|
|
 |
||||||||||||||
 |
||||||||||||||
|
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
 |
||||||||||||||
|
|
Although security services are almost always highly customized, sometimes it is helpful to see the spectrum of available services as you go through the process of determining what you need. Below, we describe some of the services we perform most frequently. Perhaps combination of them or a derivative of one of them is right for you.
We have organized our standard services into three areas. Click on any of the following names to go directly to that section:
"Security Strategy, Analysis, & Compliance,"
"Hands-on Activities," or
"Best Practices."
Security Strategy, Analysis, & Compliance
Security Leadership
Our advice to senior management focuses on security as an enabler; how appropriate security can make businesses more successful and allow them to offer services or streamline processes to stay ahead of their competitors.
We advise organizations on some of the thorniest issues they face and you can be comfortable knowing that our strategic advice is always well grounded in practical business and technical reality.
SystemExperts has a distinguished track record of thought leadership in the security field. We provide our clients with both strategic and practical guidance, providing them with the insight to see over the horizon and embrace and profit from change while avoiding the costly mistake of chasing technology for technology�s sake.
ISO 17799/27002 Compliance Program
The roadmap to comprehensive and cost effective security: SystemExperts's ISO 17799/27002 Compliance Program is a structured methodology designed to help companies build comprehensive and cost effective enterprise security programs, ensuring that security resources are applied wisely, and efforts are focused on activities that will reduce real business risk.
PCI
SystemExperts is a Qualified Security Assessor Company (QSAC) and its staff members are recognized as Qualified Security Assessors by the Payment Card Industry (PCI) Security Standards Council.
The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International to enhance payment account data security.
SystemExperts PCI Compliance Program includes services to help our clients expeditiously and cost effectively progress through the entire compliance life-cycle.
Security Strategy & Architecture
Organizations are coming to understand that security involves more than just deploying a firewall. We have helped many leading companies develop practical overall security strategies and architectures based on a defense-in-depth philosophy. We help our clients with perimeter security, cryptographic services, intrusion detection & intrusion analysis, authentication, authorization, and system integrity and host security in a coherent and manageable way.
Accelerated Security AssessmentsSM
SystemExperts uses this Accelerated Security AssessmentSM methodology in a wide range of services including:
Intrusion Detection and Event Management
Microsoft Technology
Internet Application Single Sign-On (Portals) -
These different models make the customer experience for your company unnecessarily complicated and cumbersome. The redundant and overlapping software and the inevitable interoperability problems increase the time, cost, and complexity of your development cycles.
SystemExperts has worked with many organizations to help them analyze their sign-on, authentication, and authorization requirements and to develop practical plans to consolidate and standardize their access models. These projects have resulted in significantly improved user experience and dramatic long-term development and operational cost savings.
Username and password, two-factor, biometrics, or PKI, SystemExperts can assist you in selecting and implementing the authentication technology that is right for your business.
Security Policy & Best Practices
Emergency Security Incident Response
Hands-on Security Assessment
These assessments include:
Physical Security and Social Engineering
Security Blanket
SM
You'll be able to sleep at night knowing a team of security experts is on your side and watching your back.
The SystemExperts Security Blanket is structured as an ala carte menu of services so you pay only for the services that you need. The services fall into three categories:
The services consist of routine activities (simple best practices) that every company knows it should do regularly, but too often are unable to perform. The services are structured to minimize the burden they place on your staff - in many cases, only exceptions or alerts are reported.
The fees for the Security Blanket Service are structured as a modest monthly retainer - you'll be surprised how modest. The price varies depending on the size and complexity of your environment, the details of the specific services you'll need, and whether you have selected a 1, 2, or 3 year term.
Incident Response "Scrimmage" Training ExerciseSM
At the conclusion of the incident walk through, SystemExperts leads an informal Lessons Learned session in which the good, the bad, and the ugly of the Incident Response Scrimmage are reviewed and improvements are discussed in a collegial atmosphere.
