppers.

Tangible sees risks from an cyber adversaries' point of view

Commercial organizations must be certain that sensitive, proprietary information is protected while in transit and at rest. We provide realistic, periodic remote work assessments or penetration tests / cyber assessments to determine the harm cyber adversaries might do, make adjustments that deter hackers, and help clients' security programs operate with a timely situation awareness of what is happening. This enables the industry to stay ahead of changing Information Assurance (IA) situations.
Cyber threats create substantial risk management needs for executives and information technology professionals alike. We notify clients about the status of their key systems — flagging incidents requiring varying degrees of attention/action and prioritizing anomalies that merit investigation.

In short, we supply the most pertinent decision-making source of information available: ethical hacker-centric assessments and a Security Information & Event Management (SIEM) approach that permits reasoned decisions regarding resource allocation.
Our clients also are faced with compliance challenges from the Payment Card Industry (PCI), the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Acts (GLBA), and other state and federal regulations. These challenges are just the beginning of efforts to truly protect organizations, information, and people in the public and private sectors—compliance does not ensure security.

Tangible understands these challenges and the ever-changing cybersecurity landscape. We have assembled a team of experts with skills and methods derived from military-grade requirements and experiences to execute cybersecurity services tailored to the needs of our corporate customers.

Their Trusted Advisor.