Risk Assurance Division -
Network Vulnerability Risk
Get your network scanned for vulnerabilities
Companies are like people — they need to feel secure. Our expertise lies in delivering the protection to today's enterprises Networks.
Security implies the elimination of risk. In the wired world more companies are going online, and finding new risks in the strange jungle that is the Internet — hackers prowling the information highway, viruses are attacking the health of networks, and thieves stealing commercial secrets. This result in systems being brought down, information being stolen or lost, and confidence on transactions taking a beating. But not going online poses an even higher risk: ceding a massive technological and operational advantage to rivals.
Smart companies take care of the second risk by going all the way into online operations. As for the first risk, we take care of it for them. That's what we do: enable companies to join the online competitive fray and reap benefits — without having to fret about the risks involved.
We do this by:
• preventing fraud, loss of revenue and loss of reputation;
• verifying that things are okay, and giving the company peace of mind;
• finding out if it is possible to break into mission-critical systems;
• helping our clients fix holes immediately and assuring long-term security.
Our services:
Vulnerability Assessment
This is an exhaustive methodology that ferrets out the weaknesses and deficiencies, from a security standpoint, in any given system. Organizations across the world have to be sure that their systems will run continuously. Vulnerability Assessments are a critical tool in ensuring this. The idea is to minimize or, better still, eliminate the chance of a security breach. Organizations feel a particular need in this regard when they are shifting their operations or launching new systems. Our assessment criterion is comprehensive, our reports easy to use, our recommendations practical, and our data-collection and analysis procedures fast and reliable.
Penetration Testing is the term used to describe the testing of networks and their components for security weaknesses. This test can be done with practically no knowledge of the network, or as authorized users having restricted awareness of the network. It is conducted remotely — via the Internet on the IP address or URL specified by the client — or at the client site with internal user level access.
There are three aspects to this procedure:
• Light perimeter test — testing the strength of the perimeter from a remote location.
• Full perimeter test — verifying the security of the perimeter, the servers in the DMZ, with remote exploitation of the DMZ, and accessible internal systems.
• Internal test — the 'trusted-insider' test, launched from inside the client's network, with internal exploitation.
Our Penetration Testing service proactively attempts to break into your network to assess your level of security preparedness. This helps us get a hacker's eye view of the system, and it enables you to identify security holes that could be exploited by a remote attacker to compromise your network.
Application Security Assessment: Application Security Assessment is the testing of applications remotely over the Internet for security holes, or the testing of applications at the customer site on a staging server with higher levels of access to the application architecture and documentation. We offer this service in two modes:
• Application penetration testing (remote)
• Comprehensive application security audit (onsite)
Here are few FAQ’s
1. How much lead time do you need to start a penetration test?
The lead time depends on our workload and schedule. We are able to offer flexibility to our clients as we have multiple test centers. We have started tests within 48 hours. Usually most of our customers give us a window of 2-4 weeks to schedule the testing.
2. How long does a typical penetration test take?
The duration of a test depends on the number of IP addresses to test. Testing duration could vary from three days to two weeks depending on the size of the networks being tested. For an accurate time estimate, please request a quote.
3. What tools do you use for the penetration test?
We use a combination of open source, commercial and proprietary tools to perform our tests. You would appreciate that tools are one part of the security testing process. A security test relies on the discipline, creativity and experience of the engineer who tests the network. The tools aid the engineer to collect data and refine the testing strategy; we have invested in all the standard tools required for a successful penetration test.
4. Will the testing affect the performance/availability of my site?
We take adequate precaution to ensure that the performance of your site is not affected during the tests as much as possible. However, security testing can at times affect the performance of one or two servers. If you would like to take extra care for some of your servers, we can test those servers during off-peak hours.
5. What are the documents required to order a Penetration Test?
We need two documents from you to start the penetration test:
• Letter of engagement, accepting us to do ethical hacking.
• Mutual non-disclosure agreement.
6. What does a penetration test report contain?
Our penetration test report contains three parts:
• an executive summary intended for senior management: it highlights the findings and action items from the security test
• detailed findings and action items: a section that describes the vulnerabilities discovered, its impact and how to fix each one
• list of tests performed: a documented list of each test and its results that promises repeatability and consistency
7. Where will my tests be carried out?
The tests can be carried out from remote locations.
8. How do you price your service?
It’s completely free for the above services. We charge only when Bugs are found. A commercial proposal will be given to you to fix the bugs.
So what’s the delay, talk to us, sign the NDA and get your network health scanned at free of cost.
| back |
|
