Cost-Efficient Assurance Against the Threat of Cybersecurity Attacks

Cybersecurity is a persistent and increasing business risk for organizations of all shapes and sizes, from the largest national governments to the smallest local businesses. 

BlackBerry’s proven leadership in high-security environments uniquely positions BlackBerry® Cybersecurity Services to offer holistic capabilities while maximizing your investment.

  • Understand, identify and address your cybersecurity risks
  • Teach members of your organization to think like cybersecurity experts
  • Achieve your company's specific compliance goals

Secure Your Business and Protect Your Brand

The impact of cyberattacks on an organization’s brand integrity and bottom line cannot be overstated. BlackBerry Cybersecurity Services helps prevent exploitation of your organization’s known vulnerabilities. In an attempted security breach, BlackBerry Cybersecurity Services ensures that evidence and investigation data are highly protected. We will also perform a forensic analysis to provide intelligence on where the attack came from.

Find Weaknesses With Vulnerability Assessments & Penetration Testing

Vulnerability assessments and penetration tests provide organizations with actionable findings and perspective on the weaknesses in a system. Penetration testing is the process of attempting to gain access to computer systems, networks, mobile devices, wireless communications and web applications, without knowledge of usernames, passwords or any other normal means of access. BlackBerry will find vulnerabilities that a hacker could exploit and will provide reproduction steps and a remediation strategy.

Standard types of testing available include:

External penetration testing to ensure that your organization’s systems are secure from any internet based attack.

Internal penetration testing to reveal any potential issues that may allow a server to be compromised by a user already on the internal network, including employees.

PCI DSS ASV Scanning to scan infrastructure related to card payments.

Social Engineering to identify environment and human vulnerabilities that can threaten your networks.

Understand Your Current Security Posture & Risk

BlackBerry Cybersecurity Services will assess your current security practices and controls to identify key areas of concern for your business. Once your risk and security posture are determined, BlackBerry Cybersecurity Services will create a security roadmap with short- and long-term guidance to manage your risk.

Understand, Identify and Address Your Cybersecurity Risks

BlackBerry Cybersecurity Services evaluates present and future risks to your organization, then works with you to prioritize and address these threats. Whether your company needs support to build cybersecurity into a new product’s software development life-cycle, or you’re looking for an overall security assessment, you can reduce your risks and your costs.

Target Your Cybersecurity Resources to Key Vulnerabilities


Through an assessment of your organization, BlackBerry Cybersecurity Services will determine the root causes of your key cybersecurity concerns and vulnerabilities. You’ll get specific guidance on how to manage your organization’s resources to help prevent these issues from reoccurring, helping your organization to achieve the highest ROI.

Improve Network Performance and Service Level Maintenance


BlackBerry Cybersecurity Services teaches you to understand and respond to threats that affect your service level agreements with customers and internal teams.

A security audit by BlackBerry Cybersecurity Services provides granular detail about aspects of network architecture that affect reliability and stability issues. 

BlackBerry Cybersecurity Services Catalog

  • Vulnerability Assessment and Penetration Testing

    Process Deliverables

    • List, description, impact of issues
    • Reproduction steps
    • CVSS scoring of issue
    • Remediation effort and recommendation of fixes

    Live product examination without disruption

    • Security Assessment
      • Identification of high-risk areas of code
      • OSS scanning – Identify known issues with 3rd party components
      • White box, black box, grey box
      • Static and dynamic analysis
      • BlackBerry custom security analytics and supply chain analysis tooling

    • Attack
      • Identify ways to exploit vulnerabilities to circumvent or defeat the security features of system components

    • Output
      • Comprehensive report on findings and recommendations
      • Actionable improvements and remediation
      • Recommendations into risk management
      • Risk mitigation

    NCSC/CHECK Certified

    • Testing done to the same level as government requirements
    • Certified Testers
    • Real world
  • Governance, Risk, Compliance and Standards

    Regulatory compliance and standards often drive the need for an organization to analyze their business data and processes, then develop and maintain certain frameworks within their organization. BlackBerry Cybersecurity Services offers a comprehensive compliance and standards catalog, with a full-service compliance team that will analyze your business and provide you with recommendations on the compliance and standards that could impact your organization. Once your compliance needs have been established, BlackBerry offers step-by-step guidance, developer support, and maintenance of your compliance program. BlackBerry will also identify any residual risk your compliance strategy introduces and will provide a remediation strategy.

