DevOps and information security CAN co-exist in modern software development environments. Let BITCON's experts assist your enterprise in leveraging automation to bolster security testing within your continuous integration and delployment pipelines. We have assisted several large enterprises with integrating rigorous security testing within DevOps. At BITCON, we also refer to this as "Rugged DevOps".
Enterprise Security Architecture
Application Security / DevOps
SIEM Architecture & Implementation
Vulnerability & Penetration Testing
PCI DSS Gap Assessment
HIPAA-HITECH and Meaningful Use
Corporate Security Assessment
Vision Security Monitoring
PII Finder Data Discovery as a Service
Managed Vulnerability Scanning
Managed Perimeter Security Monitoring
In addition to Application Security Consulting, Vulnerability Scanning, and Penetration Testing, BITCON’s Professional Services business is prepared to take your security to the next level. Our engineers are certified in many of today’s most important technologies and systems. We can perform Hawkeye PII Finder data discovery as a professional service in addition to configuring it within a broader system via our Managed Security Services architecture.
Once shortcomings have been identified, our engineers stand ready to assist you with immediate remediation tasks as well as planning for your future architecture to prepare you for a more secure future.
As partners with HP, IBM, Sophos, Vormetric, RSA, and more, BITCON is uniquely qualified to assist your business with security tool implementation and engineering, as well as SIEM architecture and implementation. Once implemented, we stand ready to assist you with maintenance and even staff augmentation if necessary to keep your systems running smoothly. Supported by our 24x7 SOC, our services are ready to help you now and in the future.
BITCON’s Virtual Information Security Officer (VISO) is our security specialist who serves as an extension to your business and is responsible for the development, implementation and management of your organization's corporate security vision, strategy and programs. The virtual information security officer is retained on a contractual basis and provides critical decision making support related to both physical and information security issues.
The virtual information security officer works across all business and functional lines to ensure a strategic and comprehensive approach in mitigating operational risks. Through research and benchmarking, our VISO will work with you to be compliant with regulatory mandates, and define your desired state. They will also assess your current state, and initiate security program development based on a gap analysis. The Virtual ISO cycle is complete with strategic planning (prioritization, tasks, and timelines).
BITCON’s Hawkeye family of managed security services provides cost-effective turnkey solutions to solve some of the most difficult security problems facing your organization. Whether your need is Security Monitoring and Log Management (Vision) or PII Discovery (PIIFinder), there’s a Hawkeye Managed Security Service solution that addresses it.
Hawkeye Vision's real-time threat intelligence feeds provide up to the moment data on potentially suspicious hosts and potential attacks. Unlike traditional SIEM tools where you’re expected to develop rules and reports, BITCON’s team of skilled security engineers have already done the work for you.
Hawkeye Assesments provides visibility into security assessment reporting. For example, access to regularly scheduled penetration testing issues enables organizations to more effectively anticipate security risks and prevent breaches to critical systems and valuable information.
BITCON's Hawkeye PII Finder solution is a proven software/service offering that leverages broad datasource capability with scalability, backed by professional engineers. Designed to find a virtually limitless variety of sensitive data, PII Finder is especially tailored to quickly and accurately discover Credit Card, Financial, Health and Insurance data wherever they may be.
BITCON's tested and proven methodology enables us to assess your existing security tool portfolio, perform rationalization to eliminate functional redundancies, quickly develop and execute a plan to configure tools to their optimum state while fulfilling your organization’s compliance and security requirements.
BITCON’s Risk Management & Security Assessments establishes the current baseline security of a Company, focusing on people, process and technology. Our security assessment provides an analysis of the technical security controls and mechanisms, following a proven methodology for identifying and reducing risk.
BITCON models the assessment to meet your industry, legislative, and regulatory compliance requirements. We perform assessments and audits for various size organizations, from complex enterprises to small and medium businesses, as well as for different industries with multiple regulatory requirements, such as: financial services, government, communications, healthcare, energy, oil and gas and retail.
