CyTech Services, Inc., a Manassas, VA-based firm led by CEO Ben Cotton, a 21-year veteran of the U.S. Army Special Forces, released the following statement on June 15 regarding the multiple reports prevalent in the news concerning CyTech’s involvement in the OPM breach response.
“It is CyTech’s policy not to discuss our clients or their sensitive operations. However, due to extensive media reporting, we wanted to clarify CyTech’s involvement and the assistance we provided in relation to OPM’s breach response in April 2015,” Cotton said. CyTech Services is a Service Disabled Veteran Owned Small Business (SDVOSB) and the creator of the CyFIR Enterprise™ Incident Response and Enterprise Forensic Investigation Suite.
“CyTech was initially invited to OPM to demonstrate CyFIR Enterprise on April 21, 2015,” Cotton continued. “Using our endpoint vulnerability assessment methodology, CyFIR quickly identified a set of unknown processes running on a limited set of endpoints. This information was immediately provided to the OPM security staff and was ultimately revealed to be malware. CyTech is unaware if the OPM security staff had previously identified these processes. CyTech Services remained on site to assist with the breach response, provided immediate assistance, and performed incident response services supporting OPM until May 1, 2015. During this time, CyTech provided on-site support at OPM to the OPM security personnel as well as representatives of the FBI and US-CERT.”
“As everyone in the incident response industry knows, effective incident response is a coordinated team effort. We were pleased to have assisted OPM in this way and we stand ready to assist OPM further in any way they see fit,” added Cotton about CyFIR’s participation. “The Office of Personnel Management is working hard with limited resources to find the best cyber security tools to protect our nation’s data, and it is to their credit that they were auditioning and implementing new technologies to meet the continual challenges presented by our adversaries.”
“Effective breach response is entirely about one thing–speed to resolution (S2R),” said John Irvine, Chief Technology Officer of CyTech Services. “CyFIR’s rapid security assessment module was designed and built specifically for this type of analysis at the speed necessary to contain the problem quickly. Our technology can rapidly scan all of the running processes on computers in an organization and categorize those programs into good, bad, and unknown groups quickly. With this data, cyber security personnel can take action much faster, because CyFIR dramatically shortens the time it takes to discover, investigate, and remediate a breach through its distributed architecture.”
Source: CyTech Services, Inc.