Professional Engineering Services

Best-of-Breed Solutions

 Security Products and Services flyer

Mercury's Defense Systems provide professional engineering services to government agencies and contractors to analyze and develop best-of-breed anti-tamper solutions across hardware and software platforms. Through Mercury, government clients and contractors will receive our end-to-end support to create comprehensive solutions that includes the development of anti-tamper plans, vulnerability assessments, technical training, and product-specific protection schemes.

Our team is comprised of experienced, security-cleared engineers, with specific expertise in the Anti-Tamper (AT) market, including an in-depth knowledge of third party products. We deliver project-specific requirements that incorporate concept definition, product deployment and field support.


 

 

Red Teaming

Red Teaming analysis is a blind security assessment performed by a skilled team of ethical hackers. A Red Team uses the same tactics that would be employed by malicious hackers to breach information systems. “Black box” approach assumes that the attacker has no prior knowledge of the system and all exploitable system faults that are discovered during this process will be reported back to the organization for patching.

Red Teaming can both complement and inform intelligence collection and analysis. Our objective is to reduce an organization's risk and increase opportunities. Mercury's experts will conduct a comprehensive evaluation of protection schemes and can provide risk mitigation recommendations to ensure critical program information (CPI) is properly protected.

Deliverable:

A detailed report that includes a vulnerability assessment which outlines threats, vulnerabilities and attack scenarios. The report will also include methodology, key performance parameters and risk mitigation tools and techniques that address all threat vectors.


 

Blue Teaming

A Blue Teaming security analysis is similar to Red Teaming; however, Blue Teams work hand-in-hand with the targeted system's engineers to do a vulnerability assessment. As such, the Blue Team has access to resources and information that are unavailable to a Red Team (or what an attacker would see in the field) and results can usually be achieved faster and cheaper than Red Teaming.

The collaborative approach of a Blue Team risk assessment using Mercury's professional expertise, partnered with customer knowledge and resources, benefits the customer by conducting an in-depth risk analysis and identifying vulnerabilities that can be exploited in an application.

A Blue Team analysis includes a design and architecture documentation review, along with source code analysis. For the most complete security analysis, a Blue Teaming effort can be supplemented in parallel or prior to Red Teaming.

Deliverables:

  1. A detailed report that includes a vulnerability assessment which outlines threats, vulnerabilities, and attack scenarios. The report will also include methodology, key performance parameters, and risk mitigation tools and techniques that address all threat vectors.
  2. An attack package containing all attack tools developed by the blue/red team, references to all open source or commercial attack tools used by the blue/red team, and all versions of customer-exploited software.

 

Training
Mercury provides training courses in the following areas:

Deliverables:

  • Informational Overview: Why AT? An overview for government manager
  • Product Training: EnforcIT® Expert tool for automated protection of
    applications
  • Customized Training: Customized content for specific requirements defined
    by program managers for on time, on budget deliver
 
 

Custom Solutions

We work with program managers and development teams to design a customized
protection that best leverages the characteristics of products, platforms and available hardware anti-tamper measures to build a robust protection network.

Deliverables:

  • Design custom guards - guard development according to
    application-specific needs
  • Recommend best-of-breed solutions [hardware/software]
  • FPGA Anti-Tamper IP
  • System On Chip (SOC) and Application-Specific Integrated Circuit
    (ASIC) support services
  • Advanced Anti-Tamper research and development
  • Turnkey Protections Mercury protection engineers implement a custom
    protection plan for your application or system
 
 

Design a Product Protection Plan: EnforcIT

Mercury's software protection arsenal, EnforcIT, intertwines physical and software layers to create a best-of-breed protection in the overall product package.

Deliverables:

  • Turn key services for end-to-end application protection
  • Customized layered approach to create a solution that includes both software and hardware components
  • Complete plan development for creating a unique protection scheme
  • Advise on advanced protection-integration tools and technologies

Mercury is focused on serving our customers with unsurpassed responsiveness and technical expertise. We offer a wide range of services designed to deliver the best combination of technology, products and support to our customers.

We can respond to your design questions via the General Support form.

Contact us about Professional Engineering Services