Mantis Security is a leading cybersecurity firm that provides strategy and technical services to the Intelligence Community, Department of Defense, Federal Government, and Financial and Insurance Industries. We provide C-level Cybersecurity Program Consulting to a wide variety of large agencies, corporations, and small businesses. Our clients rely on our technical services in Cyber-Artificial Intelligence, IT Security Automation, Zero Trust Strategy, and Application Security Testing.
Service-Disabled Veteran-Owned Small Business (SDVOSB).
GSA MAS Contract Holder
High Value Asset Assessments
Security Architecture Review (SAR)
Systems Security Engineering (SSE)
Risk and Vulnerability Assessment
NIST SP 800-53, NIST SP 800-37 (RMF), NIST Cybersecurity Framework (CSF), NIST SP 800-171, DFARS 252.204-7012, 23 NYCRR 500, California Consumer Privacy Act (CCPA), SAS 70, SOC 2
IT Security Automation
Mantis Security provides a wide range of task-automation support, including Configuration as Code (CaC), and Infrastructure as Code (IaC) techniques to repeat and scale security tasks, security responses, and IT configuration changes at enterprise scale. We build defensive playbooks for SOAR appliances and cloud hosted workloads that automate defensive responses through network security configuration modification in order to block, trap, and stifle adversaries from damaging customer assets or gaining unauthorized access to data. We analyze and implement emerging security automation capabilities offered by our customer’s Cloud Service Providers (CSPs) and Cybersecurity Service Providers (CSSPs).
Cyber-Artificial Intelligence (AI) Innovation
Mantis Security uses data science and visualization tools including AI/ML models to analyze a wide range of cyber-telemetry data pertaining to threat intelligence, operational security, network security, endpoint security, configuration compliance, and continuous monitoring to alert leadership and CyberOps staff of risks with options to automate remediation controls. We shorten the human decision cycle for CyberOps teams by providing rich contextual incident data that is correlated through data analysis and can trigger playbook responses. We develop and maintain models of normal performance while analyzing adversary tactics and techniques, system vulnerabilities, and IT configuration weaknesses in order to predict discrepant threat vectors, identify unseen cyber risks and malicious activity.
Zero Trust (ZT) Strategy & ZT Architecture
Mantis Security provides unmatched consulting expertise in ZT Architecture and Strategy. We assist customers in creating tailored ZT roadmaps, architectures, and phased implementation plans that layer-in capability maturity improvements across the pillars of ZT in order to comply with Executive Order (EO) 14028 and National Security Memorandum (NSM)-8. We identify enablers for “never trust” connections between users, endpoints, and data assets, such as SAML-enabled IdPs, MDM controls, enhanced data security, secure network protocols, encryption, MFA, and ConMon tools that assist in identifying and enforcing endpoint security compliance policies.
Cyber Program & C-Level Consulting
Mantis Security provides consultative support to C-Level IT/Cybersecurity Leadership (e.g., CISO, CIO, COO) in cybersecurity strategic planning, program development, leadership top priority initiatives, studies, briefings, and daily operational security. We bring the right critical thinking and technical skills and improve enterprise-level security management services, network security, application security, data security, IA policy, and security processes. We identify innovative and impactful changes that enhance enterprise security. We develop strategies, architectures, implementation roadmaps that allow our customers to plan and comply with regulatory requirements.
Risk Management Framework/FISMA Support
Mantis Security provides security engineering, IA, and Assessment and Authorization (A&A) support to hundreds of Information Systems (IS)/Applications in support of organizational security and FISMA requirements. We provide highly experienced, qualified, and certified ISSOs and ISSEs to applications development teams to navigate RMF processes and capture security documentation. Our SCAs, ISSMs, and Cybersecurity Engineers independently verify that each IS/Application meets its security requirements, reduce POA&Ms, and monitor operational IS/Applications for effective patch and vulnerability management, security configuration, and security controls.