    Deep Dive

    • Analyze the current business and processes
    • Evaluate the potential Governance, Risk, Compliance, and Standards needs that could impact your business
    • Review data in its lifecycle from creation to deletion

    Output

    • Recommendations for Governance, Risk, Compliance, and standards to adopt
    • Suggests short and long term compliance and maintenance plan
    • Advise actionable steps to achieve compliance goals
    • Propose remediation plan for residual risk
  • Digital Forensic Services

    In an attempted security breach, BlackBerry Cybersecurity Services ensures that evidence and investigation data are highly protected. We will also perform a forensic analysis to provide intelligence on where the attack came from.

    Digital Investigations

    • Identify incident
    • Collect evidence
    • Analyze attack

    Damaged Drive Recovery

    • Specialized equipment to perform physical recovery of data on disk

    Output

    • Chain of custody log
    • Investigation report
    • Data recovery

    Damaged Drive Recovery

    • Specialized equipment to perform physical recovery of data on disk
  • Training and Certifications

    The BlackBerry Cybersecurity Services training academy offers a wide range of professional IT security and forensics training courses for organizations of all sizes, both in the public and private sector. Courses can be tailored to specific requirements or cover structured syllabi delivered both on premises or at one of our training facilities. Some courses on offer today:

    Some courses on offer today:

    • Forensic Incident; First Responder Course (FIFR 1)
    • Staff Security Awareness Training (SAT)
    • Cyber Scheme IT Health Check Management (CSHCM)
    • Social Engineering for Beginners (SE1)
    • Cyber Scheme Team Member Practical (CSTM-P)
    • Secure Web Applications (SWA)
    • Intensive Networking (IN)

  • Open Source Software Vulnerability and Licensing Compliance Management

    If your business makes software available to internal or external users, BlackBerry Cybersecurity Services will scan your product binary and create a software bill of materials to identify all use of open source software. You’ll get a report on publicly known vulnerabilities, and, if needed, daily monitoring of new incoming public vulnerabilities across all open source libraries. BlackBerry Cybersecurity Services can also provide investigation support to determine the true impact and risk of vulnerabilities to your product. This process avoids costly in-market product attacks by monitoring and managing your open source software vulnerabilities.

    Create Software BOM

    • Understand and catalog a products open source usage and dependencies
    • Binary composition analysis
    • Binary vulnerability exposure

    Continuous Monitoring & Delivery

    • Monitor product BOM for Open Source vulnerabilities
    • Log product vulnerabilities daily

    Security Analyst Support

    • Understand the impact of the vulnerability
    • Mitigation and remediation guidance
    • Patch integration support

    Output

    • Product composition analysis
    • OSS threat landscape and attack surface
    • Actionable improvements and remediation
    • Security posture scorecards
    • Financial impact & cost benefit analysis
  • Secure Development Guidance
    • Gap Analysis

      The purpose of a gap analysis is to understand an organization’s current position and capability today, and to determine how they want to position their business and capability in the future. It’s all about defining a plan and delivery for continuous improvement.

      Deep Dive

      • Review current process
      • Understanding the security needs of the business
      • Determining the ideal level of security investment

      Output

      • Recommendations and findings
      • Actionable improvements
      • Determine required certifications
        • ISO 27034, 27001, 29147, 30111
    • Design Review

      The purpose of a security design review is to understand the security impact of every significant decision on all architecture requirements. It’s a clinical, recursive process for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. The process yields a collection of actionable mitigation strategies.

      Deep dive

      • Identify hardware and software assets
      • Technology choices
      • Identify decisions that could pose a threat to the system
      • Remediation recommendations

      Output

      • Recommendations and findings
      • Actionable improvements
      • Based on regional industry standards (ex. NIST)

      Attack surface analysis

      • It’s all about the data, follow the data paths
      • Confidentiality, Integrity, Availability
      • Encryption
      • Access auditing
      • Data integrity

      Threat Model

      • Spoofing identity
      • Tampering with data
      • Repudiation
      • Information disclosure
      • Denial of service
      • Elevation of privilege
    • Secure Implementation

      Securing coding is the practice of developing applications in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.

      Developer Guidance

      • Threat awareness
        • OWASP Top 10, OWASP Mobile Top 10
      • Vulnerability taxonomy
      • Defensive programming

      Output

      • Developer education
      • Developer guidance documents
      • Knowledge base
      • Preventative measures
      • Continuous monitoring
  • BlackBerry® Private Bug Bounty

    Innovative assessment model finds vulnerabilities through engineered security attacks on an organization’s product. The brightest BlackBerry security engineers spend a week attacking your product with BlackBerry security tools, in competitive teams. Pricing model based on vulnerabilities identified according to their severity. You then own the vulnerability’s mitigation plan which is exclusive to your business and product.

    • Amification meets security assessment
    • Highly effective and efficient approach to identifying vulnerabilities
    • BlackBerry’s expert Red Team are the attackers
    • Controlled and safe environment

Get Started

Link CSS Override