At Secure Consulting we specialize in Information Security solutions using a "defense in depth" approach. Our solutions are not tied to specific vendors, but are tailored to your environment.
Todays networks hold a lot of sensitive information, credit card numbers, social security numbers, personal HR information; you name it, it’s on server or storage device somewhere. In health care they are pushing electronic health records, information like this can cause significant damage!
The HIPAA Security rule states the following under administrative safeguards
~ A covered entity must perform a periodic assessment of how well its security policies and procedures meet the requirements of the Security Rule.
PCI DSS v2 Requirement 11.3 states;
~Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub- network added to the environment, or a web server added to the environment).
How often are your security policies and procedures tested? Do you have security policies and procedures in place?
Whether you know it or not, your networks are under attack, all day, every day. Would you know if someone got into your network? Sure you have a firewall, but how many open ports do you have, what device is at the other end, and how secure its it, or the web app it's hosting? When was last time you had someone look over your configs for old settings, unused nat statements, and stale acl's. Do your users know what could happen if they click "yes" to allow the ssl or java script warning pops up? Common attacks like dns spoofing and, man in the middle, play on your users being uneducated about untrusted websites, and email url links. Even if "most" of your users would never click on this link, it only takes one…
Of all the networks we test and audit, 98% of them are susceptible to arp poison attacks, this will allow any user on your network to perform a man in the middle attack on any server, or user on the same network. This will allow a user the see any unencrypted traffic on your network.
If your organization has to be HIPAA, and PCI compliant, there are some things that you need to ask your network admin,.. who is on my network, what are they doing, and what do they have access to? On todays networks you need more visibility, which is only the beginning of information security. To help your organization meet the compliance standards using HIPAA, and PCI-DSS as guide, we offer the following;
Information Security Risk Assessments:
~ Security Posture Review
~ Network Penetration testing
~ Web Application Testing
~ Wireless Assessments, and Penetration Testing
~ Physical Security Assessment, and Penetration Testing
~ Network Security Appliance Review
Threat Mitigation:
~ IPS Deployment and Signature tuning
~ Managed IPS, and Infrastructure monitoring
~ Firewall Deployment
~ SSL VPN secured by client side certificates
~ Wireless IPS design (WIPS), and deployment
~ EndPoint Protection
~ BYOD and Policy enforcement at the edge with NAC, and IPS integration
~ Security Information and Event Management Systems (SIEM)
Tallahassee - Orlando - Jacksonville - Ft. Lauderdale - Naples - Pensacola - Tampa - Nashville - Atlanta - Florida