|
|
| Our focused point solutions are designed to help you evaluate and bolster your organization’s information security posture in a targeted, effective manner. Examples of solutions that we provide include: |
|
| Wireless Network Security Testing: |
| Wireless networks are generally fraught with vulnerabilities such as “static network keys,” no authentication, replay attacks, and weak encryption algorithms. We review your organization’s configurations and placement of wireless access points. Testing is performed using public, commercial and proprietary techniques to identify vulnerabilities such as capturing and decrypting traffic, access to WAP devices, and network injection attempts. |
|
| External Vulnerability / Exploitation Testing (EVEA |
| Our EVEA point solution enables you to identify and remediate vulnerabilities to your Internet-facing environment before others do. Our analysts perform six steps, including: Fingerprinting; Host, Service, and Application Identification; Vulnerability Scan; Exploitation; Application Testing; and Perimeter Security Configuration Review. |
|
| Internal Vulnerability Assessment: |
| To assess all of your organization’s accessible devices, we perform a scan working from a zero-knowledge perspective, with access to an Ethernet port but no network accounts. We identify vulnerabilities, mis-configurations, and policy deficiencies. We also perform network and host discovery to include intrusive but non-destructive vulnerability testing. |
|
| Web Application Testing: |
| Using a combination of commercial and proprietary tools and techniques, we attempt to exploit potential vulnerabilities such as broken authentication and session management, cross site request forgery and scripting, insecure cryptographic storage, insufficient transport layer protection and unvalidated redirects and forwards. Our report provides detailed analyses of identified vulnerabilities and practical recommendations. |
|
| Social Engineering: |
| Organizations face social engineering attacks ranging from traditional physical intrusion and impersonation to phishing, vishing and smishing attacks. Our analysts conduct these social engineering tests as well as phone solicitation, employee impersonation and on-site data gathering. |
|
| Security Training and Awareness: |
| End users’ training and awareness is an essential piece of any solid information security program. We will review your organization’s training and awareness program to determine if it addresses its Information Security Policies and current regulatory/privacy requirements and ensure that staff understand current dangers from not only technical threats but from non-technical threats such as social engineering. |
|
| Policy Review and Development: |
| Policies and procedures are the underlying foundation of a sound information security posture. Review and development components include Administrative safeguards (e.g., security management process, password management, workforce clearance procedures), Physical safeguards (e.g., access controls, workstation security, data backup and storage) and Technical safeguards (e.g., unique user identification and authentication, encryption controls). |
|
| Disaster Recovery/Business Continuity Planning: |
| Business Continuity and Disaster Recovery planning is a demanding task. Our experts can assist you by developing strategies and testing the plan, with education of personnel for ongoing management of the plan. Throughout the development cycle, we work with your staff to ensure they understand the process and are comfortable with maintaining and adjusting the plan. |
|
