IT INFRASTRUCTURE

[Download PDF version]

Infrastructure Security

If your business is connected to the Internet, the Internet is also connected to your business! While this includes your customers, partners, and suppliers, it also includes a significant number of "bad guys" who want to get their hands on your data or add your site to their trophy collection. While both hackers and our penetration tools will test your network, we will tell you the vulnerabilities and how to fix them. Let us help you discover and close your security weaknesses before the "bad guys" find them.

Our comprehensive approach to testing includes black, white, and gray box testing.

Black box testing reflects a malicious hacker with no prior information about your infrastructure. We will scour publicly available information from Internet registries, social media sites, hosting providers, and other sources to gather as much collective information to leverage in our penetration tests. Unfortunately, black box testing alone will not provide a complete assessment of your security.

White box testing reflects a hacker with prior knowledge and approved access to your applications. This testing approach ensures that your trusted employees, partners, suppliers, customers, and other authorized entities have access to the data and applications they need to conduct business with you securely. No more and no less. White box testing complements black testing to ensure that the "bad guys" don't get in and those you trust are using the system as approved. This joint testing strategy is typically referred to as gray box testing.

Gray box testing is a sequential process that starts with a black box test. We build upon the results of that test with internal information provided for the white box testing. This step-wise approach provides a comprehensive assessment of your system defenses and permits more specific penetration testing of your critical data and applications.

Featured Security Offerings

HIPAA Compliance

  • Risk Analysis and Management
  • Penetration Testing
  • Re-evaluation
  • Detailed Executive & Technical Report Deliverables

PCI Compliance

  • PCI DSS Gap Analysis
  • Penetration Testing
  • Network & Web Vulnerability Assessments
  • Detailed Executive & Technical Report Deliverables

Digital Forensics

  • Computer Forensics (PC, MAC, Linux)
  • Mobile Forensics (Android, iPhone, Blackberry)
  • Network Forensics (Firewall, Router, Server)
  • Detailed Executive & Technical Report Deliverables

Network Device Auditing

  • Configuration Audit against Security Industry Best Practices
  • Engineering Gap Analysis against Vendor Best Practices
  • Available as a monthly subscription
  • Detailed Technical Report Deliverable

Security Architecture

  • Architecture Design Gap Analysis
  • Multi-year Strategies
  • Consulting on Technology Solutions Selection
  • Detailed Executive & Technical Report Deliverables

Incident Response

  • Incident Response Services0-day & Targeted malware Analysis
  • Quarterly Critical Incident Response Excercises
  • CIRT Policy and Procedure Audit and Creation
  • Proactive Threat Monitoring (One Time or Recurring)
  • REAL Incident Handling
  • Detailed Executive & Technical Report Deliverables

Security Frameworks

  • Security Policy Auditing & Creation Compliance & Certification
  • Consulting
  • Security Awareness & Training Services
  • Detailed Executive & Technical Report Deliverables

Secure Code Auditing

  • Web Vulnerability Assessments Static Binary Analysis
  • Blackbox, Graybox, & Whitebox Assessments
  • Available as a monthly subscription
  • Detailed Executive & Technical Report Deliverables

Winners of FastTrack50 Award

rss Follow Monreal On Twitter Follow Monreal On Facebook Follow Monreal on LinkedIn