Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Transcription

1 Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services Protection of corporate information has been become the determining factor between success and failure in today's global business environment. It could be the difference between beating your competitor to market or assuring that corporate secrets don't leak out, information security has become the most common topic in corporate boardrooms today. But how do you protect your information from threats and vulnerabilities that you don't know exist? Can you rely on your already over extended IT management team to be able to "detect and protect" so that your most important corporate asset is secure? At rewterz, our services platform is designed to work with any organization from the small office to the large corporation. With services tailored to understand your whole organization, not just individual sections, it allows our consultants to develop comprehensive action strategies in the face of ever-changing security threats and existing vulnerabilities.

2 Penetration In today's global business environment, your organization can be at risk from malware attacks to critical denial of service attacks that can cripple your IT infrastructure and grind your business operations to a halt. The advent of sophisticated threats and attacks over the Internet have added to the concerns of organizations globally. Blended malwares, sophisticated attacks, identity thefts, DDoS attacks and financial scams are just some of the predicaments associated with any system connected to the Internet. Testing Penetration Testing (Pen-Testing) is a practice of testing security measures by emulating real-world attacks on the IT infrastructure in question, pretty much like testing a supposedly bullet proof armor by showering bullets on it. Information security personnel in an organization can either learn their weaknesses the hard way by waiting for an attacker from the dark to exploit one of their vulnerabilities or could save their grace with our trusted Penetration Testing service. The Rewterz Penetration Testing service is designed to provide a comprehensive assessment of your information security. We review your infrastructure to understand what devices and applications may leave your network vulnerable to exploitation by real hackers. Our Penetration Testing is based on the most sophisticated hacking techniques and applications to attempt to exploit identified vulnerabilities. Our expert professionals provide a detailed analysis of your network, hosts, databases, applications and wireless infrastructures to identify vulnerabilities and roadmap a security strategy. Our professionals use a combination of automated and manual testing methodologies to locate weaknesses and technical flaws on behalf of our clients. An automatic test involves running specialized software that run through your network for common flaws. A manual test whereas involves in depth examination by seasoned veterans. Due to the complexities of application architecture and business logic, sometimes it is almost impossible to detect vulnerabilities through automated tools and that is where expert penetration testing consultants come in. Manual examination reveals the presence of backdoors, obfuscated parameters and manipulation of programming logic to compromise platform integrity. The penetration test report helps you prioritize remedial action for high risk vulnerabilities. In addition, rewterz also implements solutions to protect against future vulnerabilities. Penetration testing is considered one of the most rigorous tests of an infrastructure s security and stability. Testing involves analysis of each access layer, network, system and application, such as from reviewing the application code of a front-end web application to analyzing the possibility of session hijacking attack on the network.

3 Compliance Review Our Compliance Reviews are to assess your security strengths and weaknesses against international best practices and standards, including ISO 27001, PCI DSS, SOX, HIPAA, and GLBA, and provides practical recommendations to align security with corporate objectives. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security Policies and Processes Security/Privacy Program Management Technical Infrastructure & Security Controls Security Organization & Governance Operational Effectiveness

4 In the fast growing world of application development, the threat of security vulnerabilities in application code is much greater than with corporate networks. Applications that are poorly coded, incorrectly tested or badly installed can put your organization at risk to much more than just information thieves, but to hackers that will be able to exploit the weaknesses in the application code to gain access to your network. Additionally, as more organizations look to develop software internally for their core business functions, less attention is placed on security and more on functionality. Application We have specialized services that works specifically with these risks. We are able to provide core services and understanding to your software development engineers, quality assurance testers and corporate management that all applications will be thoroughly checked for security vulnerabilities and eliminated prior to implementation. Our services start with an Application Code Review to analyze the source code for design and programming flaws, use of vulnerable functions or program constructs to assure overall security in the application. Our Application Security Audit identifies security vulnerabilities by reviewing and testing application security controls. We specifically test for the ability to replay authentication data, exposure of any sensitive data on servers, susceptibility to encryption breaking algorithms and the potential to exploit inadequate input validation controls. We try to break your application to make sure that it can't be done. Our Secure Application Engineering Support will allow for our experts to collaborate with your development team from the technical design stage to ensure correct security controls throughout the development process for technical design, technology selection, implementation testing, deployment and performance tuning. Database Vulnerability Assessment is a focused assessment using automated tools and methods to assess security configurations and the settling of access controls, rights and permissions. As more applications become heavily data driven, the importance of protecting those databases increases exponentially each day. Our assessment delves into your database to identify possible vulnerabilities and risks in: Security Audit User Management System Default settings Policies and Procedures Authentication Methods Use of Encryption System & Object Privileges Operating System Datafile Information Operating System Roles User Profiles Database Roles Distributed Database Features Auditing Backup & Recovery Parameter Files

5 Social It is a widely acknowledged fact that humans are the weakest security link in any information security hierarchy. Seasoned hackers know that it may be easier to convince gullible employees into disclosing their passwords than carrying out sophisticated and protracted brute force attacks Engineering Hackers use diverse approaches to launch these types of attacks including fake phone calls that appear to be coming from the IT department, physical access attempts using fake IDs and phishing s. Rewterz can help you evaluate your organization s security posture against social engineering attacks and raise your employee awareness.

