How to Choose the Right Cyber Security Company
How to Choose the Right Cyber Security Company – Cyber Crime reached $3 trillion in 2016. In 2015 it was $500 billion. The reason for this is likely because most cyber security experts are not hackers or capable of thinking like hackers and are therefore unable to think of the many different ways in which hackers can break into your network. Most cyber security companies use one commercial vulnerability scanner to scan the inside of a network. What about the outside of the network? This is the way in which hackers are getting in. The most important thing that one should understand is that many commercial and popular vulnerability scanners that professional security companies use, are not the same vulnerability scanners that hackers use to hack into your website or network. A security company that can truly keep your networks safe will use multiple tools including the same scans used by hackers, allowing them to find the same access to your networks that hackers might find and securing them immediately.
- Red Team Assessments – Test how well your people, processes and technology protect your critical assets.
- Penetration Testing – Identify and mitigate security vulnerabilities to close off avenues of attack.
- Security Program Assessment – Get informed, expert recommendations to improve your security program.
- Industrial Control Systems Healthcheck – Reduce security vulnerabilities in SCADA and ICS environments.
- Response Readiness Assessment – Evaluate and improve your ability to detect, respond to, and contain advanced attacks.
- Tabletop Exercise – Evaluate your incident response plan against scripted scenarios.
- Cyber Insurance Risk Assessment – Obtain a quick, high-level analysis of your organization’s risk level based on the C.O.P.E framework.
- Mergers & Acquisitions Risk Assessment – Conduct due diligence on cyber security for merger and acquisition targets.
1 Vulnerability Test From The Inside: HTCS Uses Five Different Vulnerability Scanners To Check Multi-Platform Such As Windows®, Mac OS®, Linux®; And iOS®, Android™ And Windows Phone Devices That Connect To The Exchange Servers, Across All Environments, Including Virtual Machines, And Analyze Your Network's Security Setup And Status.
o Vulnerability Scanning Including IPv4/IPv6/Hybrid Networks
o Un-Credentialed Vulnerability Discovery
o Credentialed Scanning For System Hardening And Missing Patches
o Meets PCI DSS Requirements For Internal Vulnerability Scanning
o Virtualization VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server
o Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries
o Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
o Control Systems Auditing: SCADA Systems, Embedded Devices And ICS Applications
o Sensitive Content Auditing: PII (e.g., Credit Card Numbers, SSNs)
2 Penetration Test On One Public IP Address 3 Vulnerability Test From The Outside:
Scan up to Three Public/Outside IP Addresses To See If There Are Any Vulnerabilities In Your Firewall, By Using Five Different Firewall Scanners.
o Firewalls/IDS/IPS/Routers/Switches Such As Cisco, Check Point, Juniper, Palo Alto Networks
4 Threat Scanning:
o Botnet/Malicious, Process/Anti-Virus Auditing
o Detect Viruses, Malware, Backdoors, Hosts Communicating With Botnet-Infected Systems, Known/Unknown Processes, Web Services Linking To Malicious Content
o Compliance auditing: FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, SCAP, SOX
o Configuration auditing: CERT, CIS, COBIT/ITIL, DISA, STIGs, FDCC, ISO, NIST, NSA, PCI
5 Vulnerability Test - Website: (Without Damaging Or Making Changes).
This Will Include:
o Testing of Extraction Username
o Testing of Extraction Email Address Gathering
o SQL Injection Test
o Cross Site Scripting Testing
o Testing of Extraction Phone Numbers
o Testing of Extraction Fax Numbers
o Find Every URL On A Target Website
o Testing of Extraction Of Sensitive Documents
o Testing of Extraction Of Financial Information
6 Website Penetration Test:
o Extract Username
o Email Address Gathering
o SQL Injection
o Cross Site Scripting Attack
o Extract Phone Numbers From A Target Website
o Extract Fax Numbers From A Target Website
o Extract Sensitive Documents
o Extract Financial Information
7 Information Gathering: HTCS Will Use Custom Search Filters To Find Any Information On The Internet That Can Be Used To Map Your Network. 8 Wifi Vulnerability Test:
o Checking To See If Private SSID's Are Broadcasting
o How Far Clients Wifi Is Broadcasting
o What Security The Wifi Is Utilizing
9 Penetration Testing: One Wifi Router 10 Physical Vulnerability: HTCS Will Try To Gain Physical Access To Your Network, Without Being Detected. 11 Social Engineering - Phishing: This Service Will Check To See How Many Employees Will Click On A Link From A Spoofed Email. It Also Provides Proof That Your Spam Filter Is installed And Configured Correctly. 12 Social Engineering Pen Test: HTCS Will Try To Gain Access To Your Network By Sending Phishing Emails, Telephone Spoofing And Other Techniques To Your Employees. 13 Voicemail Hacking: HTCS Will Try To Hack Up To Five Cellular Voicemails Provided By The Client. 14 Theft Security: HTCS Will Deploy Several Techniques To See How Many Devices (Desktops, Laptops, Cell Phones And Tablets) Are Vulnerability To Theft. 15 Network Sniffing: HTCS Will Try To Sniff Network Traffic From A Low Level Employee To See What Data Can Be Intercepted.