Is your Internet perimeter and the systems in your DMZ as secure as they need to be? In the SystemExperts™ Internet Exposure Profile, we perform a battery of penetration tests and attempt to exploit a variety of security exposures related to the TCP/IP protocol and services. Unlike the automated EXPERTscan, highly skilled consultants use tools, creativity, and expertise to attempt to obtain unauthorized access to the firewall and to systems behind the firewall. Also, unlike with most commodity penetration testing, our consultants explore combinatorial exposures; minor problems that can be combined to create significant exploitable vulnerabilities.
Is your web site vulnerable to attack? During the Web Application Vulnerability Test (Web AVTsm), SystemExperts looks to exploit deficiencies in the web application or web pages themselves, to escalate privileges, access other network systems or services, or identify instances where customer-private data may be exposed. SystemExperts tests two primary scenarios: as a determined intruder on the Internet (i.e., with no credentials) and as a legitimate authenticated user with a valid User ID and password.
The questions we attempt to answer include:
Just as having a routine annual physical is a good practice, taking stock of the effectiveness of your security program once a year is simply prudent. SystemExperts uses its acclaimed and highly interactive Accelerated Assessment Methodology to conduct a broad based review of the security of your applications, networks, and systems in their full environmental and business context.
SystemExperts uses its own experience as well as ISO 27001 & 27002 as a guide in recommending security practice and controls. This approach enables you to better understand how your current practices compare to industry standards and/or best practices and those practices required for compliance. During the discussions, SystemExperts is careful to ensure that business and technical requirements are examined and properly balanced. Rather than measuring for formal compliance, we will assess if you are acting prudently (i.e., your practices are operationally secure) in each major security area.
Our clients value both the short duration and the immense knowledge transfer that occurs during these intense Accelerated Security Assessments.
If you use an Application Service Provider (ASP), a Software as a Service (SaaS) provider, or have critical business partners, it makes sense to check the effectiveness of their security program annually. After all, systems are constantly evolving and staff turns over. You need to know that your partners have the necessary security policies and controls in place to serve as a steward of your data and reputation.
EXPERTscan is a largely automated methodology created by SystemExperts to identify configuration issues that introduce unnecessary risk into your environment. At regular intervals (typically weekly or monthly), SystemExperts performs and EXPERTscan of your Internet perimeter and/or internal systems — consisting of an agreed upon set of IP addresses. System Experts then manually verifies the results to eliminate false-positives.
It is as basic as looking in the mirror before leaving the house for an important meeting, simple things can go wrong. Each business day, SystemExperts™ performs a service integrity check. We compare the set of TCP/IP services offered by a designated set of Internet facing machines and notify you if the profile changes or if any new services have been added.
Similarly, SystemExperts™ monitors your web site home page and static content linked from that home page daily for adverse changes and notifies you of any problems that we find.
On a monthly basis, SystemExperts™ verifies the expiration of an agreed upon list of Internet domain names and provides notification of expiration dates closer than 60 days. SystemExperts also notifies you if the information (contact names and phone numbers) in the registration changes. Many large organizations have accidentally lost control over their domain names by missing renewal dates.
Based on a detailed inventory of the systems that comprise your network environment, SystemExperts™ monitors software patch releases and exploit postings and notifies you of relevant threats that may target your systems and/or whether an exploit has been discovered that could make your infrastructure vulnerable to an attack.
It is easy for companies to inadvertently get themselves blacklisted as a spammer. In many cases, this listing is unjustified. Many organizations are unaware that they have been blacklisted and only discover this fact when their outgoing email is not reaching its intended recipients.
There are a number of reasons your IP address may be blacklisted, including:
As part of the SPAMalert service, each business day SystemExperts will monitor anti-spam blacklists and notify you if your monitored IP addresses or company name appears on a blacklist.
Many companies do not know how to begin to get themselves removed from spam blacklists, or may not have the time to do so. Consequently, SystemExperts assists our SPAMalert clients in the investigation and remediation of email blacklisting incidents, allowing your team to stay productive.
The Internet community has come to rely on secure transports to secure the web, and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have emerged as the de facto standard mechanisms to provide this protection. SSL/TLS relies on a server certificate to provide the server’s public key and prove the web site’s authenticity. These certificates are signed by a trusted third party and expire after a certain period of time. Unfortunately, these certificates timeout silently so it is not uncommon for a company to be unaware that its web site is returning error messages and allowing untrusted encrypted sessions when prospective customers contact its site - reducing sales and damaging its reputation. The CERTalert service from SystemExperts gives you peace of mind by monitoring your SSL/TLS certificate expiration date and notifying you before your coverage lapses.
We'll be there when you need to bounce ideas off a knowledgeable sounding board or simply brain-storm with someone on ways to solve a particularly tough problem. Think of the SystemExperts™ Security Blanket™ as providing you with the coverage and bench-depth you've always needed but could never before afford on a full time basis.
Many organizations find that they need to deploy Security Information and Event Monitoring (SIEM) solutions to satisfy contractual or regulatory requirements for log monitoring or event management, but they don’t have the staff or the specialized skills to effectively operate the tool on a day to day basis. SystemExperts™ can help. Our highly skilled team can monitor SIEM alerts, create trouble tickets, and mentor your staff in best practice SIEM operation so that over time, your organization "learns to fish."
Back to TopSystemExperts™ prepares a letter that describes your customized Security Blanket™ program. The purpose of this letter is to concisely communicate to prospective customers, auditors, or regulators the ongoing security activities that SystemExperts™ is performing on your behalf to help demonstrate that you are fulfilling your prudent man and due diligence obligations.
The letter is delivered both as a form letter that you can distribute as well as customized letters sent by SystemExperts™ to designated third parties.
Request a consultation to learn more about our Security Blanket a la carte IT security solutions and to receive complete pricing information.
Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.