DMS RFI

State of FL – DMS RFI i

Department of Management Services

REQUEST FOR INFORMATION

Cyber-Security Assessment, Remediation, and Identity

Protection, Monitoring, and Restoration Services

3 September 2015

6506 Loisdale Rd, Ste 325

Springfield, VA 22150

Contact: Andrea Suzara Bennett

703-224-8966

DMS RFI

State of FL – DMS RFI

1

Table of Contents I. introduction: ...............................................................................................................................2

Cloudburst Security brings over 8 years of proven experience providing Incident Response

services to numerous government and commercial clients. We have led Incident

Response efforts for high-profile, mission critical government agencies, in several cases

our staff received customer awards for their dedication and positive impact on response

and mitigation efforts. We stand ready to partner with the State of Florida to improve

cyber security posture and respond appropriately to cybersecurity incidents. .................2 II. Background: ..............................................................................................................................2 III. COntact information ...............................................................................................................2 Iv. Response ....................................................................................................................................2

1. Pre-INCIDENT services ..........................................................................................................2 a. Incident Response Agreements – Terms and conditions in place ahead of time to allow

for quicker response in the event of a cyber-security incident. .............................................2 b. Assessments - Evaluate a State Agency’s current state of information security and

cyber-security incident response capability. ..........................................................................2 c. Preparation– Provide guidance on requirements and best practices. .................................3

d. Developing Cyber-Security Incident Response Plans– Develop or assist in development

of written State Agency plans for incident response in the event of a cyber-security

incident. 3 e. Training– Provide training for State Agency staff from basic user awareness to technical

education. ...............................................................................................................................3

2. Post incident services .................................................................................................................3 a) Breach Services Toll-free Hotline .....................................................................................3

b) Investigation/Clean-up.......................................................................................................3

c) Incident response ...............................................................................................................4

d) Mitigation Plans .................................................................................................................4 e) Identity Monitoring, Protection, and Restoration ..............................................................4

DMS RFI

State of FL – DMS RFI

2

I. INTRODUCTION:

Cloudburst Security brings over 8 years of proven experience providing Incident Response

services to numerous government and commercial clients. We have led Incident Response efforts

for high-profile, mission critical government agencies, in several cases our staff received customer

awards for their dedication and positive impact on response and mitigation efforts. We stand ready

to partner with the State of Florida to prepare for cybersecurity incidents and to provide rapid

expert incident response and mitigation services should an incident occur.

II. BACKGROUND:

Today’s cyber threat environment requires advanced

Incident Response capabilities to rapidly respond and mitigate

impact from cyber incidents. No organization is immune.

Cloudburst Security draws upon our advanced cyber threat

intelligence, security operations, security engineering, and

incident response capabilities to bring a complete and

optimized Incident Response solution to our customers, which

minimizes negative impacts from cybersecurity incidents.

III. CONTACT INFORMATION

Company Name: Cloudburst Security

POC: Andrea Suzara Bennett, President

Phone: 703-347-9258

Email: andrea.bennett@cloudburstsecurity.com

IV. RESPONSE

1. PRE-INCIDENT SERVICES

a. Incident Response Agreements – Terms and conditions in place ahead of time to allow for

quicker response in the event of a cyber-security incident.

Cloudburst Security offers Pre-Incident Services to both commercial and government clients. For

example, we provided Pre-Incident Services as well as surge Incident Response support to the

Federal Housing Finance Agency, Office of Inspector General (OIG). This includes annual

review of their Incident Response capabilities, processes, and procedures, review of their

security tool configurations, and urgent incident response services should an incident occur.

b. Assessments - Evaluate a State Agency’s current state of information security and cyber-

security incident response capability.

