Peace of mind at an affordable price
A child's anxiety and irrational fears can be allayed with a bit of soft flannel, a treasured blanket. Computer and network professionals have to deal with a world where monsters really are lurking in the dark just waiting for the opportunity to pounce. Unfortunately, flannel's magic isn't strong enough to work in your case, but SystemExperts™ offers a package of network security consulting solutions that will give you the same peace of mind. You'll be able to sleep at night knowing a team of security experts is on your side and watching your back.
The SystemExperts™ Security Blanket is structured as an a la carte menu of network security consulting solutions, so you pay only for the services that you need.
The services consist of a mix of routine activities (simple best practices) that every company knows it should do regularly but too often are unable to perform and others that require skills and tools that are seldom found in IT departments. The services are structured to minimize the burden they place on your staff - in many cases, only exceptions or alerts are reported.
The fees for the Security Blanket™ security solution are structured as a modest monthly retainer - you'll be surprised how modest. The price varies depending on the size and complexity of your environment, the details of the specific services you'll need, and whether you have selected a 1, 2, or 3-year term.
Request a consultation to learn more about our Security Blanket a la carte IT security consulting solutions and to receive complete pricing information.
Is your Internet perimeter and the systems in your DMZ as secure as they need to be? In the SystemExperts™ Internet Exposure Profile, we perform a battery of penetration tests and attempt to exploit a variety of security exposures related to the TCP/IP protocol and services. Unlike the automated EXPERTscan, highly skilled consultants use tools, creativity, and expertise to attempt to obtain unauthorized access to the firewall and to systems behind the firewall. Also, unlike with most commodity penetration testing, our consultants explore combinatorial exposures; minor problems that can be combined to create significant exploitable vulnerabilities.
Is your web site vulnerable to attack? During the Web Application Vulnerability Test (Web AVTsm), SystemExperts looks to exploit deficiencies in the web application or web pages themselves, to escalate privileges, access other network systems or services, or identify instances where customer-private data may be exposed. SystemExperts tests two primary scenarios: as a determined intruder on the Internet (i.e., with no credentials) and as a legitimate authenticated user with a valid User ID and password.
The questions we attempt to answer include:
Just as having a routine annual physical is a good practice, taking stock of the effectiveness of your security program once a year is simply prudent.
SystemExperts uses its acclaimed and highly interactive Accelerated Assessment Methodology to conduct a broad based review of your IT security focused solely in the context of your business.
SystemExperts uses its own experience as well as ISO 27002 as a guide in recommending security practice and controls. This approach will allow you to better understand how your current practices compare to those required for compliance. During the discussions, SystemExperts is careful to ensure that business and technical requirements are examined and properly balanced.
If you use an Application Service Provider (ASP), a Software as a Service (SaaS) provider, or have critical business partners, it makes sense to check the effectiveness of their security program annually. After all, systems are constantly evolving and staff turns over. You need to know that your partners have the necessary security policies and controls in place to serve as a steward of your data and reputation.
EXPERTscan is a largely automated methodology created by SystemExperts™ to identify configuration issues that introduce unnecessary risk into your environment. At monthly intervals, SystemExperts performs an EXPERTscan of your Internet perimeter and/or internal systems - consisting of an agreed upon set of IP addresses. During the first month of each calendar quarter, you receive a Quarterly Baseline report. During the next two months, you receive a Delta Report that describes what has changed since the most recent quarterly baseline.
It is as basic as looking in the mirror before leaving the house for an important meeting, simple things can go wrong. Up to three times per calendar week, SystemExperts™ performs a service integrity check. We compare the set of TCP/IP services offered by a designated set of Internet facing machines and notify you if the profile changes or if any new services have been added.
Similarly, SystemExperts™ monitors your web site home page and static content linked from that home page daily (during the business week) for adverse changes and notifies you of any problems that we find.
On a monthly basis, SystemExperts™ verifies the expiration of an agreed upon list of Internet domain names and provides notification of expiration dates closer than 60 days. SystemExperts also notifies you if the information (contact names and phone numbers) in the registration changes. Many large organizations have accidentally lost control over their domain names by missing renewal dates.
Based on a detailed inventory of the systems that comprise your network environment, SystemExperts™ monitors software patch releases and exploit postings and notifies you of relevant threats that may target your systems and/or whether an exploit has been discovered that could make your infrastructure vulnerable to an attack.
It is easy for companies to inadvertently get themselves blacklisted as a spammer. In many cases, this listing is unjustified. Further, many organizations are unaware that they have been blacklisted and only discover this fact when their outgoing email is not getting to intended recipients. SystemExperts™ continually monitors a number of the blacklists that anti-spam software uses and notifies you if your company appears on a blacklist.
Secure Sockets Layer (SSL) has emerged as the de facto standard channel encryption mechanism to protect the privacy of web traffic in transit. SSL relies on a server certificate to provide the server's public key and prove the web site's authenticity. These certificates are signed by a trusted third-party and expire after a certain period of time. Unfortunately, these certificates timeout silently, so it is not uncommon for a company to be unaware that its web site is returning error messages and not allowing encrypted sessions when prospective customers contact its site - reducing sales and damaging its reputation. The CERTalert service from SystemExperts™ gives you peace of mind by monitoring your SSL certificate expiration date and notifying you before your coverage lapses.
We'll be there when you need to bounce ideas off a knowledgeable sounding board or simply brain-storm with someone on ways to solve a particularly tough problem. Think of the SystemExperts™ Security Blanket™ as providing you with the coverage and bench-depth you've always needed but could never before afford on a full time basis.
SystemExperts™ prepares a letter that describes your customized Security Blanket™ program. The purpose of this letter is to concisely communicate to prospective customers, auditors, or regulators the ongoing security activities that SystemExperts™ is performing on your behalf to help demonstrate that you are fulfilling your prudent man and due diligence obligations.
The letter is delivered both as a form letter that you can distribute as well as customized letters sent by SystemExperts™ to designated third parties.
Today’s battleground is the application. Whether it's hostile Internet users going after your Website or a rogue employee abusing an internal application, ensuring that your applications are secure requires vigilance.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.