Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

3 min read

Articles of interest from the week of February 1, 2021

Board Members Aren’t Taking Cybersecurity As Seriously as They Should

A recent study reveals systemic challenges with security integration into business processes. The report includes the top ways to drive engagement and agreement around cybersecurity strategies within an organization. The study found that only 23% of organizations prioritize the alignment of security with key business initiatives. (By Help Net Security) Ingalls: 82% of survey respondents claimed that cyber risk has increased in the past two years, thanks primarily to a rise in threats, an expanding corporate attack surface and the fact that business processes are more dependent than ever on technology. At a time when cyber risks have increased more than ever before, determining one's cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight into the different options.


Ransomware Gangs Are Abusing VMware ESXi Exploits To Encrypt Virtual Hard Disks

Two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, reported as abused in the wild. At least one major ransomware gang is abusing vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. The attacks, first seen last October, have been linked to intrusions carried out by a criminal group that deployed the RansomExx ransomware. (By Catalin Cimpanu, ZDNet) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide, we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program.


Phishing Campaign Lures US Businesses With Fake PPP Loans

Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a Paycheck Protection Program (PPP) loan to keep their business going during the COVID-19 crisis. (By Sergiu Gatlan, BleepingComputer)  Ingalls: Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, and response guidance. Unlike a traditional Managed Security Service Provider (MSSP), our service is geared toward proactive prevention. This includes our in-house Phishing Email Helpdesk (PEH) where we analyze your suspicious email and provide you with detailed recommendations.


Health Care Remains a Prime Target for Ransomware Attacks

It’s easy to be distracted by the flood of other distressing news each day, but the FBI, CISA and HHS recently urged the health care industry to stay on high alert for malware; especially ransomware attacks. The FBI’s warning included the statement, “We found that 66 percent of hospitals do not meet the minimum security requirements as outlined by the NIST.” The latest ransomware strikes hit more hospitals than previously known, and the culprit in almost every case appears to have been Ryuk. (By Satya Gupta, Security Boulevard) Ingalls: Protecting your organization from being attacked used to involve a fairly straightforward set of technical controls that kept customer computer networks secure and data backed up in the event of a system failure. To do this 10 years ago, an organization needed to setup firewalls, antivirus, patch management, and data backup. Today, organizations of all sizes need Managed Detection and Response (MDR) to defend against malicious network traffic. Our MDR service delivers threat monitoring, detection and response leveraging a combination of technologies, advanced analytics, threat intelligence, and human expertise in incident investigation and response. How does MDR work?


Microsoft 365 Becomes Haven for BEC Innovation

Two new phishing tactics use the platform’s automated responses to evade email filters. Two fresh business email compromise (BEC) tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In one case, scammers are targeting victims by redirecting legitimate out-of-office (OOO) replies from an employee to them; and in the other, read receipts are being manipulated. Both styles were seen being used in the wild in the U.S. in December, when auto-responders were more prevalent due to holiday vacation. (ByTara Seals, Threatpost) Ingalls: We offer targeted education and awareness to improve your security posture. Combine a social engineering test with a follow up employee training session. Employees are the weakest link in your security posture and we will test and train them to be more aware. Contact us today to learn more about how we can help secure your company's information in a personalized and efficient way.

Sign Up For Network Security News

Articles of interest from the week of June 24, 2019

CISA Statement on Iranian Cybersecurity Threats Christopher C. Krebs, Director of the Cybersecurity and Infrastructure Agency (CISA), issued an...

Read More

1 min read

Articles of interest from the week of December 16, 2019

Top 5 Cybersecurity Predictions for 2020 When it comes to cybersecurity, staying ahead of threats – rather than reacting to them – is critical. In a...

Read More

1 min read

Articles of interest from the week of February 15, 2021

How MDR Fills SASE and ZTNA Cybersecurity Gaps Simply put, enterprise support for remote workers increased their vulnerability footprint, and most...

Read More