Our security specialists can help you gain an understanding of your current information security status to help limit the potential impact of vulnerabilities and provide a plan for incremental improvements to tighten the security of the company.
BITCON consultants follow the follwing high level methodology for all risk assessments:
Conducting a Gap Assessment is the first step to identifying and implementing safeguards necessary to meet compliance. BITCON helps companies find gaps that may exist between your current security posture and internal or regulatory compliance requirements.
Remediating Gaps & Vulnerabilities is critical because these are indicators of an enterprise overall lack of security. In addition, gaps may lead to a security breach which may result in penalties, which greatly vary and are determined by the date of the violation, whether the organization knew, or should have known, about the violation and whether the violation was due to willful neglect. BITCON has consulting services and tools that can assist clients in remediating compliance issues.
The reality is that achieving security and compliance are not events but a process, an on-going process that requires compliance activities every month with documentation and evidence to support the accomplishment of these activities. BITCON helps you to centrally automate and manage controls, policies and procedures across multiple compliance frameworks, and provides a real-time view into the status of your compliance and security programs.
From the first mention of DevSecOps (we like to refer to it as Rugged DevSecOps) in a blog entry by McDonald (Gartner) in January 2012, practitioners have since struggled to properly integrate security into the DevOps processes. The challenge for security practitioners hasn't changed with DevOps, but has become an even greater challenge. Security must show that they have the expertise to collaborate with development and operational teams. BITCON's experts have successfully completed security integrations into enterprise development lifecycles (SDLC) for over a decade. For years, security practitioners have used the traditional approaches to integrating security into enterprises (requirements, tollgates, validation).
This will not work in a DevOps environment.
At BITCON we have understood for years that development organizations know how to build quality software and only need the tools to do so. Only application security experts with 'DevSecOps' expertise can successfully collaborate with DevOps team to build fast, effective security automations and processes.
Let BITCON's team of experts assist you in your next DevSecOps deployment.
Web applications are an important part of business operations. However, web applications can be easily exploited by hackers who may attempt to steal sensitive data or simply deface the site. Companies who conduct business over their web sites face additional challenges. The Payment Card Industry (PCI) Security Standards Council requires companies who process credit cards over the Internet to either complete a Web Application Vulnerability Assessment or a Web Application Firewall. BITCON’s application security engineers have the expertise in the latest application vulnerabilities and assessment methods to assist you if your company is seeking PCI certification or simply wants to ensure that there are no weaknesses in your web applications.
The National Institute of Standards and Technology estimates that nearly 92% of security breaches are facilitated by weaknesses in web applications.
BITCON employs certified security practitioners in a number of functional areas including Application Security. In addition to certifications and years of experience, our consultants are active in the community with membership in several user groups and foundations. Our consultants were founders of the Atlanta OWASP chapter.
BITCON offers Application Security Services in these key areas:
SecDevOps - BITCON consultants have experience working with enterprise clients to incorporate security testing within Agile organizations including the integration of security testing into on-prem and cloud based CI/CD pipelines.
Web Application Security Testing - Our web application security penetration testers have the necessary background and expertise in web application development to provide top notch security testing. We’ve performed web application testing for some of the world’s largest retailers, financial institutions and consumer products companies. We provide a risk assessment report that is tailored to your environment and applications.
Web Application Firewall - Network firewalls and intrusion detection systems can not protect web applications. Let our experts help you select and implement the web application firewall that is appropriate for your needs.
Application Security Consulting - Our consultants have performed
application security consulting for a number of Fortune 100 companies. Our consultants understand the importance of the Three Pillars of Software Security:
Hawkeye Vision is pre-configured with hundreds of rules to detect a wide variety of potential issues affecting the security of your network and data. Unlike traditional SIEM tools where you’re expected to develop (or hire expensive consultants to develop) rules and reports, BITCON’s team of skilled security engineers have already done the work for you. Plus, our real-time threat intelligence feeds provide up to the moment data on potentially suspicious hosts and potential attacks.
