At EWA, we are proud to provide cutting edge solutions in today’s world. Scroll through this page to browse a sampling of our available services, or simply click the area of interest below.

Applied Semantic Technologies & Services

Blackhawk Customer Service

CanCERT™

CERT

Common Criteria Product Evaluation

Computer Forensic Analysis

Critical Infrastructure Protection

Electronic Warfare Support

FIPS 140-2 Services

Information Technology Security Training

Managed Security Services

National and International Trading Services

Network Penetration Testing

Payment Assurance Certification Support and Testing

Penetration Testing

Program Management

Remote Monitoring

Risk Management

SCAP Testing

Software Engineering Services

System Security Engineering

Testing and Evaluation

Threat and Vulnerability Analysis

Applied Semantic Technologies & Services

Semantic automation is the process of determining and using meaning from natural language and unstructured text based information and making this information useful to humans and machines.  EWA has processes in place and technology available that can help you deal with the information overload and interoperability challenges, particularly when dealing with unstructured text-based information.

EWA can assist clients in applying the latest technology to determine meaning, concepts and themes of interest from unstructured text and related information. EWA has applied this technology in both the government and commercial sectors.

Click here for more information from the corresponding EWA operating unit's website.

Blackhawk Customer Service

Under the Blackhawk brand, EWA offers customer services in all areas of hardware design, software development, embedded emulation, and consulting.

Click here for more information from the corresponding EWA operating unit's website.

CanCERT™

CanCERT™ is Canada’s first national Computer Emergency Response Team. CanCERT™ is a trusted center for the collection, analysis and dissemination of information related to networked computer threats, vulnerabilities, incidents and incident response for Canadian governments, businesses and academic organizations. 

Click here for more information from the corresponding EWA operating unit's website.

CERT

EWA provides assistance to organizations in responding to and surviving information technology emergencies through collaboration with national and international teams to identify malicious activity at the earliest opportunity. We offer a range of information protection services to provide clients with the latest threats, vulnerabilities, and countermeasures relevant to their infrastructure and business sector.

Click here for more information from the corresponding EWA operating unit's website.

Common Criteria Product Evaluation

EWA-Canada can test and evaluate products through Common Criteria Level 4. The Common Criteria process can be a lengthy and complex endeavor. Selecting an experienced, accredited testing facility can play a key role in ensuring a successful, cost-effective evaluation. The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the CC process.

Click here for more information from the corresponding EWA operating unit's website.

Computer Forensic Analysis

Network and host-based cyber forensics involve situations where data is stolen, or network misuse warrants further investigation and potential law enforcement involvement. As a key law enforcement support function, EWA has extensive experience with forensic analysis, evidence preservation, incident reconstruction, and data recovery.

Critical Infrastructure Protection

Critical Infrastructures are those systems that are necessary to the minimum operations of the economy and government, such as the water supply, food supply, transportation, oil and gas production, banking and finance, electrical generation, health and emergency services. Critical Infrastructure Protection refers to activities for protecting these systems and facilities. EWA offers a range of services to help protect the people, physical entities, and cyber systems essential to national security, public health, and economic stability against a host of natural and man-made threats.

Electronic Warfare Support

EWA provides a full suite of electronic warfare (EW) services. Our expertise includes: radar and communications, including electronic support measures (ESM), electronic countermeasures (ECM) and electronic counter-countermeasures (ECCM); EW operational support, including EW threat analysis, database programming; electro-optics; and the development of various technical software applications and data bases.

Click here for more information from the corresponding EWA operating unit's website.

FIPS 140-2 Services

Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements which must be met in order for products to be validated under the Cryptographic Module Validation Program (CMVP).  The CMVP is a joint program between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC).  These two organizations oversee the validation of products and/or cryptographic modules to the FIPS 140-2 standard. The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the FIPS 140-2 process.

Click here for more information from the corresponding EWA operating unit's website.

Information Technology Security Training

EWA has developed and provided IT Security training in a number of areas. Most of these courses are still offered to clients on an as required basis, and have been most recently offered to financial sector clients, the US National Guard, and international clients. Product vendors have often requested tailored courses to ensure their staff understand the impact of changes in standards and how these changes could impact their future business plans and product roadmap.

