Consulting Solutions

A to Z - Consulting Service Areas Our well trained and experienced employees and consultants provide the following types of security and risk management services to assist your business with comprehensive solutions that enhance your Security level and at the same time control your Risks (be it managerial, organizational or technical).

Application Security - We employ some of the best in the industry to provide a wide range of application security solutions. Our solutions include but are not limited to security in the software development life cycle (SDLC), use and abuse case modeling, threat modeling of applications, security architecture and design reviews, code reviews, application security testing, configuration management and post production deployment assurance testing services. We are familiar with frameworks and methodologies like OWASP, STRIDE/DREAD and CVSS and we develop application security solutions that are designed to fit your business need(s).

Business Continuity & Disaster Recovery (DR) - Our business continuity (BC) and Disaster Recovery solutions is not merely a backup solution recommendation. It includes evaluating and assessing your business continuity & recovery procedures (BCRP) and making recommendations to ensure continued operations with minimal interruptions. We would also be able to staff personnel on site to implement the recommendation depending on your request. All our solutions are designed to fit your business need.

Compliance (SOX, GLBA, PCI ...) - Our goal is to take the PAIN out of COMPlIAN ce. We staff the best in the industry on your team based on the compliance requirements you need to comply to, be it SOX, GLBA or PCI or any other.

Data Security - We understand that the most valuable asset that your business has beside your people is data. Our services assist you in identifying the sets of controls that you need to take to protect your information and data. We are adept at developing solutions such as Data-in-Transit, Data-at-Rest encryption solutions, Data Access Control and Auditing controls, Information Leakage Analysis and CIA (Confidentiality, Integrity and Availablity) solutions for your business data.

Ethical Hacking (PenTesting) - We do not just provide you a pentesting service wherein our well trained and licensed penetration testers run a bunch of tools against your network and give you a report. We translate the findings of the penetration testing (Ethical Hacking Assessments) into business risk for your organization and give you a comprehensive RAID (Risks, Actions, Issues and Decisions) report including an executive summary for the Executives/Board members.

Forensics (Electronic Only) - Any case of misuse, fraud, or suspected foul play is scrutinized meticulously by our experience forensic analysts who ardously work in uncovering events and providing you with the admissible evidence necessary. Give us a call and you'd be surprised as to what it means to be "Sherlock Holmes" in this information era.

Governance (Policy & Standards) - All of our solutions are designed to fit your business need - We work closely with your internal policy and goverance teams to evaluate the policies and standards in effect. We evaluate your current policies to ensure that they are implementable. We also assess the scope of the policies and standards (global, local, department specific etc). We assist organizations/companies that lack robust information security policies and standards by developing them, and establishing an "ever-green" process to keep them current.

Host Security - We understand that information security is only as strong as the weakest link. Securing the network perimeter and bolstering the application and data security measures fall short if the hosts (desktops/laptops/pdas) are insecure. We can assist in evaluating host level security, developing and enhancing patch managmement, recommend and deploy HIDS (Host Intrusion Detection Systems) and develop Minimum Security Baseline Configurations (MSBC) for your environment that is designed to fit your business need.

Investigations - You want evidence that is admissible in court - we can help. We employ some of the best investigators that methodically and meticuously collect and label evidence, maintaining chain of custody to ensure that you have all the evidence in an admissible state to assist you in your legal proceedings.

Least Privilege Consulting - We can help in looking at your security and risk posture holistically. We make sure that in all our solutions, one of the underlying principle is "Defense-in-Depth" with Least Privilege control measures.

Metrics Development - What you cannot measure cannot be managed. Meaningful Security and Risk Metrics are hard to come up with. Our security metrics methodology employs the principle - "OUT :: BITS and BYTES, IN :: BUSINESS RISK METRICS". We can help in translating security findings into business risk and establishing dashboards (managerial to operational) level that enable you to concentrate on the business instead of being bogged down in security vulnerability details.