We provide assessments of information security and incident response capabilities. We have

performed over 300 cybersecurity assessments for both commercial and government clients,

including incident response capabilities. Our information security assessment experience

includes a wide range of assessment types, including vulnerability assessment, risk assessment,

penetration testing, spear phishing exercises & training, physical security assessments, social

The Cloudburst Difference

Provided key surge support to Office of Secretary of Defense during APT Incident

Over 8 years’ experience dealing with Advanced Persistent Threat (APT)

Incident Response Team has average of 14 years’ experience

Offering Incident Response as a Service to multiple government & commercial clients

Advanced cyber threat intelligence capability

Women-Owned Small Business

DMS RFI

State of FL – DMS RFI

3

engineering, security operations capability assessments, incident response capability

assessments, application security, compliance-focused assessments (HIPAA, FISMA, PCI, etc.),

and security architecture assessments.

c. Preparation– Provide guidance on requirements and best practices.

Cloudburst offers incident response preparation services based on customer and industry-

specific requirements and best practices such as NIST Special Publication 800-61, 800-83 and

others, as well as our own practical experience gained from over 8 years performing Incident

Response.

d. Developing Cyber-Security Incident Response Plans– Develop or assist in development of

written State Agency plans for incident response in the event of a cyber-security incident.

A well-written, oft-exercised Cybersecurity Incident Response plan is a crucial component in

a mature Incident Response capability. Cloudburst Security has deep experience not only

developing plans, but also in creating realistic scenarios and leading Incident Response exercises.

e. Training– Provide training for State Agency staff from basic user awareness to technical

education.

We provide cybersecurity training of several types and levels. For example, we recently

developed a cybersecurity awareness training for a local bank’s business users. We have also

coordinated training events, developed and delivered highly technical training for government

clients such as the Office of the Secretary of Defense (OSD). Cloudburst Security has over 8 years’

corporate cybersecurity experience, and our average consultant has over 14 years’ cyber

experience—this experience—and our passion for protecting client networks and educating users

on cyber threats uniquely qualifies us to provide cyber training services for the state of Florida.

2. POST INCIDENT SERVICES

a) Breach Services Toll-free Hotline

Cloudburst Security does not offer this service.

b) Investigation/Clean-up

We offer a premier capability to rapidly investigate, respond, and remediate serious network

incidents. For example, at OSD, we provided crucial surge support during an urgent Advanced

Persistent Threat (APT) incident. Upon confirming the critical nature of the incident, our staff

began incident response services within 1 hour. Our staff led rapid engineering and deployment of

an enterprise forensics tool suite, performed network sweeps to determine the extent of the

incident, and worked with internal and external teams to isolate and eradicate the threat, return to

normal operations, and develop tactical and strategic plans to prevent similar recurrences.

DMS RFI

State of FL – DMS RFI

4

c) Incident response

Cloudburst understands the urgency Incident Response situations require, and have over 8

years’ experience providing Incident Response to federal and commercial clients. We possess

experience in computer incident response gained over many years supporting Computer Incident

Response Team (CIRT) processes throughout the Federal government and our own managed

services and incident response services team. Our Incident Response Team is staffed with highly

qualified, certified cybersecurity professionals with instant reach-back to over 100 cyber security

specialists in various cyber domains.

d) Mitigation Plans

Developing effective incident mitigation plans requires a comprehensive understanding of

multiple cybersecurity knowledge domains and an ability to rapidly take information from

investigation and incident response activities and turn it into appropriate countermeasures.

Cloudburst Security has over 8 years’ experience in all areas of cybersecurity, including security

architecture and engineering. For example, at OSD not only did we perform incident response and

rapid engineering/deployment during the response process, but we also assisted in mitigation

planning and improvements based on information learned from the attacker tactics, techniques,

and procedures (TTPs).

e) Identity Monitoring, Protection, and Restoration

Cloudburst Security does not offer this service.

V. SERVICE CATALOG

Cloudburst Security’s GSA IT-70 Schedule (GS-35F-0235Y) can be accessed through

https://www.gsaadvantage.gov/

We have also included an overview of cyber security capabilities as separate attachments.

0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0

1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0

1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 1 0 1

Cyber threat intelligence is integral to everything we do at Cloudburst, from Tier I

Analysts to our senior SME’s—they are all armed with an arsenal built from almost 10

year’s experience dealing with Advanced Persistent Threat (APT) while protecting some

of the most critical networks and systems in the country. We’ve built an advanced analysis

support platform that allows us to quickly categorize events with high confidence level,

focus analysis cycles on advanced threats, and move deliberately yet quickly through

incident response phases from incident detection to remediation.

