Our Consulting Services
- Vulnerability Assessment
- Data Loss and Endpoint
- Application Security
- Website Vulnerability Assessment
- Data Encryption
- Hosted Disk Encryption
- Messaging Security
- Application Security
- Web Security
- Endpoint Security
- DLP Security
- 2-Factor Authentication
A practical approach to vulnerability reduction is needed with strategy development. Vulnerability analysis is the front-line in securing the organization and a custom built methodology will be developed to utilize your personnel and financial resources to provide the best solution to meet your business needs.
Technology is frequently mis-configured or mismanaged, which in turn introduces points of weakness into the organization. Every device connected to the network has the potential to allow an attacker in. Vulnerability assessment can be used against many different types of systems such as networked based, host based or application based. A company needs to know what threats are inherent in the infrastructure based on current and future technology purchases. Vulnerability Assessments are necessary to identify vulnerabilities, but also are necessary to show changes in the environment over time as the organization grows and changes. Future threats need to be addressed through vulnerability assessment and trend analysis.
We provide a programmatic approach for evaluating technical, administrative and management security controls across your environment. Vulnerability scanning is a necessary tactical approach to securing all the “low-hanging” risk in your infrastructure. We will conduct tests against your Internet perimeter and internal systems using real world attacks techniques, both automated and manual.
Key value propositions for a Vulnerability analysis include:
- Methodology development
- Analysis of remediation process and solution development
- Metrics development and reporting
- Manual and automated testing procedures
- Review of network, operating system, application and end-point security measures
- Development of key remediation recommendations
- Policy development to maintain proper vulnerability remediation procedures
How the Process Works
We will scan your external and internal networks for vulnerabilities. Once identified, we will attempt to validate the vulnerability and provide detailed recommendations to fix the problems. We will review your policies and procedures around vulnerability management and provide practical steps to ensure management of vulnerabilities in the future is detailed and can change as the organization implements new technologies. You may choose to have us do a retest using only automated techniques after you have completed the recommended fixes. This will be at a discounted rate.
The DLP assessment helps an organization determine all the mechanisms of where data is residing and all the potential ways is can leave the organization.
The security industry has evolved to the point where data can now be granularly tracked, monitored, blocked and reported. Products such as Vericept and Vontu are attempting to address these problems from a technology perspective, but any security solution needs to address people, process and technology challenges. With so many forms of connectivity into and out of the organization, it is difficult to know where your data is and who has access to it. The Data Loss Prevention (DLP) assessment addresses the needs of organizations to more tightly control their data, know where it is, from creation, to modification to transport, to storage and destruction. Data can reside anywhere from the Blackberry, to email, to spreadsheets on a desktop with no way of tracking it.
We help you gain an understanding of how information moves into and out of your organization and develop policies and procedures along with the necessary tools to control your data leakage problems.
The process will:
• Assess the current state of data movement
• Identify Data-in-motion, Data-at-rest and Data-in-use scenarios
• Identify threats to your data, both internal and external
• Review and develop policies and procedures around DLP
• Recommend tools for further security
• Identify compliance risks because of data leakage
• We will map solutions to any regulatory requirements you may have
• Assess the need for host based and networks based DLP technologies
• Develop or modify risk classification standards for future data creation and management
• Ensure acceptable use of data and provide protection and prevention of unauthorized access
• Extend your corporate security policies to remote employees, vendors, contractors and suppliers
How the Process Works
We will go onsite to interview your IT and security staff and business unit owners to understand how data moves through the environment. We will review all your documented procedures and assess the technology you already have in place that may help in DLP. We will make procedural and technical recommendations to implement a robust DLP solution.
Security risks have moved beyond the network and operating systems and are more significant in the application and access to data through applications. Finding and fixing security problems early in the development cycle is more efficient and cost effective than testing after the application goes into production. Yet many companies only test for functional requirements in application testing. Security vulnerabilities can be identified early in the development phase through a structured approach.
We review your current application usage, goals for developing new applications, whether in-house or off the shelf and develop a security strategy. An analysis of what information you plan to store on systems is conducted, review requirements to access information and what controls should be in place over application and data provisioning.
Key aspects of application security reviews include:
• Analysis of data access requirements
• Understand the business requirements of the applications and how to meet organizational goals
• Conduct a threat analysis of points of weakness in the current SDLC
• Conduct risk analysis and business impact analysis of application weaknesses
• Implementing security into the current SDLC
• Analysis of tools needed to ensure secure code development
• Analyze training regime for secure application development
• Develop a threat analysis and monitoring solution for application security
• Develop policies to address future risk to applications
How the Process Works
We interview your IT staff, application development staff and security staff about what security measures are taken during the SDLC. We make recommendations on how the development process can be enhanced based on industry best practices for secure software development and provide a new framework that can be followed for future development.
An Aurora security consultant will run an automated scan, review reports, analyze findings and deliver the report. This involves manual and automated hacking techniques and a consultant testing the site for 12 hours. The consultant will interpret the report and recommend solutions to fix any vulnerabilities found. This can help prevent data theft and web site defacement and brand damage as well.