Industry Expertise

Financial Services

Software Security has always been a primary concern of the banking and financial services industries. Securing the integrity, availability and confidentiality of information requires an arsenal of software best-practices. It also requires an in depth knowledge of regulatory requirements that may significantly impact ones approach.  Whether its understanding the regulatory standards of bodies such as the FFIEC or specific regulation such as FISMA or BASEL III Cigital’s deep knowledge of the financial services marketplace have made it the choice of 8 out of the top 10 banks in the world.

In today’s business environment, companies must both innovate and “inoculate,” taking a holistic view of security with an eye always on the future. Security is your competitive advantage, and the trust of your customers is your most valuable asset. With that in mind, is your company’s investment in risk management adequate? As trusted consultants, with a long history of advising clients in the financial services industry, Cigital can help you develop the most appropriate security policy and standards as well as  implement the most efficient tools and processes.

  • Architectural Risk Assessments: Cigital conducts comprehensive risk analysis of software architecture through a process of threat modeling, framework analysis, and ambiguity analysis.
  • Secure Code Review: Cigital’s experienced code reviewers conduct comprehensive analysis, using static analysis tools to uncover potential security vulnerabilities.
  • Code Remediation Assistance: Cigital works in parallel with your developers to reduce your risk from vulnerabilities introduced during development of new features and functionality.
  • Penetration Testing: Cigital utilizes ethical hacking techniques to test the security of your assets and stability of your system, providing detailed reporting on opportunities to exploit, as well as remediation advice.
  • Automated Dynamic Analysis: Cigital is well-versed in industry standard tools, providing value added results analysis to remove false positives and provide you with practical remediation advice.
  • Training: We provide a wide range of instructor-led and computer-based classes for all of the roles in your SDLC.

Contact Us

Government

Cigital began its existence as government contractor focused on helping Federal agencies meet the challenge of software quality and security.  For the past 19 years Cigital has been a trusted ally of the federal government in the advancement and evolution of Software Assurance.  Cigital successfully supports the civilian, defense and intelligence communities through our understanding of the unique challenges faced by federal projects, the strict regulations and requirements, as well as the weighty responsibilities with which our clients are entrusted.  Whether is unclassified work or work requiring TS-SCI clearance Cigital has the personnel, skills, and experience to help your agency.

With a track record of unparalleled client satisfaction, Cigital helps government clients improve their software-induced risk profile through the application of Software Assurance best practices and by integrating security into all areas of the software development lifecycle (SDLC).

  • Analysis and Testing: Cigital Federal’s expert consultants measure cyber security and software quality by combining proprietary methodologies, tools, and knowledge to perform software assurance evaluation and full-lifecycle testing via a proven risk management framework.
  • Remediation: Cigital works to close gaps identified during software analysis and testing. Our approach is rooted in principles of enterprise risk management to help prioritize findings.
  • Software Development: A full range of software development services is available to meet the unique needs of our Federal clients. Cigital’s multi-disciplinary teams tailor effective and efficient solutions to solve your toughest problems from requirements … to design, development and test … to rollout and sustainment.
  • Best Practices: Cigital’s thought leaders provide tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development such as Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and the Software Assurance Findings Expression Schema (SAFES).

Cigital Federal’s clients include:

  • Air Force Application Software Assurance Center of Excellence (ASACoE)
  • National Security Agency (NSA)
  • Department of Energy (DOE)
  • Air Force Research Laboratory (AFRL)
  • Department of Homeland Security (DHS)
  • Federal Deposit Insurance Corporation (FDIC)
  • Defense Advanced Research Projects Agency (DARPA)

Cigital Federal maintains a Top Secret facility at our corporate headquarters in Dulles, Virginia.

GSA Schedule 70 Contract Number GS-35F-0108Y

Contact Us

Independent Software Vendors

Whether you are a traditional independent software vendor (ISV) or a “software as a service” company (SaaS) providing customers with online solutions, you must maintain an impeccably high level of reliability and availability. Any exploitable vulnerability can result in bad press, loss of customer confidence and a direct hit to the bottom line.

Ensuring the secure and stable operation of your products requires a commitment that affects People, Process, and Technology.  While you already invest in mature hardware and software based network security solutions such as antivirus, anti spam and firewalls it is also imperative to address the security of your software directly.  The reality is that the overwhelming majority of breaches and failures occur at the software layer specifically due to an over reliance on network security solutions.  Cigital is focused on helping you address security at the application layer.

