Most enterprise systems today are hybrids of legacy software, heavily customized COTS and outsourced cloud services. Many organizations have stitched these together with insecure, poorly documented APIs running in cleartext. Security was rarely considered for legacy systems because historically it was housed in a well protected data center with extensive physical security. Unfortunately, “defense in depth" for current hybrid systems typically means a single level of VPN shell protecting key company assets.

Our clients range from finance to Federal agencies to NGOs. We approach each engagement with deep, architectural analysis of systems and pragmatic deployment techniques.

Our R&D work and new product development experience provide us with a wealth of knowledge on large- and small-system security architecture, as well as hardware firmware analysis.

Building on extensive work in protocol development and cryptography fundamentals, we pull apart hardware builds to look at underlying chip and SOC choices, firmware, and systems updates. SIMs, eSIMs, and mobile money are key areas of interest and analysis. Our foundation for this work is our library of thousands of security white papers and our testing lab, where we duplicate academic findings to verify real-world impacts.

Many organizations rely on MDM to protect their enterprise systems, including their physical facilities. Unfortunately, the dirty secret is that many MDM platforms are 5 years behind similar enterprise management platforms. Many organizations wrongly assume that similar capabilities exist between desktop management and mobile device management. Although MDM is a critical aspect of organizational security, many MDM platforms are not correctly configured and fail to provide needed protections.

We can advise you on the vulnerabilities and threats to your organization the phone companies don’t want you to know about. Our services are backed by years of research and testing in our own lab. We have a deep understanding of how cellular networks work, all the way down to the radio signal.

NAND owns benchtop and field-deployable 2G, 3G, 4G, LTE and 5G networks, including multiple network cores. These are available for development, testing and security training at our secure remote site in the US Southwest. These were purpose-built for research and development projects for the US Federal Government.

OSSI is a growing threat to many aspects of our personal and business lives. Beyond passive data leaks, it enables individual-level surveillance and can be a step in active attacks against widely used systems. Automobiles, hotel keycard systems, mobile money platforms, and gas pumps are all systems that have suffered from OSSI vulnerabilities leveraged into real-world attacks.

We have advised governments and security services on these risks for more than ten years and can help you identify your exposure.

In any security consulting engagement, risk analysis plays a pivotal role as it forms the foundation upon which effective security strategies are built. Security is inherently linked to risk, and understanding and mitigating these risks are imperative to safeguarding an organization's assets, reputation, and operations.

By addressing risk concurrently and synergistically with security efforts, we not only enhance the protection of critical assets but also contribute to the overall resilience and success of the organization in an ever-evolving threat landscape.