Windows, Linux, and Unix Evaluation and Hardening
Service Bundles for Small to Mid Size Companies -
Stolen Laptop Analysis
Wireless Security
Education & Training
VPN Design and Assessment
Custom Security Tool and Specification Development
Using our innovative and highly interactive Accelerated Security AssessmentSM methodology, our consultants will work with your team to perform a quick but comprehensive review of the security of applications or systems in their full environmental and business context and help you to understand and apply industry best practices. You may use this as the jumping off point for planning and prioritizing security initiatives. Our clients value both the short duration and the immense knowledge transfer that occurs during these intense Accelerated Assessments.
In security, it is axiomatic that what you can't prevent, you must detect. SystemExperts has helped dozens of companies (including several of the largest companies in the world) develop comprehensive intrusion detection plans and implement them. The programs include tools and products to instrument systems, to defining attack signatures, to defining the administrative escalation path and public relations plan for various types of incidents. Intrusion detection and event management can range from very simple to very complex- we find that our clients often benefit from starting at the simple end.
Our staff literally wrote the book on
Windows 2000 security
(Osborne McGraw-Hill). Whether your project calls for securing a critical individual system, deploying secure Microsoft IIS servers, developing a migration plan from older Windows technology, or trying to figure out how to properly use Microsoft's Active Directory and Group Policies to manage large numbers of systems, we have the experience to be a critical partner in your success.
Authentication and Authorization Models and Technologies
The business imperative of the Internet has forced many business units within larger organizations to deploy Internet services and applications that meet their own requirements for user sign-on, authentication, and authorization that are different than other business units within the same enterprise. This fragments the corporate image and customers actually interact with separate business units in different ways.
Security starts with understanding the underlying business and regulatory requirements. Security policy is the means by which these requirements are translated into operations directives and consistent behaviors. We regularly assist organizations in developing security policies. For organizations that already have policies in place, we often assist in updating those policies. In addition, we frequently assist clients in identifying where their current security practices, policies, or procedures are at variance with best industry practice.
Hands-on Activities
If you are under attack or suspect you have been hacked, call us. We can help you. We perform this service frequently for leading Internet and Wall Street firms.
Today's information intensive companies increasingly rely on their IT infrastructure to link various business units, remote operations, strategic partners, and customers, and to provide access to resources available on the Internet. Unfortunately, it is easier than ever for hackers, competitors, or disgruntled employees to compromise your environment. The prudent thing to do is to find and remedy security vulnerabilities before they are exploited by someone else. SystemExperts performs a wide range of hands-on assessments intended to uncover these vulnerabilities.
As a skillful outsider on the Internet, we focus on vulnerabilities related to your web applications themselves.
As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services.
While Internet based attacks are getting the headlines, hackers continue to use direct dial attack techniques to do significant damage to companies.
Many organizations deploy standard builds to support key Internet accessible services or environments. It makes sense to assess the security hardening of these standard platforms.
In many organizations the configuration of the firewall(s) is constantly being changed to accommodate new applications, evolving access requirements, or changes to the network. Most organizations do not know if their firewalls are properly configured.
Some of the most visible hacker attacks of the recent past have been denial of service attacks. We can help you identify how vulnerable you are to such an attack and help mitigate the risk of becoming a victim.
Large organizations often lose track of the IP-based services they are exporting to the Internet. Periodic remote scanning of their external address space enables them to better manage their exposure.
Most organizations don�t have control over their wireless resources. Our Wireless Service Inventory will enable you to understand whether you have a problem or not and to formulate appropriate controls and policies.
The best security mechanism can be undermined by poor staff practices � leaving the door to a secure area propped open or divulging private information to a stranger. Education and ongoing security awareness programs are the means to address this problem, but many organizations find it difficult to justify such expenditures. SystemExperts�s Assessment of Non-IT Security Controls SM service systematically tests the effectiveness of your controls, providing you with an easy to understand report card. This service consists of two parts: a physical site assessment and a social engineering assessment.
