Security Assessments
Perimeter Vulnerability Assessment
Comprehensive Security Assessment
Penetration Testing
Wireless Survey
We understand the importance of protecting your business from the thousands of security threats your network receives every day. As a division of WPS Health Insurance, we leverage our enterprise expertise to deliver services and solutions to businesses that are focused on protecting their most critical assets.
Our objective is to help you maximize your technology investments and make your information more secure by prioritizing your areas of risk and implementing a security strategy. A comprehensive security strategy is critical for protecting your data and ensuring continuity of business operations. ETS will help you assess your security needs, protect your data, institute effective policies and procedures, understand the potential severity of attacks, and implement proactive remediation.
ETS has partnered with industry leader, TraceSecurity, in offering solutions and services that help you focus on your core security objectives and help ensure a sense of security. Our vast experience coupled with TraceSecurity solutions provides an offering that is unmatched in the industry.
Perimeter Vulnerability Assessment
Proactive vulnerability assessment and management is the most effective approach for detecting vulnerabilities in your network. Patching has its place but you cannot rely on just patching. It won't cover "weak" builds and mis-configured systems. Firewalls and IDS/IPS won't stop fast moving new worms and other malicious exploit code.
ETS' Perimeter Vulnerability Assessment, powered by TraceSecurity, simulates the methodology used by hackers to probe and obtain information from the network perimeter in order to compromise systems and data. All systems and services with Internet presence (routers, firewalls, web servers, IDS/IPS systems, VPN concentrators, etc.) will be tested for possible exploits. The most common issues discovered during this assessment include mis-configured systems, missing patches, unnecessary services, and improperly configured security countermeasures. Automated scanning is utilized to provide blueprint information on the network.
The Perimeter Vulnerability Assessment will complete port scanning, services identification, vulnerability research and verification, which focuses on the identification, understanding and verification of weaknesses, mis-configurations, and vulnerabilities within a host or the network and firewall testing.
Comprehensive Security Assessment
TraceSecurity Comprehensive Security Assessment does a thorough examination of your networks to determine the adequacy of existing security measures and to identify security deficiencies.
TraceSecurity Vulnerability Assessment is based on Open Source Security Testing Methodology Manual (OSSTMM), one of the most widely-used, peer-reviewed, comprehensive security testing methodologies in existence. Traditional vulnerability assessments are a snapshot of the organization's network; however, the TraceSecurity Vulnerability Assessment program includes use of TraceSecurity Compliance Manager.
Compliance Manager incorporates TraceAssess, on-demand scanning; TraceAlert, real-time vulnerability notification; TraceComply, compliance and regulation information security review; and TracePolicy, a policy tracker for policies, memos and other electronic information.
Compliance Manager allows organizations to continue to scan their own network any time - 24 hours a day 7 days a week - to weed out potential threats and ensure that organizations are compliant with regulations and standards. Additionally, if preferred, TraceSecurity engineers can manage this continued assessment process.
The Comprehensive Security Assessment includes:
Policy Review
• Policy Awareness Review
• In-Depth Regulatory and/or Best Practice Review
• Phone Line Review (War Dialing)
• External Network Vulnerability Review
• Internal Network Vulnerability Review
• Employee Awareness Review
• Network Topology Review
• Third-Party Connections
• VPN & Remote User Connections
• Security Countermeasure Review
• Public Records Search
Penetration Testing
TraceSecurity Penetration Test is a test that mimics the actions of real-life invaders simulating an actual attack and exploiting weaknesses in security without the usual dangers involved. Conducting a penetration test is a valuable tool in evaluating your security and preparing your defenses. With this unannounced security assessment, security vulnerabilities and exposures will be identified and exploited. Various tools are used to gather publicly available information.
TraceSecurity Penetration Tests follow documented open-source, standard security testing methodology.
• Network Scanning
• Port Scanning
• System Fingerprinting
• Services Probing
• Exploit Research
• Manual Vulnerability Testing and Verification
• Limited Application Testing
• Firewall and ACL Testing
• Intrusion Detection System Testing
• Electronic Dumpster Diving (Document Grinding)
• The assessment results in an extensive report containing:
• Executive Summary
• Business and Technical Risks and Recommendations
• Penetration Test Methodology
• A list of vulnerabilities broken down into areas of concern
• Details and exposure of vulnerabilities
• Penetrations by areas of concern
• 'Capture the flag' results and successfully penetrated systems
• Recommendations and counter measures
Wireless Security Survey
A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, security verifications, required access and encryption. In addition, wireless site surveys are used to do walk-testing, auditing, analysis or diagnosis of an existing wireless network.
When installed, many organizations find that they have holes in the configuration or that they have not secured remote accessibility from unauthorized parties. Organizations that are bound by HIPAA rules and regulations can be extremely vulnerable to breach.
ETS will complete a wireless survey to ensure that the remote accessibility that you have built is secure and provide recommendations for remediating weak points, access of unauthorized networks, login banners, and evaluation of the access point geographic location and signal strength.
