Technical Security Assessments |
|
 | | | |
Alawy Global Security Consulting experts use vulnerability and penetration testing,
wireless assessments and code reviews to assess the risk to your critical infrastructure,
servers, and applications. Regular technical security assessments help ensure
that your systems are safe and efficient and that you're able to take advantage
of technical advances.
The
Purpose Vulnerability
Assessment
We schedule regular vulnerability assessments to check for technical
weaknesses in your network, layer by layer. These assessments also include evaluation
of new systems and preparation for new threats. We scan your system,
then we use manual procedures to validate the scans and to provide an
additional layer of detail.
Penetration Testing
We often follow-up vulnerability assessments with penetration testing.
Penetration testing helps us identify how intruders can exploit
vulnerabilities that aren't fixed quickly. We focus on identifying the
technology that's available now to solve the problems at hand.
So we re-examine your
technical security frequently to make sure it's up to date.
Application Security Assessments
Enterprises are increasingly extending application access
to users and business partners outside of traditional boundaries. This
trend towards integrating applications between business partners means
the application security framework that your company relies on must be
stronger and more dependable. It must ensure that only authorized users
and partner applications are allowed access to key enterprise
applications and data. Our application security assessments include
black box and white box testing as well as detailed code reviews that
can help you pinpoint weaknesses and find ways to fix them.
Wireless
Security Assessments
A wireless security assessment helps you identify and
mitigate risks and vulnerabilities associated with your wireless
network. We analyze your wireless business requirements and examine
your network architecture, configurations, and standards.
Tactically, we identify signal leakage
and deployment of unauthorized access points in your wireless network.
We identify vulnerabilities in access points and wireless LAN
clients. We can also search for (and attempt to break)
inappropriate use of encryption technologies information. We prepare a
report classifying your risks and analyzing the impact of suggested
changes on your wireless deployment.
Back to top
Value
to You A
Tested and Well-Tuned System
Regular
vulnerability testing assesses and continuously validates the strength
of your technical security. It's also a requirement to remain in
compliance with certain regulatory requirements and standards of good
practice. We scan your entire system, from the operating system to
actual application code. Such a detailed test gives you both efficiency
and safety.
An
Antidote to Complacency
We don't just identify vulnerabilities, we validate both their existence
and risk
to your organization. We uncover whether a combination of
vulnerabilities work together to increase risk. We perform a variety of
tests to isolate specific weaknesses.
Flexible service offerings
We can provide one time and recurring application, network, and host
vulnerability assessment and penetration testing as either a single
consulting engagement or an ongoing managed service.
Back to top
How
We Work
-
We
scope the work. We
perform vulnerability and penetration testing, wireless assessments,
and code reviews. We work with your security and information officers
to define the scope of the work you want us to undertake. We can also
work with other companies if youve outsourced your IT and hosting
services.
- We
learn your goals and analyze the current state of your security. First
and foremost, we make sure we understand your business goals. We want to make
recommendations that are not only technically sound - but tailored to your
business.
-
We
assess your risk. We examine your networks host
servers, operating system, and applications. We check to see if
sensitive data is exposed. We try to replay authentication data. We see
if we can exploit encryption algorithms. We try to take advantage of
inadequate input validation controls. We see if we can exploit buffer
overflow vulnerabilities.
Networks have many components and
are very porous. The application layer is especially vulnerable. We
look not just at the way applications interact, we also review the code
behind them. We examine your database servers - and we check their
connectivity and queries. We check your modems. We scrutinize how your
wireless network is configured.
- We
mimic a malicious intruder. We
gather network and device-level information. We run automated scanning
tools and do manual testing. We approach your network as a black box as
an outside intruder would—without any previous knowledge of how its
configured. We also test it as a white box as a disgruntled employee
might—with network diagrams and customer application information.
Back to top
How
Long It Takes
A technology assessment
takes approximately one to two weeks.
Back to top
The
Results Enhanced
Technological Safety and Stability
Regular technical security assessments help ensure that your systems
are safe and efficient and that you're able to take advantage of
technical advances.
Enhanced
Event-Response Capabilities
Regular
scanning provides a better understanding of your vulnerabilities and a
better ability to identify and respond to the first signs of an attack.
Tailored
Recommendations Ranked by Cost and Effort
We rank our recommendations. We know everyone has a limited security
budget. We identify the technological improvements that are best for
your business and rank our recommendations accordingly. We help you
prioritize your spending: we do a cost-benefit analysis of each
recommendation and identify which technology investments are the most
cost-effective.
Back to top
Why
Alawy Alawy has worked to secure the networks of Fortune 500 companies
in the financial, energy, insurance, media and consumer goods sector in the
United States. A significant amount of this experience has been within the
financial services and banking sectors—assessing infrastructure security
and architecting and deploying secure solutions. We participate in the FBI's
InfraGard as advisers in threat and security matters.
Our Security Consultants are Software Engineers trained in Information Security.
They understand systems architecture. They see the whole picture. We’re
not a software company limited to our own line of products. We provide our
clients with the solution that best fits their business and budget needs. We
do not cater to a "one size fits all" approach. Our focus is on protecting
the sensitive information you are trusted to safeguard -- information belonging
to your business and your clients -- from malicious theft or careless mishandling.
Security isn't just about security; it's about your business. We focus on
providing solutions tailored to your corporate goals and the real threats you
face. Read about Our
Approach - the foundation for all our work.
Focus on your business:
- We help you stay competitive. We use our knowledge and experience to benchmark
your risk against your industry.
- We value actions by their consequences. Our focus is consequences, not
just risk.
- We focus on our relationship with our customers. Our goal is to be your
trusted security advisor.
- We provide recommendations that are vendor independent to give you the
freedom to implement the solution that suits you best.
- We help you stay competitive. Our business is security, not just consulting.
Focus on our experience:
- We have a wide variety of clients in
a broad range of industries.
That exposes us to the need for many different architectures, designs, and
solutions.
- Our consultants are IT security p/clients/index.jsp17;ve worked with
Fortune 500 companies or in the financial, energy, insurance, media and consumer
goods industries.
- Our team of consultants is made up of Certified Information System Security
Professionals (CISSPs).
Back to top
|
