Cybersecurity
Motion Matters Inc. (MMI) is committed to providing our clients with effective cybersecurity operations through technical methods and means that are sustainable and measurable. With a talented staff of highly motivated and experienced cybersecurity professionals with technical and scientific proficiency, MMI leads the way in developing and leveraging technology that will result in a more secure cyberspace.
Source Protection Process
Identify
Phase 1
Assessment Report:
Evaluate infrastructure vulnerabilities and threats to business continuity
Plan
Phase 2
Prepare Protection Plan:
Policies to address significant threats to business continuity
Monitor
Phase 3
Implementation:
Implement plan inspect and enforce monitor and report review plan
Components of Cybersecurity Risks
Threat
Vulnerability
Impact
(Criticality)
(Criticality)
Maximum Risk
HELPING YOU IDENTIFY VULNERABILITIES AND THREATS
MMI’s cybersecurity engineers are passionate about helping our clients proactively identify risk. We offer tailored assessments to evaluate the security posture of networks and information systems, while employing a prioritized, risk-based approach to securing your most sensitive data. Our engineers adapt an attacker mindset when performing assessments, which allows our cybersecurity professionals to evaluate technology features like an adversary. With a keen eye toward assessing threats and vulnerabilities, MMI engineers begin the task of testing the critical impact of such risks.
All testing is carefully controlled by authorized Rules of Engagement (RoE) and is executed in a highly proficient manner that avoids system impact. MMI utilizes industry best practices by leveraging the Penetration Testing Execution Standard (PTES) and the OWASP testing guidelines. Our engineers hold an impressive range of technical security assessment qualifications, including, but not limited to:
- Offensive Security Certified Expert [OSCE]
- Offensive Security Certified Professional [OSCP]
- GIAC Penetration Tester [GPEN]
- GIAC Web Application Penetration Tester [GWAPT]
- Global Industrial Cyber Security Professional [GICSP]
Focus
We are laser focused on identifying risk and providing value beyond automated tools through multiple testing techniques.
Methodology
We follow industry best practices built on Penetration Testing Execution Standard (PTES), which is compiled and maintained by the InfoSec community.
Mindset
We adopt a creative mindset that allows us to think like an attacker. Mindset during assessment is a key element. Thinking like an attacker allows MMI to assess technology through a different lens and evaluate technology features like an adversary.
Passion
We are passionate about finding vulnerabilities missed by automated tools. When MMI engineers aren’t working on an assessment, they are perfecting their skills.
MMI’s Risk Vulnerability Assessment (RVA) services are comprehensive and include conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations, enterprise or local policy; assessing the levels of risk; and developing and/or recommending appropriate mitigation countermeasures in operational and non-operational situations. The RVA also offers:
- Network Mapping
- Vulnerability Scanning
- Web Application Assessment
- Operating System Security Assessment
- Phishing Assessment
- Wireless Assessment
- Database Assessment
- Penetration Assessment
FIND VULNERABILITIES BEFORE THE ADVERSARY FINDS THEM
Penetration Testing:
Penetration testing is simulated through authorized adversary emulation with the goal of proactively identifying vulnerabilities. MMI follows an established methodology using both automated and manual testing techniques to detect vulnerabilities.
MMI provides the following services for Penetration Testing:
- Network Penetration Testing: Simulating an attacker originating from the Internet [External], or originating from the internal LAN [Internal]
- Application Penetration Testing: Simulating an attacker targeting Internet applications
- ICS Penetration Testing: Simulating an attacker targeting Industrial Control Systems [ICS]
| STEP 1 | STEP 2 | STEP 3 | STEP 4 |
| Scope & Goal Definition | Ports & Service Identification | Vulnerability Detection & Analysis | Analysis & Reporting |
| Success Criteria Definition | Port Scanning TCP & UDP | Vulnerability Scanning | Analyze & Present Findings |
| OS Fingerprint | Security Findings Report | ||
| Banner Grabbing | |||
| Enumeration of Services |
TECHNICAL CYBERSECURITY TRAINING
MMI offers a variety of technical training courses within both offensive and defensive cybersecurity disciplines. We believe that hands-on training in a realistic environment is key to developing the knowledge and skills to be successful in cybersecurity. MMI instructors have over 30 years of combined experience in all aspects of cybersecurity and are extremely passionate about sharing knowledge. Our instructors will teach you how to find sophisticated threats utilizing emulation techniques shared from personal experience–all in a controlled, hands-on laboratory setting.