Vulnerability Scanning

 

Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning

 

Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring

 

We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Compliance Solutions Gap Analysis
A Gap Analysis can be a standalone project or in most cases combined with a Road Map Strategy development. It identifies the gaps in current practices and best practices. Many organizations have never quantified and identified the weakness in their security processes and where they should be according to best practices. This is a critical step in reducing future threats to the organization. If a Gap Analysis has been done, typically it is only focused on security tools, not the business processes used or the business function required. A complete Gap Analysis has to focus on people, process and technology.

Solution

Our solution uses quantitative and qualitative methods to define your current state and future state of your security environment. We determine how your organization maps to best practices and the steps needed to get to the next level of security and maintain a robust security environment as change occurs. A Gap Analysis identifies deficiencies and correlated them to practical solutions. A baseline for your future security architecture will be developed after the analysis is complete. The Gap Analysis will develop best practices unique to your environment that can be used to implement controls over the following areas:

  • Regulatory compliance requirements (ISO, 201 CMR 18.00, CoBIT, HIPAA, SOX and PCI SAQ)
  • Existing policies, procedures and standards
  • Software security development life cycle processes
  • Access controls and user provisioning processes
  • Change control and configuration management
  • Business continuity related to security
  • Vulnerability management processes
  • Asset identification processes
  • Risk management processes
  • Incident handling processes
  • Endpoint architecture
  • Remediation processes
  • Physical security processes

How the Process Works

First we analyze the current security processes and gain an understanding of current practices. Gaps between existing processes and targeted best practices are determines and solutions proposed. Identifying business risks associated with current practices is as important as identifying technology gaps. Through interview process and review of documentation around practices, we provide a phased approach to closing the gaps and providing steps to ensure those gaps do not occur again.