Our Services and Products

 Organizations and security teams typically have a good understanding of how to employ a security program in normal business environments. However, these same teams may struggle with security programs in Industrial Control Systems (ICS) due to the nature and requirements of these devices and the processes they serve. Unfortunately, attackers are becoming more aware of how to use the technologies that control and manage processes to their advantage. Your team needs to understand how to employ a mature security program to protect your processes and business goals. Our team can help you update your ICS policies, implement segmentation and isolation of ICS technologies, improve vendor and integrator relationships, and mitigate systemic technological vulnerabilities in an organized and prioritized manner. 

 ICS Assessments begin with the evaluation of the implemented processes and their deployment within your organization. We work with your team to understand these processes, obtain an overview of your business goals, and determine the most significant threats to the success of these teams and the technologies they support.  Security testing is then performed to evaluate how your current controls protect your processes against common and determined attackers that wish to disrupt your organization’s success. Our assessment results in pointed and prioritized findings that will help your team improve the maturity of your security program and ensure the effectiveness of your process to achieve your business goals. 

Security assessments of your applications and environment can help your team understand some of the vulnerabilities attackers will use against your organization. These assessments do not provide an overview of the actual attacks that will have the greatest impact on your business and on your organization's success. Threat modeling can help your team prioritize your security efforts by identifying the true threats to your data and the efforts that will address these gaps. 

We can work with your developers, security team, and leadership to provide a threat model to help you pinpoint the vulnerabilities in your business. 

 Attackers typically start their attacks using the credentials of employees or contractors. They leverage this access to investigate your technologies and locate information that helps them determine and complete their varying objectives.  Assumed Breach Assessments start with normal user credentials and evaluate the methods attackers can use to elevate their privileges, propagate within your environment, exfiltrate data, and achieve their goals.  Understanding these methods will help your team understand the most effective means to securing your systems to identify their activity and prevent their success. 

Fundamental to a complete OT cybersecurity risk evaluation, is a gap analysis. This is generated from your existing and desired cybersecurity performance postures as defined and is intended to provide a picture of proposed remediation to mitigate risks or vulnerabilities. The gap analysis is produced by automatically specifying known countermeasures and best practices to manage the asset threat exposure. The level of details associated with the resulting gap analysis can directly impact the corrective actions recommended or the isolation of risks based on criticality or vulnerability. 

Novesh's Evaluation Toolkit provides OT experts the ability to generate a gap analysis based on research gathered, interviews, inventories, and technical assessments with stakeholders. The result is an individualized report where each risk is assigned it's own tier, criticality and weight thereby allowing complete segregation or isolation on demand and over time. 

 All organizations have wireless infrastructures to provide access to their employees. The Internet of Things (IoT) and Industrial Control System devices have significantly increased the number of devices that are connected to an organization’s network. Our team can help you understand the security of your typical Wi-Fi network and the risk it poses to your environment. Additionally, we can help your team understand how devices using 802.15.4 networks, 900 HMz radios, and proprietary radio implementations impact the security of your processes and enterprise

 Hardware device capabilities are accelerating. Very rarely do these devices not have wired or wireless capabilities. Organizations need to understand how these devices impact the overall security of their business. Whether you are developing a device or purchasing one, we can help your team understand how attackers will evaluate, subjugate, and use these devices to attack an environment. Our team is adept at reviewing wired and wireless functionality, extracting data from memory and microcontrollers, evaluating protocols and data exchange over various media, review program functionality, and helping your team understand how to mitigate any exploitable vulnerabilities or unusual functionality.

 We provide training and education equipment in the field of Industrial Control Systems (ICS) and Cybersecurity. Our teaching equipment includes electrical & electronic automation testbed and platforms, PLC programmable series, microcontroller and development boards, and Hacking toolkits.  It is one of the goals of this company to contribute its share to teaching and education in the area of cybersecurity and provide excellent service and products in this area.

Novesh training programs include cybersecurity, industrial control systems (ICS) training, ICS cybersecurity, and cybersecurity workshops.  

Our cybersecurity program is an intensive training designed to provide individuals from diverse backgrounds the skills they need to work in IT or OT cybersecurity fields.

 In our ICS program, trainees receive hands-on experience with PLCs, SCADA, sensors/transmitters, calibrators, piping, instrumentation diagrams, and more. 

Our Cybersecurity Awareness Workshop introduce your staff to day-to-day threats and cyberattack that occur in the IT and OT workplace and provide the basic trainings to help improve the cybersecurity resiliency of your organization.