Information Security

Building security into your systems across their full lifecycles

Information-SecurityAt SAVA, we believe that identifying security requirements early in development and incorporating them throughout the System Development Life Cycle (SDLC) is the most effective way to ensure an economically feasible, risk-based approach to allocating your scarce security dollars.

SAVA leverages its Law Enforcement expertise, security and technical expertise, and its financial and risk management strengths to provide you a thorough analysis of the effectiveness of your overall approach to security within the full SDLC. This encompasses security policy, governance, acquisition, design, development, implementation, system operations and comprehensive threat analytics. This ensures that your system will have all the appropriate controls included before it is deployed.

Insider threats

As an FBI prime contractor with lead personnel on the National Insider Threat Task Force, we provide insider threat monitoring strategies and analytics, continual evaluation, analysis, reporting, response, remediation and employee awareness components to ensure compliance with Executive Order 13587, which directs agencies to implement structural reforms that improve the security of classified networks and the sharing and safeguarding of classified information.

In cases of already deployed systems, we utilize mission impact criteria to prioritize vulnerabilities and their risks—low, medium and high. Faced with decisions on where to place resources to reduce vulnerability, SAVA helps agencies scale their security investment over time, so that dollars always go to neutralizing the most mission-critical threats. And this encompasses all manner of insider threats including known threats, known unknown threats and unknown threats.

Whether an organic existing system or a new system, a realistic approach to continual and evolving security assessments are needed to protect your systems and mission from today’s virtually limitless array of threats. SAVA’s cyber security, information assurance and forensic services provide this protection from the start and ensure streamlined FISMA certification and accreditation (C&A) and the optimal balance of enterprise-wide security and IT system performance.

Cyber Security

Network Security Services

Driven by our extensive experience across technologies and tiered support structures, SAVA provides subject matter expertise and Managed Security Services (MSS) for single- or multi-tenant network LAN/WAN design, engineering operations and maintenance across integrated environments and today’s leading security platform and analytic tools. We also provide Security Operating Center (SOC) and Network Security Operating Center (NSOC)-level services, including comprehensive data collection, integration, correlation, analysis, response and remediation.

Managed IT Security Services

SAVA’s managed IT security services span a complete range of technologies, management platforms and security capabilities for protection against known, known unknown and unknown threats. These services include secure IT system design, engineering, operations and maintenance for all system elements in all cloud environments. We also offer secure system baselining, application performance baselining, application vulnerability scanning, strong authentication, configuration management and analytics.

Enhanced Security Services

Traditional network security and IT services are being enhanced with new technology that unleashes a torrent of transactional information and metadata. Often, this data goes unseen and uncorrelated. But SAVA provides solutions that deliver Federal Information Processing Standards (FIPS) high certification and accreditation capability, continuous monitoring on a near real-time basis with near real-time comprehensive compliance status, Security Information and Event Management (SIEM) augmentation of enhanced correlation, largely expanded threat window visibility, and data leakage protection.

Information Assurance

Secure System Development

SAVA provides a comprehensive plan for information assurance on how to access your current posture, protect your data, take short-term action to improve your posture and develop medium- and long-term security programs throughout the System Development Life Cycle (SDLC).

Security Controls Assessment

SAVA provides certification and accreditation support and analysis to meet NIST required control assessments supporting the full lifecycle of System Security Plan (SSP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M) requirements. Our experts continually evaluate the compliance landscape and can keep your systems status accurate and up to date.

Insider Threat Prevention

As an FBI prime contractor with lead personnel on the National Insider Threat Task Force, SAVA is a leading provider of insider threat analysis and evaluation. We provide consultative services with specific domain expertise that when combined with our technical capabilities delivers proven solutions for protecting your information from all inside threats.

Forensic Services

Laboratory Forensic and Investigative Services

As a leading provider of forensic capabilities within the law enforcement community, our subject matter experts deliver mobile forensics, evidentiary level data recovery, analysis, zero day analysis and documentation across technologies. SAVA personnel are also fully accredited to operate within American Society of Crime Laboratory Directors (ASCLD) specifications and standards.

Advanced Malware Analysis

Sophisticated bad actors are using multi-stage viruses and tools to hack today’s most complex systems with impunity. Utilizing industry specific tools, SAVA subject matter experts deliver advanced malware analysis with leading edge technology to quickly and successfully analyze suspicious system behavior and suspected malware.