Focusing on information security can be a competitive advantage in the marketplace and minimizes potential legal risks to your organization. Making information security a priority within your organization also demonstrates to employees that management understands the importance of protecting its most valuable asset - information. As a result, Netsecuris provides several information security-focused consulting services that can be customized to your specific requirements.

Managed Information Security Services

Netsecuris can provide managed information security services to its clients utilizing Netsecuris’ 24x7, 365 days Information Security Operations Center (ISOC). These services include:
  - Unified Threat Management (Managed Firewall)
  - Managed Network Intrusion Prevention
  - Managed Internal Network Security Monitoring
  - Managed Security and Event Log Monitoring
  - Managed Email Security
  - Managed Data Backup/Restoration

Network Perimeter Intrusion Assessment (Penetration Testing)

The Network Perimeter Intrusion Assessment is designed to aggressively test the data network perimeter (Internet) to identify exposure to security breaches from outside the network. Netsecuris provides much more than a simple automated vulnerability scan. Netsecuris’ expertise is essential to identify chains of vulnerabilities that could expose data, something that is not possible with a standard vulnerability scan. Completeness is a critical objective when securing the network perimeter, therefore our testing approach is designed to search your entire infrastructure to identify rogue gateway entry points, including Internet, VPN, dial-up, wireless, etc.

Network Perimeter Intrusion Assessment – Wireless (802.11) Services

Similar to Network Perimeter Intrusion Assessment, completeness is a critical control objective. We begin by documenting the external visibility of any 802.11 wireless signals which propagate beyond the boundaries of your facilities. This technique is referred to as “war driving”. Our scanning tools identify all wireless (802.11) devices within range – known and unknown. Security measures in place are identified (encryption, cloaking, existence of default configurations…) and rigorously subjected to intrusion testing using manual and automated techniques including attempts to break encryption; perform password and encryption key dictionary guessing attacks; monitor traffic through “man in the middle” attacks; and take control of access points and client devices.

Internal Network and System Vulnerability Assessment

Systems on an organization’s trusted internal network frequently do not receive the same level of attention in terms of security configurations and system updates as do Internet facing perimeter systems. This Assessment represents an in-depth technical assessment of the key devices (including domain controllers, file servers, email servers, production servers, routers, switches, etc.) that reside on your trusted business network. The assessment identifies risks and profiles what is possible (i.e. accessible) to an attacker who breaches the perimeter, or an employee who chooses to see what they can get to within the network. Netsecuris’ Internal Network and System Vulnerability Assessment is designed to confirm that your network is reasonably protected from these types of threats.

Social Engineering Assessment

The Social Engineering Assessment takes each security assessment beyond a purely technical assessment. It mimics the real-world techniques of hackers and con-artists intent on profiting from gaining access to resources by taking advantage of human tendencies to trust others in combination with a potential lack of awareness relative to information security policies. The goal of social engineering is to use non-technical methods to trick employees into providing sensitive information (such as user accounts and passwords) or access to systems (such as access to a data center) that can be used in a malicious attack.

Security Policy Review and Development

Netsecuris’ information security policy review and development services are intended to assist clients with the development of written information security policies to comply with regulatory agencies and other governing regulations. Policies are typically established based on the outcome of a risk assessment including consideration of administrative, technical and physical controls that are in place to protect information that is either electronic or on printed documents.

Regulatory Compliance Gap Assessments

Netsecuris provides information system/information security assessments to specifically determine a client’s ability to meet or exceed regulatory compliance with Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley 404, the Health Insurance Portability and Accountability Act’s Security Rule (HIPAA), and other regulation affecting an organization’s information systems/information security infrastructure. These assessments are not an attestation to a client’s systems actually being in compliance with regulation but rather a synopsis of any gaps that might cause the client to not be in compliance with regulation.

Security Awareness Training

Netsecuris’ Information Security Awareness Training is customized to your organization’s needs, based on real-world examples employees can visualize, understand, and consistently use in their every day practices. Building on the findings from each of the three intrusion services (External, Internal, and Social Engineering), we provide specific examples of how an attacker will try to compromise the organization. We will teach them how to recognize social engineering as it occurs, and how to react so that the attack is thwarted without compromising sensitive information.

Information Systems/Information Security Infrastructure Design Services

Netsecuris can provide a wide range of infrastructure design services to its clients. These services include:
  - Network router and network switch implementation
  - Anti-virus/anti-spam/anti-spyware implementation
  - Microsoft-based server hardening
  - Secure network design including Microsoft Active Directory