Solutions

Leviathan does things differently. Leviathan's effectiveness is rooted in our ability to bring a wide range of talent to bear on our customers' needs. We don't just find vulnerabilities, we don't just test services, and we don't just check compliance boxes. We solve our customers' information security needs, and our employees span policy, technical, and legal knowledge. Our best work comes from our ongoing client relationships, where we bring together our skills to create tailored solutions. Below, we've assembled some of the most compelling solutions we've developed for specific customer needs. Want to know if something else is possible? Contact us.

RETAINED SERVICES Our Retained Services model gives our clients a partner for their information security needs as they grow and develop over time. PDF Link

LEGAL SERVICES We offer a variety of security services focused on the needs of law firms, their attorneys, and their clients. PDF Link

INCIDENT RESPONSE & FORENSICS When you have a security incident, Leviathan can help not just to determine what happened, but to help your organization prevent it ever from happening again. PDF Link

RISK AND ADVISORY SERVICES

Leviathan's Retained Services group is a supplement to an organization's security and risk management capability. We offer a pragmatic information security approach that respects our clients' appetites for security process and program work. We provide access to industry leading experts with a broad set of security and risk management skills, which gives our clients the ability to have deep technical knowledge, security leadership, and incident response capabilities when they are needed.

INFORMATION SECURITY STRATEGY DEVELOPMENT We partner with boards, directors, and senior executives to shape your enterprise's overall approach to meeting information security requirements consistently across an entire organization.

ENTERPRISE RISK ASSESSMENT We develop an information asset-centric view of an organization's risk that provides insight to your organization's Enterprise Risk Management capability. This service can be leveraged with annual updates, to account for your organization's changing operations, needs, and priorities.

PRIVACY & SECURITY PROGRAM EVALUATION We evaluate your organization's existing security program to give you information on compliance with external standards, such as ISO 27000 series, NIST CSF, HIPAA, or PCI-DSS among others. This is often most useful before a compliance event or audit, and helps to drive the next phase of growth for your Security and Risk Management programs.

VENDOR RISK ASSESSMENT We assess the risk that prospective vendors bring to your organization. Our assessment framework is compatible with legislative, regulatory, and industry requirements, and helps you to make informed decisions about which vendors to hire, and when to reassess them to ensure your ongoing supply chain security.

NATIONAL & INTERNATIONAL SECURITY POLICY In 2014, we launched a public policy research and analysis service that examines the business implications of privacy and security laws and regulations worldwide. We provide an independent view of macro-scale issues related to the impact of globalization on information assets.

M&A/INVESTMENT SECURITY DUE DILIGENCE We evaluate the cybersecurity risk associated with a prospective investment or acquisition, and find critical security issues before they derail a deal.

LAW FIRM SECURITY SERVICES We work with law firms as advisors, to address security incidents and proactively work to protect client confidences, defend privileged information, and ensure that conflicts do not compromise client positions.  We also work in partnership with law firms to respond to their clients' security needs, including in the role of office and testifying expert witnesses.

SAAS AND CLOUD INITIATIVE EVALUATION We give objective reviews of the realistic threats your organization faces both by moving to cloud solutions and by using non-cloud infrastructure. Our employees have written or contributed to many of the major industry standards around cloud security, which allows their expertise to inform your decision-making processes.

Back to Top

TECHNICAL SERVICES

Leviathan's Technical Services group brings deep technical knowledge to your security needs. Our portfolio of services includes software and hardware evaluation, penetration testing, red team testing, incident response, and reverse engineering. Our goal is to provide your organization with the security expertise necessary to realize your goals.

SOFTWARE EVALUATION We provide assessments of application, system, and mobile code, drawing on our employees' decades of experience in developing and securing a wide variety of applications. Our work includes design and architecture reviews, data flow and threat modeling, and code analysis with targeted fuzzing to find exploitable issues.

HARDWARE EVALUATION We evaluate new hardware devices ranging from novel microprocessor designs, to embedded systems, to mobile devices, to consumer-facing end products, to core networking equipment that powers Internet backbones.

PENETRATION & RED TEAM TESTING We perform high-end penetration tests that mimic the work of sophisticated attackers. We follow a formal penetration testing methodology that emphasizes repeatable, actionable results that give your team a sense of the overall security posture of your organization.

SOURCE CODE-ASSISTED SECURITY EVALUATIONS We conduct security evaluations and penetration tests based on our code-assisted methodology, allowing us to find deeper vulnerabilities, logic flaws,and fuzzing targets than a black-box test would reveal. This gives your team a stronger assurance that the significant security-impacting flaws have been found and corrected.

INCIDENT RESPONSE & FORENSICS We respond to security incidents for our customers, including forensics, malware analysis, root cause analysis, and recommendations for how to prevent similar incidents in the future. 

REVERSE ENGINEERING We assist clients with reverse engineering efforts not associated with malware or incident response. We also provide expertise in investigations and litigation by acting as experts in cases of suspected intellectual property theft.

Back to Top

TRAINING

SECURE DEVELOPMENT LIFECYCLE TRAINING Leviathan provides advanced and basic security development training.  Not only do many compliance and regulatory standards require an SDL, it is a way to accelerate your development and reduce the number of defects in your developed code.

SECURITY AWARENESS TRAINING This is often seen as a mere checkbox for compliance purposes. Leviathan’s approach to Security Awareness Training goes beyond mere check boxes.  Through practical, real-world examples and demonstrations, we link personal to business experiences and create employees who are not only aware of your Corporate Security Policy but invested in upholding it.

ADVANCED DEVELOPER TRAINING This training takes our core module and customizes the training objectives for each client project, utilizing real-world software-defect and security-bug information from project interactions.  Training dollars and effort are directed at identified weaknesses and staff capabilities.  Our training has become a standard for how some of our existing clients train their developers. 

REVERSE ENGINEERING TRAINING This training delves into the complex mechanisms of virus design, malware analysis, hot-patching, and software protection.

SECURE COMMUNICATIONS TRAINING This customized training works with your existing infrastructure and devices (including mobile devices) to create a communications plan and train your employees to communicate efficiently while protecting your most valuable assets.

CONTINUING LEGAL EDUCATION (CLE) PROGRAMS We provide CLE programs related to security, confidentiality, privilege, and secure client communications. Our CLE programs have been accepted for state ethics CLE credit in the past, and we are happy to provide both public and private (in-office) CLE sessions.

SOCIAL ENGINEERING This training assists clients to become more resistant to social engineering attacks.  Through practical application and real world examples, we translate execution into a trainable skillset. Exercises include tests that exploit weaknesses in human nature to gain physical access to target assets, gain valuable information that assist in an attack, or even gain persistent remote access to the target.  

CUSTOMIZED TRAINING NEEDS Leviathan provides security training for both technical and nontechnical audiences, on topics ranging from secure communications and ‘bring your own device’ (BYOD) to counterespionage training, threat analysis, operating in hostile countries and secure process development.

Back to Top

Research

Leviathan's Research and Development team takes “what-if” ideas and brings them to fruition.

Leviathan’s R&D efforts are varied. In the beginning, Leviathan won two DARPA Cyber Insider Threat (CINDER) awards, and was the only CINDER Phase III performer awarded. Some of the resulting technology from our R&D efforts became Lotan, our whole-network attack and crash detection tool.

Currently we pursue a number of different R&D efforts on behalf of a variety of sponsors; these efforts inform our client work, our tools, and the industry as a whole.

Back to Top