Network Security - A secure Perimeter Defense Solutions in a globalizing vanishing perimeter world is something that is a challenge to many organizations. Our proven track record of "segmentation and segregation" solutions, network design consulting and penetration testing (see ethical hacking section) are one of a kind and we ensure that you are protected from external threat agents just as much as you are from internal threat agents.

OS Security - Not only do we look at application security, data security, host (hardware) security, and network security, but we can help in evaluating the software operating system security in your environment as well.

PCI Consulting - We can help in developing solutions that met the PCI DSS (Payment Card Industry Data Security Standard) requirements to ensure that your comply to this standard and also that your customer have a higher level of confidence when doing business with you.

Quarantine Advisory - This is unique in the sense that we can assist you in creating quarantine zones for any of the following reasons - User Acceptance Testing of Software, Vendor Access to Internal Systems, Research and Development etc.

Risk Management - Our employees and consultants have years of experience in the real-world dealing with clients of diverse backgrounds, allowing them to translate security findings within your company to what matters most for you - the business risk. We have proprietary tools and solutions in place that assist you in accurately guaging the risk of a project and tracking its risk through the life of that project. We aim at giving a panoromic view of the risk within your company.

SOX Consulting - SOX Consulting services we provide is to ensure that adequate security and reporting controls are in place in systems that fall under the jurisdiction of SOX (Sarbanes-Oxley Act). All of our solutions are designed to fit your business need.

Threat Modeling - We can assist in generating abuse cases of the data flow and systems transactions in your environment, thereby enabling us to develop Attack Surface Profiles and Threat Models that uniquely fit your business case. We use negation, inversions, RBAC, DAC, MAC, STRIDE/DREAD, OCTAVE and other methodologies to develop the threat model. In addition to identifying threat agents, we make the necessary recommendations and how-to steps to mitigate the risks/threats in your environment, thereby reducing your exposure levels when implemented.

User Education, Awareness and Training - Give a man a fish and he will eat for a day, Teach him how to fish and he will eat for a lifetime. We believe in leaving behind your organization/company in a operationally sound state and we concentrate heavily educating your users, conducting awareness and trainig sessions for your employees. We can develop tailored training courses for your organizational needs. Our testing and assessment engine is world class that allows us to adequately guage the level of knowledge in your employees and we can focus our attention on teaching them all the "need to know" and more.

Vendor Evaluations - We can assist you in evaluating and selecting vendor products from the RFP (Request for Proposal) stage to Procurement and Deployment. In our assessment, we keep your business foremost in mind and then can help in negotiations as well. We ensure that the products are easily deployable in your environment, operational effective, easy to manage and easy to sustain. All of our solutions are designed to fit your business need.

Wireless Security - Not only are we adept in wired security solutions, some of our employees and consultants are top-notch wireless security professionals and with the ubiquitous nature of wireless access that is prevalent, our solutions look at providing the necessary security measures. We look at access point security and zoning restrictions, conduct wireless penetration testing, develop wireless security architectures and designs, and recommend wireless security strategies.

Zeroization Security - Data when disposal should not be in a state that it is recoverable or readable. We can help in developing your data disposal and zeroization security strategy.

All of our solutions are designed to fit YOUR business need.
You tell us, how we can HELP ...

Focused Solutions
- Custom Fit

Training

Our training solutions is replete with examples from real world cases and pragmatic solutions. Our training ranges from development of awareness programs, compliance-to-coding programs, pre- and post-assessments, Threat Modeling, Web 1.0/2.0, .Net, Java Security to name a few. We can also help with security certifications (CISSP® & SSCP®) and do have an "Everyone Certified Program". Read More

Consulting

Our consulting solutions range from Application Security, Business Continuity, Compliance, PCI, SOX, Wireless to Zeroization Security. Read More

Products

We are constantly developing custom products for our clients. Some of the products we have developed are Certification Readiness Assessment Tools, Risk Modelers, Application Firewalls, Compliance Tools to name a few. Read More