Black Hills Information Security: Fueling Security with Innovation and Education
John Strand, Owner & Security AnalystAmidst the challenges pertaining to an evolving threat landscape, ensuring security is undoubtedly a continuous process. No matter how sophisticated a security system or policy is, there is always a scope for improvement. Considering that network technologies and application features are evolving at scale, the associated security vulnerabilities also increase— making “security” all the more important. Today, penetration testing has become the de facto standard for determining security risks and eradicating vulnerabilities. Apart from the right security testing approach, tools, and methodology, one thing that every organization needs to have in place is a proper understanding of information security. For the same, who can be better than the experts in the information security industry solely dedicated to the novel cause of educating the society on adopting the right security measures? Founded in 2008 as a provider of network penetration testing services—Black Hills Information Security (BHIS)—is making a difference with its outlook toward uncovering vulnerabilities and improving overall security. Having carved a niche for themselves in the cybersecurity market, BHIS is renowned for its penetration testing approach that simply doesn’t stop at uncovering vulnerabilities. When most enterprises are playing catch-up with hackers, BHIS’s mission is to educate everyone on information security and ensure improved security measures in the community.
“Our biggest differentiator is the fact that we dedicate a large amount of time contributing to the knowledge growth of the entire global community. We share our security knowledge and expertise through blogs, regular webcasts, open-source projects, development of assessment tools, and our Backdoors & Breaches card game.,” asserts John Strand, owner and security analyst at Black Hills Information Security.
BHIS specializes in pen testing, red teaming, and threat hunting and is predominantly focused on evaluating IT infrastructure security while spreading awareness about the education aspect of it. As one of the leaders in the information security industry, BHIS has rolled out several free tools over the years that help organizations to assess the security vulnerabilities of their IT infrastructure efficiently. For instance, the company introduced an open-source network threat hunting tool—RITA (Real Intelligence Threat Analytics)—designed to identify backdoor traffic leaving and malware beaconing through heuristics analysis.
We aim to help people learn more about cyber attacks so that there is more awareness towards security
It offers Beaconing Detection, DNS Tunneling Detection, Blacklist Checking, and URL Length Analysis. Moreover, BHIS offers an Active Defense Harbinger Distribution and Reader (ADHD) stack. ADHD is built to assist defenders with befitting products and solutions. It comprises of a bunch of cyber deception and cyber attribution tools—aimed at active defense.
BHIS follows a tailored security assessment according to the client’s goals along with the existing state of systems and then crafts a tailored solution accordingly with any necessary add-ons, rendering superior security practices. BHIS has gained huge traction in the market due to its webcasts, training modules, and free tools such as MailSniper, CredSniper, and CredKing, which allow companies to assess the security vulnerabilities of their IT infrastructure. In the free webcasts, BHIS’s experts talk and answer the queries of people in real-time about specific or generalized topics and techniques within information security that can be implemented and utilized to defend IT infrastructures. “We want to make sure that our customers have the right visibility points into the network, and they get the most out of our quality assessment. We offer them red, blue, or purple team assessment and even collaborative assessment based on their vulnerability management program, user awareness program, and their network standards,” explains Jason Blanchard, Marketing and Outreach, Black Hills Information Security.
As a customer-centric company, BHIS provides on-point solutions to small and large organizations, including government agencies, financial institutions, and health care providers. The company has recently created an incident response card game, called Backdoors & Breaches, which is an effective incident response tabletop exercise for learning about attack tactics and tools. “We are giving these decks out to educators who teach information security to help them in teaching students about attacks. We aim to help people learn more about cyber attacks so that there is more awareness towards security,” concludes Strand.