Assurance

Assurance

  • Network Security
    • Vulnerability Assessments;
    • Penetration Tests; and
    • Red Team Studies.

    Security vulnerability assessments, penetration tests, code reviews, red team tests and controls studies of networks, web-applications, mobile-apps, system environments, personnel and products.

    Our programs are delivered from 2 primary perspectives:

    1. The perspective of a malicious outsider without credentials or any intimate knowledge about the targets being tested; and

    2. The perspective of a trusted insider with authorized access.

  • More about Red Team Testing

  • Software Development Lifecycle (SDL) Security
    • Web Application Security Testing
    • Mobile Application Security Testing; and
    • Source Code Reviews.

    SDL security programs which are designed to test the security posture of web-applications, mobile-apps, their supporting infrastructures, backend systems, policies and controls in place to secure them.

    Testing is delivered without credentials to measure the applications susceptibility to compromise from an unauthorized outsider and also from the perspective of an authorized user with credentials which allows us to test the security of the application from the inside out. Testing may be delivered against live production applications or pre-production QA applications.

    Our firm also provides comprehensive secure code reviews which typically include a combination of expert manual analysis and automated analysis powered by the latest static and dynamic secure code assessment utilities.

    Finally, our training solutions include role-specific curriculums that address secure coding for application development personnel.

  • Social Engineering Studies:
    • Phishing;
    • SMS;
    • IM;
    • Social Media;
    • USB Drops;
    • USPS; and
    • Robocalls;
    • Pretext Calls.

    Social engineering studies of client personnel to determine the security posture relating to security awareness as well as the organization’s overall resiliency to cyber-exploitation via social engineering attacks.

  • Secure Configuration Reviews — Programs that inspect the configuration schemes of key firewalls, routers, switches and other border security devices. The goal of these programs is to identify the kinds of security deficiencies that exist on targeted systems and devices that would not be identified by a vulnerability assessment. The service includes an examination and assessment of security design issues, rules, configurations and policies. Services delivered during this program include a combination of automated and manual analysis.
  • Security Policy Consulting — Information security policies that are designed to help your organization to succeed while also complying with the regulatory requirements that it faces. We have unique expertise with the most challenging policies including acceptable usage, incident response and crisis management, bring your own device and data retention.
  • Incident Response and Crisis Management Planning — Incident response and crisis management plans that are specifically tailored for each unique client environment. We also help our clients to socialize, implement and test the effectiveness of these programs internally through unique educational training and testing programs. This allows our clients to effectively identify and respond to the various day to day cybersecurity incident and events that they face.
  • Residential Network Surveys & Security Reviews — Assessments that survey all wired and wireless network systems and devices operating within residences to determine if any unknown wired or wireless access points, systems or devices are active and/or physically connected to the residential network. If a rogue or unauthorized access point, system or device is identified, it is then investigated and reported to the client, at which point a decision can be made to allow or disable it. Once the survey is complete, our firm provides the client with a home network asset list documenting the physical location of each access point and fixed system or device, as well as technical details of each device identified during this exercise. Mobile devices that connect to the home network are also inventoried and the security settings of each may be hardened during the assessment phase, which includes a comprehensive security analysis of the entire residential network.
  • Network Architecture Reviews — Expert analysis of client networks, segmentation, structure and overall attack surface which can typically include components that sit well beyond the perimeter including remote users, third party business partners and cloud services providers.
  • Wireless Infrastructure Surveys & Security Audits — Wireless network surveys and security reviews that are designed to map and test wireless infrastructure with the goal of identifying deficiencies in design, configuration and implementation that can lead to compromise.
  • Voice Over IP (VoIP) Security Assurance — Security assurance programs that are designed to identify vulnerabilities and other deficiencies in VoIP infrastructure design, configuration and implementation. This allows our clients to confidently communicate over IP telephony with the assurance that their voice communications are private and that the platforms that support them are secure.
  • Network Traffic Analysis & Integrity Testing — Network integrity studies that investigate client networks to identify anomalous malicious activity already present within computing infrastructure. Once network traffic is professionally analyzed, isolation and eradication of existing problems can take place. The goal of this service is to gain independent validation of the security posture of the network and also to verify the effectiveness of third party security providers and control technologies currently in place.
  • Survivability Testing — Testing studies designed to measure the performance, availability and resiliency of our clients’ networks, applications, systems, devices, products and websites.
  • Fractional Chief Information Security Officer (CISO) Services — Fractional personnel programs that are designed to fill gaps in our client’s internal staffing. In all instances our firm’s domain and subject matter experts act as an extension of our clients’ own internal resources.
  • Secure Mobile Computing — Solutions that help our clients secure their mobile computing components which include smartphones, tablets, laptops, PDAs, automobiles, smartwatches and the like.
  • Technical Surveillance Counter-Measure (TSCM) Sweeps — A comprehensive suite of services that analyze (utilizing state-of-the-art radio frequency and thermal imaging technologies) corporate offices, boardrooms, homes and automobiles for the existence of hidden monitoring devices (cameras, microphones, video, IP snooping, etc.). These studies also includes a physical site survey designed to identify additional points of deficiency that may be utilized by an outsider to gain unauthorized physical access to facilities, access to data and/or IP and data exfiltration.
  • Malicious Insider Threat Cybersecurity Assessment — Security reviews of our clients information security controls with the goal of identifying their firm’s resiliency to attack and compromise by a trusted good-meaning or malicious insider. The program helps clients to identify deficiencies in security posture including those associated with but not limited to permission and level of access, suspicious behavior, malware and snooping tools, exfiltration, physical security and the like.
  • Information Security Road-Map Design — Planning and implementation of short-term tactical requirements that quickly improves their security posture. We also design strategic plans that ensure the longer-term viability of our clients and the protection of their people, property and information.
  • SCADA System/Command and Control Security Assessments — Security programs which are designed to test the security posture of Supervisory Control and Data Acquisition (SCADA) systems, their supporting hardware, backend systems, policies and the security controls in place to secure them.Testing is delivered without credentials to measure system susceptibility to compromise from unauthorized outside attackers and also from the perspective of an authorized user with credentials which allows us to test the security of the application from the inside out.