Department of Homeland Security (DHS) Enterprise Security Operation Center (ESOC):

James Icenogle    August 23, 2021

Project Summary:

Gray Tier provides enterprise-wide solutions for the ESOC for DHS. Our engineers, assessors, and analysts spearhead advanced, next-generation cybersecurity capabilities. We are adapting our proprietary “Assume Breach” capabilities that integrate with Defense-In-Depth strategies for our DHS ESOC client, enabling a highly technical and agile approach to cybersecurity operations. As a critical part of an integrated cybersecurity operations team, Gray Tier consulted the DHS ESOC in obtaining its Cyber Security Provider (CSP) accreditation and increasing its cybersecurity posture. Our scope of work includes incident response and intrusion detection, cybersecurity risk management and compliance, cybersecurity operations, penetration testing/red team, secure software development, security architecture support, and continuous diagnostics and mitigation services.

Incident Response and Intrusion Detection:

Gray Tier works with the DHS Computer Security Incident Response Center (CSIRC) to recover from any incident. Gray Tier provides a response team deployed within twelve (12) hours of notification. On rare instances where it is not possible to deploy, we provide support via phone and email, or, in rarer cases, remote system access. In all cases, Gray Tier works in coordination with external service providers, DHS system owners, system administrators, and Information System Security Officers (ISSOs), as appropriate. Gray Tier maintains a set of government furnished portable vulnerability assessment, digital media analysis, and malware analysis tools to support deployment missions, to be used for critical incident response efforts and in response to high priority initiatives determined by DHS leadership.

In accordance with the DHS Intrusion Defense Chain (IDC) methodology, Gray Tier also provides a Monitoring and Analysis support group that participates in a variety of Information System Security (ISS) activities, including: monitoring of systems status; escalating and reporting potential incidents; creating and updating incident cases and tickets; risk assessment analysis for High Assurance Gateway (HAG) access and Web Access Requests (WARs); analyzing ISS reports; applying various antivirus, intrusion detection, Digital Media Analysis (DMA), and vulnerability assessment tools, techniques and procedures; authoring and implementing custom detection content; tuning the Security information and event management (SIEM) and intrusion detection system/intrusion prevention system (IDS/IPS) events to minimize false positives; authoring and maintaining custom SIEM content ; program analysis and review; hardware and software evaluation and analysis; process improvement; data management; and coordination and reporting of ISS-related incidents. The Monitoring and Analysis support group provides 24x7x365 monitoring and analysis of all DHS security feeds, including GSA Managed Trusted Internet Protocol Services (MTIPS), TICs, PEPs, and aggregate Component feeds.

Share to: