Security Operations

Penetration tests and vulnerability assessments

The best way to protect your network is to break into it. Security management tools can only do so much to effectively gauge the current security levels.
The most effective way to find out where the real threats exist is by breaking the security using the same techniques a malicious hacker would use. By having us follow this approach, you know what points to address before the bad guys get in.

In some situations it may not be desired to take the approach of a full-blown hacker attack. Using the cutting edge of security assessment tools, potential vulnerabilities can be discovered without actually exploiting them. A vulnerability assessment is less intrusive but still offers a good insight into the security levels of an organization.

Web application assessments

Whether you are offering foreign exchange trading, online banking, CRM applications or simple registration forms, we know how to assess your web applications and in most cases, break them. Have us review your application before putting it into production to ensure your data is secure.

Source code reviews

A lot of companies use custom developed applications - created either in-house applications by third parties. Experience shows us that most frequently factors like functionality, speed of delivery and pricing are the key, leaving security as an afterthought.

Additionally, a lot of developers are simply not aware of the security threats their code may introduce. This is an area where we can assist. By reviewing on code level how data traverses your application, we evaluate if your application is secure enough to be taken into production.

OS security configuration benchmark tests

Many organizations do not have the know-how, knowledge or time to invest in hardening operating systems. This is where we come in. Years of experience in assessing IT environments and a thorough knowledge of guidelines and best practices makes us very well suited to provide meaningful metrics on how secure operating systems are. By using a combination of benchmarking tools, best practices and checklists, we ensure the security controls in place are in line with your corporate security policies.

OS hardening for UNIX, Linux and Windows based operating systems

Are you sure your operating systems don’t contain any backdoors? By hardening operating systems during or just after installation, a large number of threats can be dealt with before even connecting hosts to the production environment. We have years of experience hardening operating systems. When we are done, the most obvious ways to gain information and attack operating systems are dealt with.

Implementation of OS audit logging solutions & accountability controls

Securing operating systems is one thing, knowing what actions are being performed on them is another. We have implemented audit and accountability solutions on a large range of different operating systems, applications and are able to help those ultimately responsible, know what goes on in their environment. Be it actions performed by authorized staff or malicious hackers.

Open source solutions for monitoring, central log servers and other open source solutions

In some situations, using operating system standard accountability and audit features may not be sufficient. Examples are companies with extremely sensitive data or a situation where it is desired to monitor those with the highest privilege levels on systems or applications. For these types of needs we have developed custom accountability solutions that we can tailor to each client’s specific needs, enabling those with the ultimate responsibility of the infrastructure to know what is happening.

Oracle hardening and accountability controls

Many organizations utilize Oracle as the database to store their most business critical information. Having been taught by some of the most active and skilled Oracle security professionals in the world, we can assist organizations in keeping their business critical information secure using approaches that surpass the standard Oracle security recommendations by far.

Load tests for web applications

Most organizations use custom-built web applications developed for their specific needs. Having applications perform the actions required is one aspect, making sure they satisfy the requirements of the expected load is another. Using Open Source tools we are able to pinpoint exactly where the bottleneck exists and provide meaningful reports on the performance of custom web applications.

Recruitment of security professionals

Having a thorough understanding of what organizations typically are missing when it comes to security aware staff, we can assist in recruitment of security professionals with the right amount of security knowledge for the environment.

Limiting spam

Spam is an ongoing concern and it is not uncommon for companies to get blacklisted due to spam being sent from their network. Using both low-level, technical, and policy and awareness based approaches we can assist in making this an issue of the past.

Security awareness training

Of course we also deliver training to clients. We can train your staff in all areas in which we offer consultancy. We deliver training to all levels of staff:

•    C-Level staff
•    Technical engineers and operators
•    Typical end-users

Other requirements

If you have any other security requirements not mentioned here, we can develop or find a solution. Additionally, if formal audits are required we are also able to source senior consultants to deliver high quality assessments and help prepare your organization for compliance certification.