Mantis Security provides end-to-end support for our customer’s DevSecOps initiatives. We provide implementation strategy, platform-independent maturity models, and analyze non-technical factors such as workforce skills and A&A process improvement to ensure customer success. We enable DevSecOps CI/CD pipelines that transform organizational A&A and streamline application delivery to production while meeting A&A/RMF requirements. We help “shift security left” and integrate our customer’s existing investments in SAST, DAST, vulnerability/container scanning, and team collaboration to greatly reduce security risks and increase the rate of application delivery.
Mantis Security provides the necessary experience and expertise to develop and automate custom cloud-enabled applications that port across all AWS regions, including commercial, government, and DoD/IC cloud environments. Our applications utilize the latest AWS services and best practices to improve data processing performance and archival of very large amounts of data. We develop serverless and fully automated data ingestion and management platforms that analyze, normalize, categorize, and alert on thousands of user-defined metrics. We deliver our solutions using CI/CD pipeline automation across multiple projects and provide near real-time visibility into the code quality and consistency across multiple domains.
Cybersecurity Architecture & Engineering
Mantis Security designs security features into everything we build from the start. We create exceptional security architectures that provide layers of security features, such as “never trust” connections, MFA, fine grain data access controls, secure network protocols, and advanced auditing controls for IS/Applications that process critical and sensitive customer workloads. Our team performs deep security reviews, performs application and network security testing, and creates studies and recommendation papers for C-Level executives pertaining to secure application platforms, microservices and container security, software assurance, enterprise security services, cloud security, and security configuration. We provide IS/Application teams with detailed security implementation guidance.
Cyber Readiness & Compliance Inspections
Mantis Security provides support to DoD cyber readiness audits. We actively support site enclave and physical security audits, review EDR and vulnerability scans, and identify potential policy compliance issues, cyber/IT asset vulnerabilities, end-of-life components, configuration risks, identify “shadow IT”, and validate baseline inventories. We perform mission reviews with site stakeholders and their IT/Cyber ops teams, perform cyber tabletop exercises, and validate the site’s security capabilities through adversary emulation (“blue team”) events. We document findings, recommendations, and draft POA&Ms for stakeholder and DoD leadership.
IA Policy & Compliance Support
Mantis Security provides expert policy and compliance support to a wide range of customer regulations that include NIST SP 800-37 (RMF), ICD 503, NIST Cybersecurity Framework (CSF), NIST SP 800-171, and DFARS 252.204-7012, 23 NYCRR 500, California Consumer Privacy Act (CCPA). We draft and coordinate updates to IA policies, directives, memos, and standards. We provide support to external audits such as CCORI, FISCAM, FISMA, SAS 70, and SOC 2. We perform research based on audit findings and recommendations pertaining to IT controls or policy issues, draft POA&Ms, and briefing senior leadership and IS/Application stakeholders on results
Intelligence Operations and Analysis Support
Mantis Security provides expert support to decision makers in all facets of intelligence operations and analysis. We specialize in the SIGINT, All-Source, and CI/HUMINT disciplines, calling on decades of experience across several Geographic Combatant Commands to ensure that military and civilian leaders have access to the most up-to-date information and operational data. We provide insight into evolving technological intricacies as they relate to intelligence collection and dissemination, giving a critical decision advantage to our customers.
Intelligence & Cyber Operations Training
With decades of combined Intelligence and Cyber Operations Training and Education experience, Mantis Security provides access to unique training environments, programs of instruction, and world-class instructors focused on preparing warfighters for engagement across various warfare domains. We ensure that our customers’ needs are met by tailoring training to specific emerging requirements, partnering with other industry leaders to provide hands-on experience with collection and analysis equipment, giving operators better familiarization prior to critical employment. With additional expertise in curriculum development, Mantis Security excels in understanding our customers’ short- and long-term educational goals, taking their strategic vision from ideation to inception to execution.