BITCON's Hawkeye PII Finder Data Discovery solution is a proven software/service offering that leverages broad datasource capability with scalability, backed by the professional engineers at the BITCON. Designed to find a virtually limitless variety of sensitive data, PII Finder is especially tailored to quickly and accurately discover Credit Card, Financial, Health and Insurance data wherever they may be.
Whether it's within files on Windows shares, stored in databases (Oracle, MSSQL, MySQL, MongoDB, DB2, etc), housed in a Mainframe datastore, or just lurking on a remote UNIX filesystem, PII Finder can discover the data.
Let BITCON's Managed Security Services offering reduce security tool complexity and improve efficiency.
Mr. Burke has over 25 years of IT experience with 17 years within the information security profession. A CISSP, CSSLP, and former PCI DSS QSA, Mr. Burke worked as a software engineer for several metro Atlanta software companies including IBM Internet Security Systems and eShare Technologies.
Mr. Burke’s most recent work has been in the areas of Cloud Security, DevSecOps, and Application Security consulting. Mr. Burke also founded the Atlanta chapter of the Open Web Application Security Project (OWASP).
He has a B.S. in Computer Science from Georgia Southwestern State University and a M.S. in Management Science from Troy University.
Eric Adair is a seasoned security professional with more than fifteen years of IT security experience, most recently focusing on security monitoring and IT infrastructure security assessments and penetration testing. He has SOC development, security monitoring, global security assessments assessments and other security consulting work for numerous clients around the world, from SMBs to large Fortune 100 corporations.
His engineering skills and experience working with large multinational corporations enables him to quickly understand a client’s IT infrastructure, identify potential security issues and develop targeted and actionable recommendations for improvement.
Arlane Gordon-Bray has over 10 years of experience as a defense and foreign policy professional. Her last role was the Executive Director of the Institute for Strategic Analysis (ISA) at Carnegie Mellon University.
Experienced as a consultant in aviation and defense risk management, she has provided strategic management and strategic planning consulting to the Attorney General’s Department of South Australia, the East African Community, and Pittsburgh community organizations.
Arlane holds a B.A. in International Studies concentrating in World Politics and Policy from Virginia Tech. She also has a Master’s of Public Policy and Management from the H. John Heinz III College at Carnegie Mellon University as a Public Policy and International Affairs Fellow.
Companies use a variety of tools to manage and monitor the security of their network and application infrastructure, picked acording to their needs and requirements. They are generally expensive, and it's imperative that the output be actionable and properly directed. In order to assure proper operation, the tools themselves must be kept healthy, current, and properly configured. This is time consuming and requires a broad skillset to perform effectively, a skillset not often present or affordable for the companies. BITCON offers a world-class Managed Tool Security Service (MTSS) from our Security Operations Center based in Atlanta to address these needs and more in a secure, economical fashion.
Typical customers have 10-25 security products to combat the persistent threats from the hostile world they operate in. The constant threat combined with the high cost and a shortage of skilled security engineers has put many companies at risk. Simply put, companies are unable to maintain and utilize the strategic investment in core security technologies to maximize their potential use. BITCON offers a comprehensive MTSS that will manage any security technology that the customer has acquired.
BITCON’s tested and proven methodology enables us to assess your existing security tool portfolio, perform rationalization to eliminate functional redundancies, quickly develop and execute a plan to configure tools to their optimum state while fulfilling your organization’s compliance and security requirements.
With BITCON’s MTSS, we either maintain the tools located at your facility or hosted in our SOC which allows your engineers to focus on securing your organization. Our fully staffed 24.7.365 operations center monitors and maintains tool availability, health, applies patches and performs version upgrades to keep your security tool environment in optimal shape. BITCON will also perform vulnerability scans, develop reports, policies, develop tool content, and provide incident investigation for your security tool portfolio.
470 East Paces Ferry Rd NE
Atlanta, GA 30305