enterprisesecuritymag

Ingalls Information Security: Proactive Cyber Security

Jason Ingalls, CEO, Ingalls Information SecurityJason Ingalls, CEO
In 2010, Jason Ingalls founded Ingalls Information Security to provide managed security services, breach response, and security consulting, with the mission of protecting the Internet and the companies and users that rely on it to do business.

In the beginning, Ingalls was focused on cybersecurity consulting and penetration testing, which naturally led to involvement in breach response. A typical incident would be an intense, high profile consulting engagement to identify if an attacker had gained access inside the network and if so, how they broke in, what they had access to, and how they could be forced out of the network. Work in this area gave Ingalls deep experience and insight into the attack scenario. They learned that once the attacker gains access, their next goal is to identify what’s valuable (what can be stolen or destroyed) and how to gain access to it. This reconnaissance doesn’t happen overnight. With this knowledge, Ingalls decided to develop a different approach to cybersecurity. Recognizing that prevention is a necessary component of a defense in depth approach, but accepting the probability that an intrusion was likely to occur due to their many response engagements, the Ingalls team developed an approach that concentrated on identifying intrusions and stopping them before they could be leveraged by attackers to create impact to the victim. “The time an attacker spends on reconnaissance can be used to identify the attacker and neutralize or minimize the impact,” remarks Ingalls.

Ingalls provides security services that range from assessments to serving as the security apparatus for a business. In many cases, the first step is a free assessment of a client’s network. This initial step provides immediate value by producing a report that identifies areas of vulnerabilities.

The time the attacker spends on reconnaissance is used to identify the attacker and neutralize or minimize the impact


With this information, their client can make decisions about activity on their network and evaluate the risk and vulnerability it generates. “Once they have determined the risk, the client can create policies around the activity to manage it and reduce vulnerabilities,” says Ingalls.

“There are two big problems in Cybersecurity: too much data and too few people,” says Ingalls. There is a well-known and serious talent shortage of cybersecurity personnel today. But that shortage may be impacted by Ingalls as well. Looking to the future, Ingalls is developing Viewpoint–a proprietary tool that provides a view into cyber space that is three-dimensional. “This capability will allow the creation of a visual representation of activity and every stakeholder will see the same picture,” extols Ingalls. Viewpoint will facilitate the creation of a stronger talent pipeline for the industry as it revolutionizes training and education for cybersecurity professionals.

Ingalls also sees the cybersecurity risk appetite of corporations changing. “Boards of Directors are taking a risk based approach towards solving cybersecurity and they are beginning to realize the risk is larger than just the compliance requirements, and the risk of breach.” Ingalls provides a turnkey solution to assess all risks to the network through their comprehensive, continuous assessment of the network via their technology, and their monitoring services scour their client’s networks looking for the intrusions that will eventually occur. When they do, Ingalls is prepared to stop them before they can be used to do harm to the client.