Vesque Partners provides several levels of security auditing services to determine your company's exposure to outside attacks through its LAN, WAN, internet usage, or Intranet. One or more of the following audits can provide very cost-effective evaluation and procedures to provide you with complete confidence in the security of your essential data resources.
External Security Audit
Our External Security Audit includes a wide range of scans and tests that can be performed to detect existing system and equipment vulnerabilities. Based upon the results of the External Security Audit, we will recommend and provide Security Remediation Services to help you make necessary hardware and software configuration changes to secure your site. To help eliminate problems such as virus outbreaks, unauthorized LAN traffic monitoring, and other internal security issues, we can provide an Internal Security Audit. If an authentic test of security is desired we can execute actual attacks and break-ins to expose security inadequacies within your network.
An External Security Audit will test your network devices and servers for vulnerability to a wide range of exploits, viruses, worms and other common Internet attacks. Upon completion of the audit, Vesque Partners will meet with you and provide you with a detailed report containing the test results and remediation recommendations. Typical completion time for an External Security Audit on small networks (less than 50 devices) is 5 days. Why are network security auditing services important? They are important because they greatly reduce the probability of security incidents and associated downtime. Additionally, in the event a security incident should occur, proof of prior security audits and follow-up remediation is evidence of due diligence that may protect your company from legal liability, or at least limit your damages. At the very least they give you the peace of mind about your network security policies so that you can spend your time developing and growing your business!
Internal Security Audit
An Internal Security Audit begins with a threat-discovery meeting in which specific security problems are discussed and defined. Typical security problems include frequent virus outbreaks, unauthorized access to sensitive email or documents, unauthorized network bandwidth usage, or the lack of a well-defined and complete company security policy. Once the problem definitions are complete, the Vesque Partners team will work with you to determine the options available to minimize or eliminate the potential security problems. Upon the audit conclusion a final report will be prepared for you detailing the audit findings, discovered risks, and recommendations of the Vesque Partners audit specialist who will meet with you to discuss the audit results. An Internal Security Audit usually takes from 5 to 15 days to complete, but the actual time required is dependent upon availability of IT or other appropriate security personnel at your company.
Real Attacks and Break-ins
The ultimate test of any network security is survival of an attack by experienced and determined hackers. Upon your request, Vesque Partners will attempt to succeed in a variety of likely attacks and break-ins on your equipment that represents the typical activities of those most likely to target your company. If you anticipate attacks coming from individuals with limited resources and knowledge (e.g., "script kiddies") this can be a relatively inexpensive operation. However, if you anticipate attackers with sophisticated and well-funded resources, a realistic attack can be more costly to mount and may require specialized hardware, personnel, travel expenses, and other resources. At the close of the assessment process, you'll receive a detailed report identifying the requested tests, method used to accomplish a specific attack type and the identification of the security weaknesses that permitted it to succeed. Recommendations will be provided for the most cost-effective methods to correct the security flaws discovered. Vesque Partners can also provide Security Remediation Services to help correct such problems.
Recap of Available Assessment Services
Among the services we can provide are:
- Identification of ‘Machine Break-ins’
- Identification of ‘Domain Hijacking’
- Identification of ‘Denial of Services’ attacks
- Provide physical access to sensitive hardware or software
- Identification of unrecorded user passwords for missing or departed personnel
- Retrieval of ‘lost’ sensitive documents or records
- Identification of network insertion of backdoors, ‘sniffers’, viruses, etc.
At the end of this process, you'll receive a detailed report showing how we accomplished a given attack and identifying the security weaknesses that allowed it. Recommendations will be provided to correct the security flaws discovered and Vesque Partners can provide Security Remediation Services to help correct such problems.
Vesque Partners will work onsite with your IT Security Team to ‘harden’ any hardware or software applications against attack, break-in, or other security issue. If you'd like a quote on the cost of performing a security analysis for your company, please give us a call today at (212) 509-7783.