6 Security As companies continue to join the Internet to speed up business processes, the security risk grows accordingly. Today, many companies provide network access to partners, customers and employees nurturing opportunities for people with ill intent. Although these organizations may establish strong perimeter security, it is only a first line of defense. Outsourcing For an organization to effectively protect critical information, it takes more than integrating the latest security technologies. A complete security program including round-the-clock management and monitoring, real-time security intelligence, global infrastructure as well as a team of 24/7 security experts are key elements to keeping pace with today's increasingly complex security threats. Right-thinking companies lower their costs and increase their security by outsourcing to a qualified, forward-thinking team of security professionals. As more organizations invest into data redundancy and offsite business continuity facilitation, smart organizations are looking for the "total package;" Organizations that are able to guide IT procurement, oversee installations of new equipment, monitor and secure our most principle asset: 'business intelligence.' By combining best-of-breed technology with aggressive knowledge-driven security professionals, Rewterz Security Outsourcing service provide 24/7/365 enterprise security management, allowing you to focus on your business.

7 Security Good security starts with resilient infrastructure. When your corporate network has been built and expanded ad hoc, rather than carefully planned and expanded, the potential for incompatibilities, conflicts and exploitation points increases exponentially. As part of our holistic view to corporate security, the rewterz team has designed core consulting services to allow your organization to better understand the risks and possibilities of your technology infrastructure. With our Security Architecture and Design analysis, your corporate technology is assessed against Security Zones Configurations Location of Available Services Use of VLANs Presence of Firewalls or other filtering devices Intrusion Detection and Prevention Infrastructure Network Segmentation Effect of planned modifications and upgrades By analyzing your corporate technology implementation, we are able to identify and plan for the potential threats and vulnerabilities that you will face not only today, but in years to come. Our Security Technology Integration allow us to assist in the planning, design and implementation of new technology into the corporate infrastructure, while assessing the critical IT infrastructure for proper installation, configuration and "security hardening" procedures. We provide an unbiased evaluation of technologies, existing and planned, for your network so that you can better control your corporate resources. Rewterz also offers world-class Incident Response and Forensic services to investigate the theft of intellectual property, fraud, employee harassment or inappropriate use of network resources. Through forensic media analysis, data mining of system data, network monitoring and digital intelligence services, we are able to leverage the industry's best practices to provide a complete and measured response to any security breach. Our incident response team provides onsite assessment, forensics, and corrective services should they be required. For larger breaches, such as worms, spiders and port sniffers, we deploy a team of experts to oversee and drive containment and recovery activities. Due to our expertise in IT security, our consultants are also able to provide expert witness testimony for companies involved in legal proceedings, including assistance in identifying and locating digital evidence relevant to the investigation through data mining, network monitoring and forensic media analysis. Consulting

8 Security Most corporate security programs are conglomerations of business, technology initiatives, market risks and government regulations that together determine the effectiveness of your IT management team. The most effective way to effectively manage your IT security is through the implementation of tailored security policies and programs. However, in most organizations, the process of developing policies and programs is done ad hoc without ever knowing the corporate objectives; thereby implementing security procedures that may hamper your future requirements by not properly planning for today. Starting from analyzing your existing policies and standards against industry standards, benchmarks and best practices to helping you develop Incident Response teams to actively monitor and respond to identified threats and vulnerabilities, we make sure that you are prepared. By working in close collaboration with your IT and corporate management to understand your short-, medium- and long-term objectives, we are able to develop and implement security policies that facilitate your organization's growth while mitigating the potential for future vulnerabilities. Our Policy & Standards Review provides our consultants the ability to evaluate the effectiveness of your existing security policies & standards against industry standards, benchmarks and best practices. The Program Review and Development allows our organizations to lock arms to better combat network security problems. By providing a prioritized Security Roadmap that includes all corporate security objectives, an effective communication/awareness program and the development of targeted responses to security and privacy challenges, your organization can more adequately deal with the ever-changing threats and methods that are used to gain access to corporate information networks. Incident response and Disaster Recovery are the two more critical IT challenges facing every business. When your network is at risk, your IT department is over stretched in trying to control and contain current problems that when incidents like virus and DOS attacks occur, we are rarely able to confront them ourselves. At rewterz, we work closely with your IT management team to develop and implement methodologies to evaluate, investigate, escalate and contain all incidents before they can threaten your information We provide core services in Disaster Planning and Recovery by assessing your current business continuity plan to assess if it effectively provides for immediate restoration of data. By working in collaboration with your IT management team, rewterz is able to identify possible weaknesses in the continuity plan, including technical infrastructure that could cause delays during the disaster recovery process. Our goal is to assure that your organization has all the tools to resume operations immediately. Policy & Program

9 Training The only way to assure that the effort that you put into developing your corporate security policies and processes will be followed and maintained is through proper training and awareness for your entire staff, not just your IT management teams. By employing a "Train the Trainer" methodology, we are able to create "Security Experts" within your organization who takes responsibility for making the whole organization aware of the "soft spots" through customized training and workshops. In addition to core security awareness trainings, our holistic service delivery model specifically educates your IT teams on various information security topics, such as intrusion analysis, incident handling, computer forensics, ethical hacking, malware analysis and many more. We equip your team to face tomorrow's challenges today.