Cigital helps its customers build software through:

  • Architectural Risk Analysis: To detect and eliminate potential single points of failure and other security flaws in the software’s design. Cigital ensures that the software is robustly designed to withstand active attack, including failover without loss of transactional state data.
  • Software Testing: To ensure that your software soutions can stand up to the most challenging of attacks.  Cigital has unparalled experience in penetration testing and secure code review.  In addition, we have many skilled experts in Test Automation to help organizations build security testing into your development and QA processes.
  • Remediation: At Cigital we are developers by nature.  We have a deep understanding of the challenges and pressures associated with developing commercial applications.  All of our consultants have strong development skills.  We can “parachute” into your development teams in a number of ways and directly help you mitigate security vulnerabilities found in code and design.
  • Security Review: Cigital’s unparalleled approach to software security ensures confidentiality, integrity, and availability of data to you and your customers. Cigital creates and environment where your customers can buy with confidence.
  • Training: We provide a wide range of instructor-led and computer-based classes for all of the roles in your SDLC.

Contact Us

Insurance

The insurance industry is in the business of assurance. Your customers put their faith in you to protect them from uncertainty, and you must earn their trust each day and in every way. As a market leader in software security, Cigital has worked with Fortune 100 companies since 1992. Our extensive work for insurance and financial services organizations means that we understand not only the technology, but also the unique needs of your business. Cigital’s experts are well-versed across all technology stacks and applications types including Web, Client-Server, Mobile, Embedded and Thick Clients.

We offer regulatory compliance and PCI standards expertise, strategic and tactical solutions to safeguard confidential information and help develop and mature your software security program, training for your internal resources, as well as products to ease integration of enterprise-scale security initiatives. Let us work with you to improve your software security posture and reduce your risk in the market.

  • BSIMM (Building Security In Maturity Model) Assessment: We use data gathered from leading corporate software security groups to provide you with a clear understanding of how your practices compare to those of others in the Industry.
  • Software Security Standards: As your trusted advisors, Cigital can help you select the right tools and develop security policy and standards.
  • Architectural Risk Assessments: Cigital conducts comprehensive risk analysis of software architecture through a process of threat modeling, framework analysis, and ambiguity analysis.
  • Secure Code Review: Cigital’s experienced code reviewers conduct comprehensive analysis, using static analysis tools to uncover potential security vulnerabilities.
  • Code Remediation Assistance: Cigital works in parallel with your developers to reduce your risk from vulnerabilities introduced during development of new features and functionality.
  • Penetration Testing: Cigital utilizes ethical hacking techniques to test the security of your assets and stability of your system, providing detailed reporting on opportunities to exploit, as well as remediation advice.
  • Automated Dynamic Analysis: Cigital is well-versed in industry standard tools, providing value added results analysis to remove false positives and provide you with practical remediation advice.
  • Training: We provide a wide range of instructor-led and computer-based classes for all of the roles in your SDLC.

Contact Us

Hospitality & Retail

U.S. consumers use credit cards more frequently than cash and checks combined. When customers give you their credit card information, each transaction is an expression of trust. It is incumbent upon you to protect your customers’ sensitive, private data from unauthorized access or theft wherever this information is stored, processed or transmitted.

Protecting credit card data is particularly challenging for the retail and hospitality industries. Cardholder data captured by point-of-sale systems at the front desk, at a variety of merchant and partner locations, on the internet, and through self-service applications is often stored or processed by disparate systems, from Customer Relationship Management to Enterprise Resource Planning and everything in between. Even newer, more secure applications must share data with legacy applications that do not support the strong authentication and audit capabilities required for Payment Card Industry (PCI) compliance.

Cigital understands the complexity of your business needs and your commitment to service. Our consultants stand ready to design solutions that meet and exceed your goals.

  • Architecture and Design: Years of experience serving large companies means that Cigital consultants are well equipped to assess complex situations, identify vulnerabilities, develop strategic plans and manage both business risks and business realities.
  • Cigital’s Secure Proxy Solution: At the heart of this offering is a cryptographic algorithm that provides a transparent, drop-in replacement or “proxy” for credit or debit card numbers. This means that legacy systems can overcome one of the biggest obstacles to PCI compliance without massive application and database rework, securing sensitive data quickly and cost-effectively.

Contact Us

Healthcare

Today, the healthcare industry faces a number of software challenges. Entrusted with an increasing volume of sensitive data, rapidly evolving technology both presents organizations with a wealth of opportunity and a pressing need for comprehensive risk management.

As a market leader in software security, Cigital’s extensive work with health care organizations means that we understand not only the technology, but also the unique needs of your industry. We help health care industry organizations effectively manage risk and meet requirements for confidentiality, integrity, availability and accountability, offering HIPAA regulatory compliance and standards audits and expertise, as well as strategic and tactical solutions to safeguard confidential information. Our consultants can help develop and mature your software security program, provide training for your internal resources, as well as introducing products to ease integration of enterprise-scale security initiatives.

