Air Force Signs $10.2M Contract with Telos to Provide Application-level Security.Air Force's Electronic Systems Group will Work with Telos to Create Application Software Assurance Center of Excellence to Promote Security Best Practices Across the Service ASHBURN, Va. -- Telos([R]) Corporation today announced the U.S. Air Force's 754th Electronic Systems Group (754 ELSG ELSG Executive Level Steering Group ELSG 754th Electronics System Group (replaces OSSG for Gunter AFB, AL) ELSG Expeditionary Logistics Support Group ) has awarded the company a two-year contract under NETCENTS NETCENTS Network-Centric Solutions (US Air Force) worth a minimum of $10.2M and up to $75M to provide application-level security. The contract team will provide software and services to the 754 ELSG at Maxwell AFB AFB abbr. acid-fast bacillus AFB Acid-fast bacillus, also 1. Aflatoxin B 2. Aorto-femoral bypass - Gunter Annex in Montgomery, Ala., to build an Application Software Assurance Center of Excellence (ASACoE). The center of excellence will be tasked with establishing application security best practices Air Force-wide. "Network security solutions, including firewalls, weren't designed to handle all application layer attacks," commented Telos CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. John B. Wood. "They don't detect all the threats to applications, let alone protect against them, leaving organizations exposed. With the additional security provided by this effort, the Air Force will be better able to defend against application-level attacks. Telos has pulled together a formidable team of security experts and solutions - not just to protect bases, but more importantly, to help the Air Force establish guidelines and best practices across the service." The solutions Telos will deliver are designed to ensure that applications address security hand-in-hand with performance and application availability. As the prime contractor, Telos assembled a powerful team, including application security industry leaders that specialize in source code analysis, web application penetration and security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, , application shielding, database monitoring, training and implementation services. The team includes Cigital, Inc., Fortify Software Fortify Software is a Palo Alto, California-based software vendor. The company was founded in 2003 and provides software security products that identify and remove security vulnerabilities from software applications throughout the development, testing, and deployment cycles. , Inc., IBM/Watchfire Corporation and Application Security, Inc. Cigital will assist Telos in providing the Air Force with industry-leading services in software security analysis and engineering that include: organizational risk assessment and planning; application risk assessments; portfolio risk assessment and management; collaborative mentoring; and other application security supporting services. With proven processes and methods, Cigital specializes in implementing software security and enterprise architecture programs in the government and commercial environments. They will also help identify and implement best practices for integrating security into all areas of the Air Force's software development processes. Telos will deliver products and services related to key application security areas, tapping leaders in each respective area to provide the Air Force with best-in-class service. Source Code Analysis Fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. Source Code Analysis (SCA (Single Connector Attachment) An 80-pin plug and socket used to connect peripherals. With a SCSI drive, it rolls three cables (power, data channel and ID configuration) into one connector for fast installation and removal. ) was selected to analyze the source code of Air Force-developed applications. Fortify SCA is the world's most widely used source code security analysis solution. Its advanced features enable security professionals to review more code and prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. issues in less time, while helping development teams identify and fix issues early and with less effort. Fortify SCA supports a wide variety of languages, frameworks and operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and delivers depth and accuracy in its results. Penetration Testing A test of a network's vulnerabilities by having an authorized individual actually attempt to break into the network. The tester may undertake several methods, workarounds and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, Telos selected Watchfire([R]) AppScan([R]) to automate web application security testing. AppScan is the market leading web application security scanner Web Application Security Scanners (or Web Application Vulnerability Scanners) are tools designed to automatically scan web applications for vulnerabilities. These tools work as black-box tester; meaning that, unlike Source Code Scanners, they don't access the source code and then, need to that identifies, validates and reports on application security vulnerabilities. AppScan offers a solution for all types of security testing--outsourced or in-house--and for all types of users--application developers, quality assurance (QA), penetration testers, security auditors and senior management. The Fortify Tracer tool was selected to accompany the Watchfire AppScan tool because of its smooth integration with other tools in the Fortify suite. Application Shielding Fortify Defender was selected to provide application shielding. The software offering protects important applications from hackers and malicious insiders. In addition to mitigating risk by shielding security flaws within the application code, Fortify Defender gives security and production teams a powerful solution to monitor and fight back against malicious probing and attacks such as SQL injections SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not and cross-site scripting See XSS. . Database Monitoring Application Security's DbProtect[TM] was selected as the best and most comprehensive database security solution on the market. DbProtect monitors and audits database usage in real time to prevent security breaches. It can set security policies by examining live database traffic and identifying legitimate and illegitimate activity. DbProtect discovers database assets, uses pre-defined or custom policies to scan for vulnerabilities and it reports and remediates vulnerabilities, ensuring complete database security. It also monitors for identified vulnerabilities and malicious behavior including insider threats. "We're incredibly excited about the opportunity before us with the Air Force and about the team we've assembled," commented Ron Dorman, vice president of IA Solutions for Telos. "By helping to stand up a center of excellence for application software assurance, we're helping the Air Force promote awareness of and best practices for application-level security. We will provide the tools, train their developers and testers, provide mentors, and perform assessments so they can secure applications effectively, protecting the sensitive information that in turn helps protect the nation." About Telos Corporation Telos Corporation has provided innovative IT solutions and services to the federal government for more than 30 years. Telos and Xacta Corporation, its subsidiary for security solutions, have since 1989 ensured that the government's most security-conscious organizations comply with demanding federal and DoD information security mandates. Xacta offerings include enterprise IT security management solutions, enterprise security consulting services Noun 1. consulting service - service provided by a professional advisor (e.g., a lawyer or doctor or CPA etc.) service - work done by one person or group that benefits another; "budget separately for goods and services" , secure networking, secure enterprise messaging, and secure identity management solutions. Xacta solutions are represented to the federal government on Telos' GSA (1) (Global mobile Suppliers Association, Sawbridgeworth, U.K., www.gsacom.com) A membership organization of suppliers of GSM products and services. Its goal is to promote GSM as the worldwide mobile communications standard. See GSM Association and GSM. schedule. For more information, visit www.Telos.com or www.Xacta.com. "Xacta" is a registered trademark of Xacta Corporation. "Telos" is a registered trademark of Telos Corporation. All other product, service and company names are trademarks or registered trademarks of their respective holders. Xacta Corporation is a subsidiary of Telos Corporation. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion