|
Information Security Services
NetEvidence, Inc. understands that companies need to know how vulnerable their critical information systems are at all times. Since there are new security exploits being developed daily we recommend regular information security audits. These days it is not enough to just secure the network perimeter; companies need to secure the core infrastructure as well as the information stores. Our consultants provide several different layers of audits to better assess the entire organizations security posture.
Audit Layers
Vulnerability Scanning
Regularly scheduled scans identify technical weaknesses in your information systems and are crucial to keeping your information secure. We use several different programs in order to validate the results of a scan and avoid false positives. Anytime a company significantly alters their network or information systems it is a good idea to rescan for weaknesses.
Penetration Testing
If our consultants find any vulnerabilities in a companies security a penetration test will allow us to identify how an intruder would exploit them. Because the technologies change so frequently and the methods of attack change as well we prefer to review a companies security more frequently with the latest subset of new attacks to make sure it is up to date.
Public Knowledge Blueprinting
To provide additional piece of mind we offer our clients a full investigation into what information is in the public domain that the company may or may not be aware of. We scan the internet, newsgroups, blogs, and other sources. Many times we have found confidential company information that the client was not aware was made public.
Wireless Network Assessments
More and more companies are deploying wireless networks to provide more flexibility to their network infrastructure. Wireless networks create a completely different challenge for network security that often goes unaddressed. Our consultants perform a complete analysis of wireless networks including: discovering signal radius, locating unauthorized access points, or attempting to break weak encryption technologies.
Social Engineering Exploitation
Security experts around the world agree, people are the weakest link in the security chain. It is human nature to try and help someone even if you do not know them. Intruders use this to their advantage and will try to impersonate a company employee to gain access to information they are not authorized for. NetEvidence can help you assess this risk and work with clients to mitigate it.
Policy and Procedure Review
Well documented policies and procedures are the cornerstone to good security. Over time these policies and procedures become stale due to changes in the company or in the technology. We work with clients to review policies and procedures to make certain they will still be effective considering today's changing climate.
Our Process
Among the services we provide to companies involved in claims, and their counsel, are:
- Scoping the project
We understand that every company is different so during this phase we custom tailor an audit solution for you. Because we offer various auditing layers NetEvidence will work with your company to define the scope of your audit. Network security is not a one size fits all discipline.
- Perform audit
Depending on the scope of the project we will gather network information from either the internet or your company and perform an attack like a real intruder would. We will use automated and manual processes and tools to scan your network. If weaknesses are found we will try to exploit them to gain access.
- Assess the risks
We will review all findings that came from the audit, current policies and procedures and any social engineering attempts and perform a risk analysis. A report will be generated and give to the client. The report will contain our findings and suggestions on how to mitigate them.
- Follow up
After a client has improved their technology to mitigate any weaknesses we found in the initial audit, NetEvidence prefers to re-examine the network. This provides our clients with a peace of mind. It can prove to the client that their network is more secure than it was before.
|
NetEvidence Home Page
