IT Security Assessments
Are you secure? Is your network secure?
The truth of the matter, this question cannot be answered with any degree of certainty unless your systems are either compromised, or preferably assessed/tested for vulnerabilities. IPConnectX offers a variety of services to evaluate the hardened stance of a “secured” IT infrastructure, serving to validate or invalidate the perceived security posture.
A vulnerability assessment is a process that defines, identifies and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability assessments can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are implemented.
Full Vulnerability Assessment
During a full network vulnerability assessment, a security engineer will scan the external network by looking for any known vulnerabilities that exists in your infrastructure. The engineer will further test to attempt to rule out any false positives. We will conduct social engineering, testing the company’s employees for adherence to information security/privacy best practices. Often, employees are not properly trained on information security and social engineering testing will validate their training (Custom professional service engagements can be crafted for your specific security needs). Finally, the assessment will include a compliancy audit, ensuring the organization is complying with any relevant regulations or standards like; GLBA, HIPAA, PCI-DSS, or ISO27001. These assessments can be conducted on-site or remotely, with on-site assessments also including a physical security review.
Download a sample assessment report:
Network Penetration Testing
Network penetration testing is taking a vulnerability test to the next level and is a close simulation to a real-world hack available. During a network penetration test a security engineer/ethical hacker will first scan the network for vulnerabilities and exploit those vulnerabilities to gain access to systems. From there the engineer will gain access to sensitive information or if allowed by the SOW, leave a marker to prove that they gained access. In many penetration tests, we will use a tactic called “Pivoting” to gain access through the perimeter on non-sensitive system and launch attacks on critical systems from the non-sensitive system behind the firewall.
Web Application Penetration Testing
Many companies have custom web apps that were developed in house or by a third party. These apps are typically not tested before they are deployed to see if any security holes exist. During a web application penetration test our security engineer/ethical hacker will attempt to gain access to the application as an authenticated user, using various testing means to attempt to extract or manipulate data in the application. It is best practice to have a web application penetration test before deploying any new applications.
- Confirm infrastructure security posture
- Meet compliance (Requirements of GLBA, HIPAA, PCI-DSS)
- Find security flaws
- Validate incident response procedures
- Get familiar with the process through findings on your own network
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology to C-level management, investors, and customers
Carve servers processing powers to multiple smaller partitions and take full advantage of your investment
Not all businesses can host their server infrastructure locally, such solutions can overcome this type of problem.