The Crypsis Group: Creating a More Secure Digital World

Follow The Crypsis Group on :

Bret Padres, CEO, The Crypsis GroupBret Padres, CEO On the way to Virginia from Washington, D.C., the first sight of unrestrained greenery that welcomes the Beltway commuters is the town of McLean, home to The Crypsis Group. As you enter Crypsis' office, the chances are high that you will be greeted by Temi, the resident pet robot.

It's not uncommon to see Temi wandering the premises of The Crypsis Group and participating in conversations. The robot enables remote employees of Crypsis to seamlessly carry out their work via telepresence. "We are working on modifications that will enable Temi to even operate the office kegerator," shares Bret Padres, the CEO of The Crypsis Group.

"We wanted to build a company that was always on the edge of technological innovation to be more efficient, timely, and accurate in our results"

For a company that's focused on fighting cybercrimes 24/7, Temi represents the balance of maintaining a positive, collaborative and caring culture. "Cyber incidents don't run from 8 to 5; as such, our people occasionally work extended or unusual hours. We try to balance it with generous time-off policies, strong rewards packages, and a culture focused on appreciation and recognition," states Padres. This culture, in turn, promotes innovation, which ultimately leads to better outcomes for the clients. "That's the thing about cybersecurity—timeliness and innovation are incredibly important, as is getting to accurate answers," mentions Padres. Crypsis' culture of innovation enables its team of developers that work with AI, machine learning, and cloud-based solutions to assess breaches, discover affected data, and resolve cybersecurity incidents as quickly as possible.

Creating a Secure Digital World

In a highly digitalized world characterized by a complex, global IT infrastructure, an ever-changing risk environment, and growing privacy regulations, it is becoming increasingly difficult for CISOs and their teams to respond to security incidents, breaches, and cyber threats. What makes this predicament snowball into one of the biggest pain-points is not keeping Incident Response Plans (IRPs) updated and relevant to both IT environments and the risk landscape. "Being ready to quickly respond to an incident—and all that implies—is increasingly imperative today," says Padres. Since 2015, Crypsis has been helping clients overcome these challenges and create a secure digital business environment by providing the highest-quality incident response, risk management, and digital forensic services. "We alsoassist CISOs with IRP planning (which includes tabletop exercises to ensure their plans work as intended), proactive policy review, and cyber readiness assessments," says Padres. Cyber readiness assessments are also an essential part of identifying critical information within a company and protecting it. Should an incident occur, it is crucial for an organization to collect all the appropriate logs and alerts so that they can be analyzed. Crypsis provides technical assessments to help ensure this activity is being conducted in a comprehensive manner.

The Crypsis team is thrilled to provide a service so essential and helpful and enables us to be there for clients when they really, truly need a team they can rely on

Crypsis is extremely efficient and effective in responding to cybersecurity incidents with a high degree of expediency, expertise, confidentiality, and confidence. At its core, the company provides a variety of solutions across the cybersecurity spectrum to realize its vision—from data breach response, digital investigations, expert witness support, data analytics, and intelligence to proactive services (such as Cyber Risk and Resilience Management and virtual CISO services). Because time is of the essence during a potential breach, Crypsis has even developed a system that enables its experts to immediately and remotely collect the client's data, analyze it to evaluate the attack, and take prompt actions to stop the attack and eliminate the intruder from the network. Once that is accomplished, the firm works with the client to develop a strategy for shoring up its cybersecurity infrastructure.

In one such instance, one of Crypsis' clients, a popular online social media site, had a reason to believe that they had inadvertently exposed a significant amount of consumer data. A team of experts was brought in from Crypsis to investigate the incident. They validated that a database was indeed exposed; anyone who found the port, which was exposed following a database configuration change, could query the data containing personally identifiable information (PII). By using a method known as "living off the land" (or finding tools that already exist in the client environment), Crypsis identified a third-party utility used to track server metrics—Datadog. Analysis of the Datadog logs showed that the network usage remained consistent during the window of exposure. Crypsis was able to validate this finding using the Atop utility included in many Linux distributions. Together, these findings helped the client and their legal counsel draw conclusions regarding their data breach notification obligations and, ultimately, avoid a substantial data notification effort.

