Every year that statistics have been kept, the number of computer crimes have only increased year after year.  Time and again there are reports of major security breaches at banks, payment processing centers, and insurance companies.  But what about YOUR business?  Are your defenses up to par?  If you've spent a fortune on high priced security software, devices, and procedures, you'll want to know you are getting the level of real, tested security you paid for.

       A veteran security specialist proficient with the most current methods of hacking can evaluate your systems to find vulnerabilities, unpatched systems, misconfigured settings, and weak passwords all of which can place your company's IT assets at risk.  We offer 2 types of security testing services to best meet your needs.

       Vulnerability assessment is a "soft" scan of computers, servers, and network devices on your network with industry recognized scanning software to uncover unpatched and vulnerable systems, combined with data collection about system configuration and network permissions to give a comprehensive view of the overall level of security.  In this type of scan, no systems are actually breached, no passwords compromised, and there is no disruption to the systems being scanned.  Because this is a less invasive procedure it is faster and therefore less expensive, but still able to turn up major areas of concern to be addressed.  A vulnerability scan includes:

We use automated mapping tools to identify systems on your network, OS version, patch level, services running, and open ports.  We then compile these results into a list of potentially vulnerable systems.

Since all automated scanners include errors, both false positives and false negatives, we take the extra step of verifying that the systems reported are actually vulnerable.  We also take into account whether or not the reported vulnerability is mitigated by other security measures in place.

We map out permissions in your network environment and identify areas and systems where permissions may be abused to give unauthorized individuals, either internal or outside the organization, access to data and systems they should not have access to.

We analyze the data collected and use our expertise to determine the full scope of the vulnerabilities discovered and the potential impact to the organization.  We determine which vulernabilties are most likely to lead to a compromise and rate them based on risk and difficulty of remediation.  High risk, easy to fix vulnerabilities are prioritized so you can spend your limited security budget most effectively.

At the conclusion of the assessment we will provide a detailed reports of the vulnerabilities discovered, ranked according to risk and cost, along with our recommendations not only on how to fix the specific problems uncovered but also changes to be made to the overall security posture to prevent new vulnerabilities from developing.

       Penetration testing is a "hard" scan of systems, servers, and network devices using the same techniques a real hacker would use to gain access to your network.  A security expert will perform in-depth, real world tests to not only identify vulnerable systems but actually exploit them and gain access to privileged information and systems. 

       We work closely with you to determine the focus of testing, whether to compromise critical servers, privileged accounts, or sensitive data and to make sure our activities have a minimal impact on the functioning of your business.  Testing may be done either with the full knowledge and co-operation of the IT Dept. or without their knowledge to test incident response procedures and verify that IDS logs are being properly checked.  You are free to limit the types of attacks we engage in and targets, but the full listing of what we have to offer is:

       At the conclusion of the penetration test we will provide a detailed report of all activities including systems penetrated, accounts compromised, methods used to gain access, and proof of access in the form of screenshots, passwords, and data files.  All the information your IT Dept will need to close the loopholes uncovered during the test and prevent a real attack.

       Penetration testing can be a real eye opener for companies that have a false sense of security.  But the question is whether you would rather have a "white hat" hacker penetrate your network and give you a report after, or a "black hat" hacker who you won't find out was there until the damage is already done.

       If you'd like to set up an appointment to discuss our Vulnerability Assessment or Penetration Testing services, please call us at