A La Carte Network Security Solutions using Security Blanket™ Services
Following are services that we provide that you can pick and choose from to meet your unique needs. Our Security Blanket services are a vehicle for providing the customization you are looking for so that you are only paying for services you want: we do not force you to bundle in activities that you are not interested in.
Annual External Vulnerability Assessment (Internet Exposure Profile)
Is your Internet perimeter and the systems in your DMZ as secure as they need to be? In the SystemExperts™ Internet Exposure Profile (IEP), we perform a battery of penetration tests and attempt to identify a variety of security exposures related to the TCP/IP protocol and services. Unlike the automated EXPERTscan, highly skilled consultants use tools, creativity, and expertise to attempt to obtain unauthorized access to the firewall and to systems behind the firewall. Also, unlike with most commodity penetration testing, our consultants explore combinatorial exposures; minor problems that can be combined to create significant exploitable vulnerabilities.
Annual Web Application Vulnerability Test
Is your web site vulnerable to attack? During the Web Application Vulnerability Test (Web AVTsm), SystemExperts looks to exploit deficiencies in the web application or web pages themselves, to escalate privileges, access other network systems or services, or identify instances where customer-private data may be exposed. SystemExperts tests two primary scenarios: as a determined intruder on the Internet (i.e., with no credentials) and as a legitimate authenticated user with a valid User ID and password.
Automated Risk Assessments & Reporting
EXPERTscan is a largely automated methodology created by SystemExperts to identify configuration issues that introduce unnecessary risk into your environment. At regular intervals (typically weekly or monthly), SystemExperts performs an EXPERTscan of your Internet perimeter and/or internal systems — consisting of an agreed upon set of IP addresses. System Experts then manually verifies the results to eliminate false-positives.
Domain Monitoring & Registration Services
On a monthly basis, SystemExperts™ verifies the expiration of an agreed upon list of Internet domain names and provides notification of expiration dates closer than 60 days. Many large organizations have accidentally lost control over their domain names by missing renewal dates.
SSL Certificate Monitoring & Renewal
The Internet community has come to rely on secure transports to secure the web, and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have emerged as the de facto standard mechanisms to provide this protection. SSL/TLS relies on a server certificate to provide the server’s public key and prove the web site’s authenticity. These certificates are signed by a trusted third party and expire after a certain period of time. Unfortunately, these certificates timeout silently so it is not uncommon for a company to be unaware that its web site is returning error messages and allowing untrusted encrypted sessions when prospective customers contact its site – reducing sales and damaging its reputation. The CERTalert service from SystemExperts gives you peace of mind by monthly monitoring your SSL/TLS certificate expiration date and notifying you before your coverage lapses.
On a nightly basis, SystemExperts™ uses a baseline list of IP addresses that you provide to verify if those hosts are still reachable over the Internet. This is an availability check to ensure that systems do not unknowingly either appear or disappear. Sometimes, systems come online inadvertently or without proper authorization or systems become unavailable or decommissioned unexpectedly.
SERVICEcheck℠ & WEBcheck℠
System Integrity Checks
It is as basic as looking in the mirror before leaving the house for an important meeting, simple things can go wrong. Each business day, SystemExperts™ performs a service integrity check. We compare the set of TCP/IP services offered by a designated set of Internet facing machines and notify you if the profile changes or if any new services have been added.
Similarly, SystemExperts™ monitors your web site home page and static content linked from that home page daily for adverse changes and notifies you of any problems that we find.
We’ll be there when you need to bounce ideas off a knowledgeable sounding board or simply brain-storm with someone on ways to solve a particularly tough problem. Think of the SystemExperts™ Security Blanket™ as providing you with the coverage and bench-depth you’ve always needed but could never before afford on a full time basis.
Security Blanket™ Marketing Letter (free of charge)
SystemExperts™ prepares a letter that describes your customized Security Blanket™ program. The purpose of this letter is to concisely communicate to prospective customers, auditors, or regulators the ongoing security activities that SystemExperts™ is performing on your behalf to help demonstrate that you are fulfilling your prudent man and due diligence obligations.
The letter is delivered both as a form letter that you can distribute as well as customized letters sent by SystemExperts™ to designated third parties.
Learn more about our Security Blanket™ services
Request a consultation to learn more about our Security Blanket™ a la carte IT security solutions and to receive complete pricing information.
Just Because Something is Simple Doesn’t Make it Unimportant.