93% of large organisations and 76% of small businesses

Transcription

1 innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause. Safeguard your organisation from malicious intent with CREST-certified Inner Security. Information security penetration testing you can trust. * PwC Information security breaches survey 2012

2 The estimated* costs of security breaches in the last year Billions the total cost to UK plc of security breaches 110k - 250k the average cost of a large organisation s worst security breach 15k - 30k the average cost of a small business worst security breach Penetration testing is increasingly becoming a pre-requisite in obtaining cyber security insurance. * PwC Information security breaches survey 2012 Only 38% of large organisations ensure that data held by external providers * PwC Information security breaches survey % of small businesses don t carry out any checks of their external providers security. ** is encrypted. ** **Information security breaches survey Technical Report **Information security breaches survey Technical Report

3 A single information security breach can compromise customer data, harm an organisation s reputation, damage the goodwill you have worked so hard to build and hit your bottom line. Inner Security can protect your organisation against security breaches and cyber-attack, avoiding costly network downtime and preserving your corporate reputation. Our qualified and fully certified penetration testing experts identify risks before security breaches occur, enabling areas of IT security weakness to be addressed before any incidents occur, before revenue is lost, before corporate reputation is damaged and without the need for costly emergency IT remediation. What we do Information security penetration testing is at the core of our business. Network Infrastructure penetration test (Internal/External) Identifying vulnerabilities such as full administration access gained through the exploitation of running network services. Application penetration test (Internal/External) Testing for example, that administration access cannot be achieved through by-passing authentication procedures. Wireless Penetration Test Attempt to gain access to your wired network through rogue access points in the wireless network. VOIP Penetration Test This will identify any routes from your VOIP network into the main IT network (this can allow external access into your IT infrastructure). Internet exposure penetration test (Information Disclosure) Testing for sensitive company information that may be available on the internet. We also provide a broad range of complementary information security services including Vulnerability Assessments; Business Impact Reporting; DNS Security Testing; Alerting, and associated Security Support. Social engineering assessment Testing employees' susceptibility to disclosing sensitive company information. Routine security monitoring at a large public body detected confidential data was being leaked via social media. Staff were not aware of the data protection rules or the security risks associated with social networks, and the organisation responded by running extra staff training.* *Information security breaches survey Technical Report Physical security assessment Testing the robustness of the access mechanisms that protect company assets. On-host and infrastructure security test mapped to security policies Designed to reveal missing patches, blank passwords and other vulnerable areas of security settings, this test also examines the implementation of the company security policy at a technical level.

4 VPN (virtual private network) assessment Testing for flaws in authentication mechanisms and the configuration state to ensure that network boundaries are not compromised by the external VPN. Code review These tests look for 'back doors' into your system, such as buffer overflows and developer hooks that could lead to systems being compromised. Firewall assessment technical and physical audit review We test your firewall effectiveness to ensure it meets the standards set by security policies. This can prevent dangerous services traversing the firewall from the internet. Attackers succeeded in overloading the internal systems at a large financial services provider by bombarding its website with automated quote requests. * *Information security breaches survey Technical Report Mobile device assessment (including Bring Your Own Device) Testing mobile devices for assurance of data security can ensure that sensitive data is properly encrypted. This protects you against data compromise in the event of loss or theft of the device. Inner Security s penetration testers have been involved with our project from an early development stage, which enabled our team to have a high level of security advice and guidance throughout the whole process. Senior Development Manager, Public Sector Denial of service assessment This assesses the resilience of your network to attack from external sources, for example a DDOS attack. This type of attack can render your services unable to operate effectively. A large public body in the Midlands was infected by malicious software on removable media. Routine security monitoring picked up the infection and the malware was quickly removed.* *Information security breaches survey Technical Report

5 Professional Security Services. Inner Security also offers a range of professional services to safeguard and enhance the compliance of your IT infrastructure. This includes: ISO27001/2 Assessment (Audit) PCI DSS Assessment (Audit) Assessment to ensure compliance to critical standards. Information Assurance - HMG CLAS Providing business driven advice on the management of information risk. Influencing the design of information systems to meet security requirements and assessing compliance with security policies and standards. Network Security Infrastructure Design This can be implemented either at the start of a project or at any time during the infrastructure life-cycle. Application Security Design Security design is implemented in a phased approach that integrates with the development life-cycle of the application. Inner Security s Vulnerability Assessment gave us a great view of our estate and identified a number of issues that we didn t know we had. The report was completely accurate, with no false positives, and the advice we received was invaluable in prioritising what needed to be fixed. Infrastructure Manager Security Solutions Design / Assessment Conducted as a cost saving exercise to integrate solutions functionality or to enhance infrastructure security by identifying the correct security solution mapped to the business requirements. Network Forensics Network Forensics is the detailed monitoring and careful analysis of computer network traffic for information gathering, legal evidence or intrusion detection.

6 Inner Security Vision (ISV) ISV is our managed service, which enhances your existing security operations. It will complement or replace solutions already in place, so that you will receive a more comprehensive service at a more affordable price. Core services our basic package, designed to meet your needs, includes: On demand vulnerability assessment Zer0day vulnerability alerting service DNS Security testing service Availability monitoring (uptime) Response time monitoring Security Support and assistance (on/off-site) Additional Plug-in Modules we can add bespoke solutions as required, including: Daily/weekly/monthly/quarterly vulnerability assessment Functionality testing (i.e. ensuring shopping basket availability) Web Domain anti-phishing alerting service Web defacement (content changes) alerting service Denial of Service identification Additional on-site security remediation support per 12 hours Inner Security is a leading CREST-registered and fully accredited information security services provider, renowned for our excellence in penetration testing critical government and large corporate systems. We are proud of our track record in delivering business value to our prestigious blue chip client base, which includes FTSE 100 and FTSE 250 companies from a diverse range of business sectors -- including finance, retail, information technology and telecommunications as well as a number of important Government departments. Inner Security does not employ a sales force. Our business is built upon our strong reputation within the security services industry and the development of long-term client relationships based upon mutual trust and respect. We initially engaged Inner Security for our Infrastructure penetration testing, as part of a larger project. We were immediately impressed with their quality and speed. They have since done further projects for us and we have now adopted more of a valued partner relationship. IT Director Global Services Provider Inner Security - 5 Blotts Barn, Brooks Road, Northants, NN9 6NS T: E: info@inner-security.co.uk W: