Cloud computing represents one of the most significant and exciting changes in technology since the emergence of the Internet. For commercial CSPs implementing the Federal Risk and Authorization Management Program (FedRAMP) security requirements in their environment, a FedRAMP approved Third Party Assessment Organization (3PAO) must be hired to perform the independent assessment and provide the security assessment package to the FedRAMP Joint Authorization Board (JAB) for review.
As an official Third Party Assessment Organization (3PAO), Lunarline is uniquely qualified to independently validate and verify that all FedRAMP requirements have been met. Lunarline’s Cloud Security Consultants will develop a cloud security strategy roadmap designed to guide you through the security and privacy concerns of cloud computing and help you implement a secure cloud strategy.
Origination of Lunarline
In early 2004, Lunarline, Inc., a Service Disabled Veteran Owned Small Business and FedRAMP-accredited 3PAO, was developed to help solve a colossal security problem prevalent in both the government and private sectors: systems and software were being designed, developed, and deployed into sensitive environments, and then security was added as an afterthought, if at all. Lunarline was created to provide the customers with solutions and securities to the people for all the data they store, transmit, or process.
Pro-Active and Persistent Leader
Waylon Krush, Co-Founder and CEO, Lunarline Inc., is not the sit-at-his-desk type. He’s happier out in the field, helping clients fight back against an ever more threatening cyber world.
Prior to becoming Lunarline’s fearless leader, Waylon was a senior information security engineer in AT&T’s Advanced Systems Division and chief of the information assurance group for GRC-TSC. A veteran of the US Army, Waylon held various Intel- and security-related technical and leadership roles, including service as the lead technical member of the Land and Information Warfare Activity Information Systems Security Monitoring, Vulnerability Assessment Blue Team, and Red Team.
For his contributions to National Security, he was named a Knowlton Award Winner, one of the Intelligence Community’s highest honors. He was also recognized as the 718th Military Intelligence Soldier of the Year, the NSA Professional of the Quarter, received the Voice of America Award, and is a two time winner of the American Legion Award.
Lunarline: Light and Direction to Solve Cyber Issues
The team at Lunarline has worked on one of the first secure cloud pilots for the US Government and many of their commercial clients. They were asked to take several open source applications and components, and develop custom secure baselines that would meet Federal security requirements, but more importantly needed to be hardened to meet the risk appetite of the executives they were supporting.
As cloud was a new technology, and the executives would not be controlling anything from the gate guards to the hypervisor, their risk appetite was very low. So the team ended up conducting supply chain risk assessments, thorough software assurance reviews, pen testing, and creating fixes for security and privacy issues that had not been published.
Their extra work paid off shortly after launch as a few zero-day attack hit the Content Management System (CMS) they were using, but since they uncovered and fixed the security issues when they reviewed the code and tuned their customers Web Application Firewalls (WAF) the attack did not affect them or their customers.
Perspicacious and Prominent Services
Lunarline’s Cloud Security Consulting Services include- FedRAMP security controls assessment and validation performed by an accredited Third Party Assessment Organization (3PAO), Guidance throughout the FedRAMP assessment and provisional authorization process for infrastructure (IaaS), platform (PaaS), and software (SaaS) services offered by federal and commercial Cloud Service Providers (CSPs). They provide 24x7x365 Managed Active Response Security (MARS) Incident Response and Hunt Teams, and Develop high-level cloud computing security strategy along with Software Assurance, Penetration Testing, and custom security fixes and baselines.
Lunarline provides best practices for ensuring secure Private, Public, or Hybrid cloud environments and they also guide and educate on critical cloud security considerations.
Strategic Solutions Beneficial for Clientele
The team at Lunarline does not tie their solutions too closely to specific vendors. Their solutions have since become mostly vendor agnostic, and they have also found that they can be a force-multiplier by providing their customers with cyber and privacy training/certification.
Their hunt teams have uncovered significant breaches for their customers inside and outside their network and cloud instances. They have spent many years of profits to focus on bringing together their threat, malware, and vulnerability management along with their custom deep web, dark web, pen testing, and open source intelligence tools, they can get in front of many of the security issues and flaws their customers deal with daily. When their customers do have significant security events or inside threats or identify an indicator of compromise, they work with the customers to create a solution that meets their situation and budget. This includes training their internal incident response, compliance, and hunt teams. They love to train their customers to become part of the security solution.
Lunarline’s Future Roadmap
From a security perspective, cloud has been a force multiplier as it relates to security, but has also enabled adversaries to conduct significant operations and attacks at a very low cost.
Lunarline will continue to push their security and privacy automation, training, testing, and proactive monitoring/response services to support customers as they evolve increasingly of their sensitive operations to the cloud.