  • BSIMM (Building Security In Maturity Model) Assessment: We use data gathered from leading corporate software security groups to provide you with a clear understanding of how your practices compare to those of others in the Industry.
  • Software Security Standards: As your trusted advisors, Cigital can help you select the right tools and develop security policy and standards.
  • Architectural Risk Assessments: Cigital conducts comprehensive risk analysis of software architecture through a process of threat modeling, framework analysis, and ambiguity analysis.
  • Secure Code Review: Cigital’s experienced code reviewers conduct comprehensive analysis, using static analysis tools to uncover potential security vulnerabilities.
  • Code Remediation Assistance: Cigital works in parallel with your developers to reduce your risk from vulnerabilities introduced during development of new features and functionality.
  • Penetration Testing: Cigital utilizes ethical hacking techniques to test the security of your assets and stability of your system, providing detailed reporting on opportunities to exploit, as well as remediation advice.
  • Automated Dynamic Analysis: Cigital is well-versed in industry standard tools, providing value added results analysis to remove false positives and provide you with practical remediation advice.
  • Training: We provide a wide range of instructor-led and computer-based classes for all of the roles in your SDLC.

Contact Us

Utilities

For our nation’s utilities, reliability and security are paramount; downtime is simply not an option. Particularly at a time when the electric grid is undergoing a smart grid transformation that brings along with it increased connectivity, remote access, decentralized control and more complex software – getting cyber security right becomes a key requirement.

Cigital is helping our nation’s utilities manage mounting cyber security threats they face from natural disasters and malicious attacks. Through our work with electric utilities, smart grid vendors, the U.S. Department of Energy (DOE), the Department of Homeland Security (DHS), and the National Rural Electric Cooperative Association (NRECA), Cigital has been leading the effort to help the electric industry raise the bar when it comes to cyber security.

  • Assessment and Planning: Cigital will review current cyber security controls, including enterprise architecture, network and platform security, software and database review, and wireless/mobile security assessments.
  • Architecture and Design: Our years of experience serving large companies means that Cigital consultants are well equipped to assess complex situations, identify vulnerabilities, and develop strategic plans for remediation.
  • Training: Review key processes and security policies, and provide training to developers and other key staff. Cigital offers both instructor-led and computer-based training options to ensure that your staff is up to speed.

To learn more about Cigital’s work with specific client types in the Utility and Smart Grid Space click one one of the following links:
Electric Utilities
Energy Sector Vendors

Contact Us

Online Gaming

The rapid evolution of online gaming means that your credibility depends on successful navigation of the complicated security issues surrounding virtual economies and distributed systems. Your organization must address the fairness and security needs of customers, licensing bodies, industry organizations and the media.

Cigital’s online gaming security practice was founded on our extensive experience providing hands-on consulting services to some of the largest gaming companies in the world.

Cigital’s core offerings for the online gaming market include:

  • Software Security Assessments: Cigital is the leader across many industries in providing architectural and code level software security assessments. In today’s market software security vulnerabilities are becoming daily news items. Cigital helps you uncover these vulnerabilities and provides you with the mentoring and training to mitigate them and reduce the possibilities of having them reintroduced into your code. Architectural risk analysis (ARA), static and dynamic code reviews, security testing and training are just a few of our offerings. Contact Cigital today to learn more about how you can reduce your risk and develop cleaner, more secure code.
  • The SafeBet Standard Certification: An industry first for the online gaming community, SafeBet certification enables you to publicly and objectively demonstrate the fairness and security of your offerings.
  • Research and Development: As an independent third party, Cigital can provide you with the solutions you need across all areas of software development and security to assure a timely, secure and accurate delivery of your product to market.
  • RNG Assessments: The simplest way to verify a random number generator (RNG) is to use industry standard statistical test suites (NIST, Diehard, etc). But what good is a top-notch RNG solution if something in your code introduces predictability? We apply our code-level software security expertise to ensure that your RNG remains random in use.

Contact Us

Telecom

While standards have continued to meet end user and industry needs in the Telecom industry, users are more networked than ever before, which can give attackers open gateways to huge volumes of commercially valuable information. In recent years, a surge in security violations (such as viruses and breach of confidentiality of stored data) has been observed throughout global networks, and often resulted in major cost impacts.

Cigital’s core offerings for the telecommunications market include:

  • Architectural Risk Assessments: Cigital conducts comprehensive risk analysis of software architecture through a process of threat modeling, framework analysis, and ambiguity analysis.
  • Secure Code Review: Cigital’s experienced code reviewers conduct comprehensive analysis, using static analysis tools to uncover potential security vulnerabilities.
  • Software Security Standards: As your trusted advisors, Cigital can help you select the right tools and develop security policy and standards.
  • Penetration Testing: Cigital utilizes ethical hacking techniques to test the security of your assets and stability of your system, providing detailed reporting on opportunities to exploit, as well as remediation advice.
  • Training: Review key processes and security policies, and provide training to developers and other key staff. Cigital offers both instructor-led and computer-based training options to ensure that your staff is up to speed.

Contact Us