Best Practices
Computer and network professionals have to deal with a world where intruders really are lurking in the dark just waiting for the opportunity to pounce. SystemExperts offers a package of security services that will give you peace of mind.
Intrusions and security breaches are a fact of life. Unfortunately, many organizations are ill prepared to deal with them. While there is no short cut, there is an efficient methodology for structuring that preparation - SystemExperts�s Incident Response Scrimmage. As the name implies, this incident response table top training exercise follows the time honored technique that is ubiquitous in sports training. A small team of SystemExperts consultants develop, in advance, a set of relevant attack scenarios with an organization and then the SystemExperts�s �coaches� observe the attack identification and resolution process. The �coaches� jump in and stop the action whenever mistakes are made. After the coaches have explained the mistake and outlined the correct course of action, play resumes.
As more organizations move to standardized builds, it is important to ensure those base platforms are appropriately hardened. We can help evaluate the true security stance of those systems, as well as assist you in hardening them to appropriate levels. We can also assist in evaluating the security ramification of the administration techniques and tools you may be using.
Defense in Depth Services
As smaller organizations increasingly adopt a defense-in-depth approach, they find that their annual security checkup needs to cover a broader range of issues. The same is true for organizations needing to demonstrate Sarbanes-Oxley or HIPPA compliance. Many also find that combining the a la carte price for each required security service quickly becomes prohibitive � especially since only limited reviews are needed in many instances. In response to our clients� requests for such cost effective bundles of services, SystemExperts has developed three packages to provide accelerated security assessments from your network perimeter through your web applications: Silver, Gold, & Platinum. Consistent with all SystemExperts�s services, the assessments are well grounded in your business context.
Organizations expend considerable effort to secure their internal networks, key computing resources, and connections to the Internet. Few recognize that a significant amount of their most proprietary information, the information of most value to competitors and investors alike, is traveling around the country on the largely unsecured laptop computers of road warriors and senior executives. SystemExperts's laptop analysis will help you to understand the potential risk of a lost or stolen laptop and what measures to take to mitigate those exposures.
Wireless technologies are being adopted at a rapid rate. Whether used externally to extend corporate services to employees using hand-held devices, or internally, to replace hard wired networks, most of these deployments are not adequately secured. Our consultants are leaders in this important technology. They will be able to help you take advantage of the new wireless capabilities while ensuring that your resources, assets, and confidential information are properly protected.
Our consultants are frequent speakers at conferences around the world. Our courses on penetration testing, wireless security, secure electronic commerce, intrusion detection, VPNs, and Windows security are among the highest rated because our consultants bring years of practical experience to bear. We also offer these courses directly to our clients.
Concepts, Administration, and Security
VPN technology offers the promise of increased security and reduced costs. Unfortunately, most companies start by choosing a VPN product and then backing into the design. All too often, this results in a solution that doesn't satisfy critical business needs, that opens an organization's private network to unnecessary risks, and that prevents effective intrusion detection. SystemExperts has no vested interest in recommending one VPN product over another. We will help you design a VPN that will meet your business and security needs and help you to select the right VPN products to implement it. If you are already moving down the VPN path, SystemExperts can review your current approach to help you ensure that the project will be successful.
Most organizations have learned that using off-the-shelf security products, wherever possible, is a good approach. Occasionally, standard tools just don't satisfy critical functional or business requirements. When that happens, call us. SystemExperts has an extensive track record in developing custom security tools and specifications to meet the demanding needs of our clients. Examples of such software and specifications include: a log collection, filtering, analysis, and reporting tool; intrusion detection client code to instrument NT and Linux systems to integrate into an enterprise-wide IDS; an automated web based initial password generation and distribution application that integrates with getAccess; a tool to add strong authentication to a security-weak network application; and a specification for an http gateway.
|
|
|
|
 |
New York | Boston | Washington | Boca Raton | Chicago | San Francisco
Call 1-888-749-9800
Copyright SystemExpertsTMCorporation, 1995 - 2008.
All rights reserved. All trademarks used herein are the property of their respective owners.
Legal notices.