Click here for more information from the corresponding EWA operating unit's website.

Managed Security Services

EWA provides its clients with a powerful suite of Managed Security Services. Policy Management Enforcement, IDS/IPS Monitoring, VoIP/Telephony Security plus PKI Certificate Authority (CA) design development and operation are all available.

Our expert security analysts provide you with peace of mind, 24/7, 365 days a year. Protecting your network and corporate assets is our highest priority and our unique combination of tools and expertise sets us apart from all others. As a Trusted Third Party (TTP), our clients can rest assured that their critical systems are our primary concern.

Click here for more information from the corresponding EWA operating unit's website.

National and International Trading Services

Fowler Trading Company, Inc. operates in the international market buying and selling materials, technology and technology-related products. Fowler Trading Company, Inc. buys and sells for its own account, as well as acting as a broker for prospective buyers.

To request more information, click here.

Network Penetration Testing

Today’s hackers are smarter, faster, and harder to track than ever before. Penetration testing, sometimes referred to as Internet security auditing, network security assessment, or ethical hacking, involves using a trusted third party to perform penetration assignments to ensure that the organization maintains an effective barrier against a myriad of potential threats.

It takes an expert to recognize what a skilled hacker can do. IIT’s penetration testing team has the experience and tools to yield high quality results. Our team researches the latest security issues, technologies, vulnerabilities and exposures, and uses this information to develop practical penetration tests, using an extensive suite of open source testing tools. Our testing approach is designed to provide our client’s with an accurate assessment of their security issues and needs and enables them to stay far ahead of individual hackers and organized cyber attack teams.

EWA’s penetration testing methodology is both unobtrusive and ongoing. Testing is performed at random times throughout each cycle: business hours, nights, weekends, holidays, and peak hours. Significant time has been dedicated to ensuring that penetration testing does not slow down a network. In many instances, clients’ firewalls, IDS’ and other software have been completely unaware of the penetration testing. This allows EWA to test for security gaps that are more likely to appear during heavy traffic periods, without reducing client network response time.

EWA’s independence from affiliation with specific tools and technologies ensures that our clients receive unbiased and complete results.

Payment Assurance Certification Support and Testing

EWA-Canada has been conducting compliance and certification testing for payment terminals since 2003. EWA-Canada’s Payment Assurance Lab provides a complete offering of Certification Testing and Pre-Certification Assessment Services targeted for the Canadian, U.S. and global markets. EWA-Canada is independently PCI Accredited by Visa, MasterCard and JCB internationally, as well as Interac® in Canada, to provide these services for PIN Entry Devices (PED), Encrypting PIN Pads (EPP), Unattended Payment Terminals (UPT), Smart Cards and, network devices used in transaction networks. Our testing and certification services are recognized by a broad range of payment schemes and associations:

Payment Card Industry (PCI) PED Program, PCI Device Testing;
Interac® Device Certification;
MasterCard’s POS Terminal Security (PTS Testing) Program;
ISO 15408 Common Criteria (CC) Evaluations of devices aiming to meet Protection Profiles defined by organizations such as APACS (the UK payment association);
and the BITS Financial Services Roundtable (US financial services sector) Test Mark program

Click here for more information from the corresponding EWA operating unit's website.

Penetration Testing

The ultimate verification of a potential vulnerability is to actually exploit it to compromise the system under test, and EWA is a recognized leader in conducting successful penetration tests. Our experience covers the full range of penetration testing from sophisticated penetration testing of core security technologies using custom-developed exploits to successful no-knowledge penetration tests of networks to “capture the flag” using a variety of technical and social engineering techniques. We also conduct penetration testing against specific technologies and network nodes, including the development of custom exploits, given full knowledge of system design, configuration and functions.

We follow a systematic methodology to conduct penetration testing, and we work with our clients to ensure the proposed test approach and risks are understood prior to any testing being conducted, and that an exit criteria is negotiated and agreed upon (e.g. ability to read a specific file, ability to create or modify a database record, etc.).

To request more information, click here.

Program Management

EWA provides comprehensive program management services to government, military, and private sector clients. Whether managing a multi-disciplinary program or single project, IIT professionals combine subject matter expertise and technical resources to accomplish our clients' goals. Our services encompass all phases of a given project to include strategic planning and budgeting, design and development, training, on-site management and staff support, implementation and execution, documentation, and evaluation.