In another instance, Crypsis worked with a national healthcare sector corporation that experienced a malware attack that crippled its ability to provide critical business services to its clients. Due to the nature of the attack, executives needed to spend a considerable amount of time answering regulator questions and offering assurances to customers regarding the incident. The organization determined that they needed a virtual Chief Information Security Officer (vCISO) to help identify and manage risk and interface with customers and regulators. They chose The Crypsis Group to serve as a vCISO to identify and manage risk as well as provide extensive communication assistance to customers, attorneys, and regulators, by giving status updates on remediation measures being implemented to mitigate risk. The vCISO fully integrated with the company's internal cybersecurity organization, performing the role of the Chief Information Security Officer, and it collaborated with internal business groups to develop a robust information security program.
Notably, the vCISO authored a multi-year cybersecurity roadmap of tactical initiatives and built short- and long-term budgets to support these initiatives.

Innovation and Technology Development

"Crypsis was founded by just a handful of people who had a shared vision of creating a more secure digital world by providing the highest quality incident response and digital forensic services to companies of all sizes—no company would be too small to assist," mentions Padres. The idea was to grow the company by allowing those people to recruit others they knew personally—who shared the same values around client service, the same focus on leveraging and developing technology to enable those services, and the same vision for what the company could become.

Over the years, Crypsis has grown on every level—be it the number of customers it assists (over a 1,000 cybersecurity incidents addressed last year), the breadth of services it offers (from incident response and digital forensics to proactive services such as cyber risk assessments, penetration testing, virtual CISO, and managed security services) or the advanced technologies it uses to aid investigators in providing the best, most accurate, and timely responses. Today, Crypsis has over 125 employees in five cities throughout the United States.

The company has a dedicated development team that has produced technologies such as an advanced endpoint detection and response platform and artificial intelligence/machine learning-powered data analytics that greatly accelerate the results. Added to that, the company leverages both onsite and remote data collection techniques as the situation warrants, to considerably expedite the response times for clients. "We wanted to build a company that was always on the edge of technological innovation to be more efficient, timely, and accurate in our results," mentions Padres.

With an Eye on the Future

While adding new tools into its arsenal, Crypsis continues to innovate for its clients. The company is developing a threat intelligence platform that will amass and assess data from the many thousands of investigations it has performed over the years and continue to conduct every month. This will provide clients with better insights into malware trending, vector analysis, and vertical sector trending, which will provide a vast scope of data. This data can be used to produce retrospective analyses regarding trends that will allow Crypsis to predict future trends better. The company also plans to publish the insights of this research to educate the security community and enterprises alike.

Padres believes that risks of a data breach aren't going away—in fact, as the enterprise IT landscape gets increasingly complex, the attack surface grows. Threat actors will get more numerous and evolve their techniques. In a utopian world, incident readiness and response wouldn't be needed; but that is far from the case. "The Crypsis team, including Temi—is thrilled to provide a service so essential and helpful and enables us to be there for clients when they really, truly need a team they can rely on," says Padres. "It makes getting up and coming to work each and every day rewarding," he signs off.
- Russell Thomas
    May 06, 2020
Share this Article:
The Crypsis Group

The Crypsis Group

Mc Lean, VA

Bret Padres, CEO

The Crypsis Group is a security advisory firm focused on data breach response and risk management, supporting clients as a trusted security advisor before, during, and after a breach. The combination of the company's deep security knowledge and proprietary technology allows it to rapidly identify, contain, and eradicate attacks for organizations. The team's experience spans security monitoring within the Intelligence Community and advising at the national security level to performing high-profile data breach investigations and leading remediation efforts. In addition, the company has built and led converged global security programs and teams for highly dynamic corporate environments