ADVANCED THREATS DEMAND AN ADVANCED PLATFORM

We built our analysis support platform by listening to the needs and concerns of our

security operations analysts about their current tools, perceived or real capabilities gaps,

and workflow. In a nutshell we asked, what would make your analysis faster, more

accurate, and more focused? The result: a highly responsive, collaborative, and dynamic

system that enables analysts of all skill levels to spend more of their time focused on

detecting the attacks that pose the greatest risk to our clients.

Contact Cloudburst to Learn More

Cloudburst Security | 6506 Loisdale Rd., Suite 325 | Springfield, VA 22150 703.224.8966 | info@CloudburstSecurity.com | www.CloudburstSecurity.com

Notable Facts:

• Founded in 2006• Women-Owned Small Business• 100% Cybersecurity focused• 96% of staff hold TS clearance• 95% employee retention rate• 90% of staff hold security certifications• Headquartered in Springfield, VA

Client Sectors

• Federal Civilian• Homeland Security• Defense & Intelligence• Healthcare• Financial• Energy/Critical Infrastructure• Nonprofit

Full Cyber Threat Intelligence Integration with Security Operations

INTEL PORTAL• Near real-time Intel/Threat Feeds• Indicators of Compromise• Malware Database• Threat Cards• Intel/Threat Report Products

CLOUDBURST INTEL-DRIVEN ANALYSIS• Threat Analysis & Research• Query Engine• Real-time Analyst Collaboration• 24x7 Network Monitoring & Defense• Automated Sensor Integration

CUSTOMER BENEFITS

• Faster identification & remediation of Advanced Threats

• Reduced cost through focused analysis cycles

• 24x7 access to threat experts for research & analysis requests

• Flexible, scalable support & subscription model

0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0

1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0

1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

ANALYSISRESEARCH RESULTS

Proactive Cybersecurity SolutionsDo you feel overwhelmed by the �ood of cybersecurity threats facing your organization? Are you looking for an experienced, innovative cybersecurity partner that you can rely on to help you face today’s serious cyber threats head on?

Cloudburst Security can help. Cybersecurity is our business and passion—we have provided a full spectrum of cybersecurity services to our clients since 2006, and our consultants have an average of 15 years experience delivering critical cyber support to federal and commercial clients of all sizes and mission types. We pride ourselves on providing the industry’s best minds to reduce our client’s risk and impact from cyber threats.

Unique Approach, Industry Leading ExpertiseOur consultants are known throughout the federal cybersecurity community for their leadership, professionalism, and timely sharing of high quality analysis and reporting, which assists customers in the protection of their networks. The combination of our industry leading experts and unique approach results in mission assurance for our clients.

Service O�eringsOur services are designed to �t your overall business objectives, while ensuring your organization’s compliance with government, industry, and corporate regulations and policies.

Cybersecurity Services:• 24x7 Security Operations Monitoring• Managed Security Services• Security Architecture & Engineering• Cyber Threat & Intelligence Analysis• Malicious Code Analysis & Reverse Engineering• Enterprise Risk Assessment• Vulnerability Assessment• Penetration Testing• Software Assurance• Assessment & Authorization• Compliance services (FISMA, HIPAA, PCI)• Security Policy Development

Quick Facts:• 100% Cybersecurity Focused• Founded in 2006• Headquartered in Spring�eld, VA within 15 miles of Washington DC • Top Secret Facility Clearance

Cloudburst Security is a Women-Owned Small Business

NAICS Codes: 518210 541611 541330 541618 541411 541690 541512 541990 541513 561611 541519 561621Contract Vehicles: GSA IT-70 Schedule: GS35F0235Y Navy Seaport-e: N000178-12-D-7817

Supported Clients & Sectors:• Department of Treasury• Department of Defense• Department of Energy• Department of Homeland Security• Banking & Finance• Healthcare• Non-Pro�ts• Manufacturing