Remote Monitoring

EWA will work with you to implement an intrusion detection solution that will provide daily coverage of your network. We ensure reporting and incident analysis, provide you with an identification of the malicious activity, and recommend immediate actions to protect critical systems.

Risk Management

Our approach to risk assessments and risk management strategies include research to confirm our understanding of policies, operations and procedures, interviews using a pre-defined questionnaire to categorize types of client sensitive information holdings, a comprehensive review of the IT network security architecture to identify compliance issues, and the tailored implementation of best practices relating to security incident alerting, reporting and assessment guidelines.

Our risk management services have been developed to assist our client in establishing a comprehensive framework while providing a format that integrates with existing risk management activities, and that is simple to implement, comprehend, and utilize for all stakeholders.

We have covered the full range of vulnerability and penetration testing from routine testing of networks and web sites for vulnerabilities, through sophisticated penetration testing of core security technologies using custom-developed exploits, to successful no-knowledge penetration tests of networks to “capture the flag” using a variety of technical and social engineering techniques.

Click here for more information from the corresponding EWA operating unit's website.

SCAP Testing

The Security Content Automation Protocol (SCAP) is a method for using a standards-based approach to automate vulnerability management, measurement and policy compliance evaluation. SCAP comprises the following set of open standards that address identification of software vulnerabilities, platforms and security relevant configuration issues; methods for determining the presence of vulnerabilities or other issues; and methods for assigning a score to discovered security issues in order to rank their severity and impact. As a fully accredited SCAP Test Lab, EWA-Canada can offer efficient and cost-effective help to our clients in obtaining certification of their products to any of the SCAP standards or SCAP capabilities.

Click here for more information from the corresponding EWA operating unit's website.

Software Engineering Services

Software architecture, design and programming in all languages from machine higher level programming languages to include: C++, C-Sharp, .Net, SQL.

To request more information, click here.

System Security Engineering

EWA provides a wide range of Systems Security Engineering consulting services that rely on a combination of people, processes and technology to define the requirements and ensure delivery of the right solution. Systems Security Engineering describes our strengths in systems engineering and Operational Concept Definition which encompass typical systems engineering activities related to small and large systems comprised of various technologies as well as security engineering which encompass the full “prevent, detect, analyze, and respond” cycle of activities.

Click here for more information from the corresponding EWA operating unit's website.

Testing and Evaluation

Through extensive exposure to information technologies ranging from simple access control systems to the most complex incident modeling and logistic support networks, EWA operates an internationally recognized IT security Evaluation and Test laboratory. Services include pre-evaluation consulting, product evaluations based on ISO 15408 Common Criteria Standards, and cryptographic validation and testing to the FIPS 140 standards.

To request more information, click here.

Threat and Vulnerability Analysis

As part of our unique focus on managing business and information related risk, EWA works with organizations to examine the threats they face and to analyze their unique vulnerabilities.

The primary objectives of a vulnerability assessment (VA) are to provide information on the security and operational posture of a military unit or commercial enterprise to improve mission capability, and to protect proprietary technology/information by identifying Information Operations (IO) vulnerabilities in some or all of the following areas:

Deficiencies in policy, programs, or personnel security resulting in Organizational vulnerabilities.
Vulnerabilities resulting from Organizational structure and information flow.
Vulnerability of computer networks, and the systems they support, to threats which could adversely impact the unit’s ability to accomplish critical mission functions.
Vulnerability to enemy/adversary Intelligence activities including SIGINT, IMINT and HUMINT.
Vulnerabilities identified through counterintelligence activities.
People, process or technology vulnerabilities identified via a SSE-CMM (ISO 21827) survey.
Enforcement in areas of OPSEC, INFOSEC, or physical/personnel security.

After analyzing the current situation and risk from all perspectives (people, processes, technology), the EWA team will produce a detailed report, complete with recommendations to address all findings. Customers may then rely on EWA for all security process reengineering, infrastructure improvement, training and implementation needs.

 


© Copyright 2014 Electronic Warfare Associates, Inc. All Rights Reserved. Terms of Use