Vulnerability Scanning

 

Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning

 

Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring

 

We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Risk Assessment Host Security Assessment

Host Security Assessment

Internal hosts can be vulnerable to a number of attacks if they are not tested through means other than network assessment. An application running on a critical server may allow an attacker access. Host Security Assessments are critical but frequently are not done on a scheduled, timely basis. In many organizations, a baseline host configuration standard is not used, or critical servers are placed on the network before being tested for vulnerabilities either in the operating system or the applications running.

Solution Host Security Assessment is used to determine the security posture of critical servers in your environment. We conduct automated tests of the operating system and application-level security issues and check administrative and technical controls. Identified weaknesses and potential weaknesses are mapped against the risk level to the organization and recommendations are made. We analyze your host security policies and procedures and your risk classification standards for information assets. Key areas we look at include but are not limited to:

  • Secure configuration
  • Separation of privileges
  • Logging and auditing
  • Account Management and Security
  • File Management and Security
  • Patch Level
  • Network Security
  • General Security Management
  • Intrusion detection methods
  • Disaster recovery measures
The key servers that are selected for diagnostic review will cover the following aspects of security:
  • Review security of servers and determine what vulnerabilities exist
  • Logging and auditing review
  • Account management and security
  • Patch and remediation process analysis
  • General Security Management on an ongoing basis