Consulting

You can Click on each Title to expand/collapse the sections.

1. Application Security

   We employ some of the best in the industry to provide a wide range of application security solutions. Our solutions include but are not limited to security in the software development life cycle (SDLC), use and abuse case modeling, threat modeling of applications, security architecture and design reviews, code reviews, application security testing, configuration management and post production deployment assurance testing services. We are familiar with frameworks and methodologies like OWASP, STRIDE/DREAD and CVSS and we develop application security solutions that are designed to fit your business need(s).

2. Business Continuity & Disaster Recovery (DR)

   Our business continuity (BC) and Disaster Recovery solutions is not merely a backup solution recommendation. It includes evaluating and assessing your business continuity & recovery procedures (BCRP) and making recommendations to ensure continued operations with minimal interruptions. We would also be able to staff personnel on site to implement the recommendation depending on your request. All our solutions are designed to fit your business need.

3. Compliance (PCI, SOX, GLBA ...)

   Our goal is to take the PAIN out of COMPlIAN ce. We staff the best in the industry on your team based on the compliance requirements you need to comply to, be it SOX, GLBA or PCI or any other.

4. Data Security

   We understand that the most valuable asset that your business has beside your people is data. Our services assist you in identifying the sets of controls that you need to take to protect your information and data. We are adept at developing solutions such as Data-in-Transit, Data-at-Rest encryption solutions, Data Access Control and Auditing controls, Information Leakage Analysis and CIA (Confidentiality, Integrity and Availablity) solutions for your business data.

5. Ethical Hacking (Penetration Testing)

   We do not just provide you a pentesting service wherein our well trained and licensed penetration testers run a bunch of tools against your network and give you a report. We translate the findings of the penetration testing (Ethical Hacking Assessments) into business risk for your organization and give you a comprehensive RAID (Risks, Actions, Issues and Decisions) report including an executive summary for the Executives/Board members.

6. Forensics (Electronic only)

   Any case of misuse, fraud, or suspected foul play is scrutinized meticulously by our experience forensic analysts who ardously work in uncovering events and providing you with the admissible evidence necessary. Give us a call and you'd be surprised as to what it means to be "Sherlock Holmes" in this information era.

7. Governance (Policies and Standards Development)

   All of our solutions are designed to fit your business need - We work closely with your internal policy and goverance teams to evaluate the policies and standards in effect. We evaluate your current policies to ensure that they are implementable. We also assess the scope of the policies and standards (global, local, department specific etc). We assist organizations/companies that lack robust information security policies and standards by developing them, and establishing an "ever-green" process to keep them current.

8. Host Security

   We understand that information security is only as strong as the weakest link. Securing the network perimeter and bolstering the application and data security measures fall short if the hosts (desktops/laptops/pdas) are insecure. We can assist in evaluating host level security, developing and enhancing patch managmement, recommend and deploy HIDS (Host Intrusion Detection Systems) and develop Minimum Security Baseline Configurations (MSBC) for your environment that is designed to fit your business need.

9. Investigations

   You want evidence that is admissible in court - we can help. We employ some of the best investigators that methodically and meticuously collect and label evidence, maintaining chain of custody to ensure that you have all the evidence in an admissible state to assist you in your legal proceedings.

10. Metrics Development

    What you cannot measure cannot be managed. Meaningful Security and Risk Metrics are hard to come up with. Our security metrics methodology employs the principle - "OUT :: BITS and BYTES, IN :: BUSINESS RISK METRICS". We can help in translating security findings into business risk and establishing dashboards (managerial to operational) level that enable you to concentrate on the business instead of being bogged down in security vulnerability details.

11. Network Security

    A secure Perimeter Defense Solutions in a globalizing vanishing perimeter world is something that is a challenge to many organizations. Our proven track record of "segmentation and segregation" solutions, network design consulting and penetration testing (see ethical hacking section) are one of a kind and we ensure that you are protected from external threat agents just as much as you are from internal threat agents.

12. OS Security

    Not only do we look at application security, data security, host (hardware) security, and network security, but we can help in evaluating the software operating system security in your environment as well.

13. Risk Management

    Our employees and consultants have years of experience in the real-world dealing with clients of diverse backgrounds, allowing them to translate security findings within your company to what matters most for you - the business risk. We have proprietary tools and solutions in place that assist you in accurately guaging the risk of a project and tracking its risk through the life of that project. We aim at giving a panoromic view of the risk within your company.

14. Threat Modeling

    We can assist in generating abuse cases of the data flow and systems transactions in your environment, thereby enabling us to develop Attack Surface Profiles and Threat Models that uniquely fit your business case. We use negation, inversions, RBAC, DAC, MAC, STRIDE/DREAD, OCTAVE and other methodologies to develop the threat model. In addition to identifying threat agents, we make the necessary recommendations and how-to steps to mitigate the risks/threats in your environment, thereby reducing your exposure levels when implemented.

15. User Education

    Give a man a fish and he will eat for a day, Teach him how to fish and he will eat for a lifetime. We believe in leaving behind your organization/company in a operationally sound state and we concentrate heavily educating your users, conducting awareness and trainig sessions for your employees. We can develop tailored training courses for your organizational needs. Our testing and assessment engine is world class that allows us to adequately guage the level of knowledge in your employees and we can focus our attention on teaching them all the "need to know" and more.

16. Vendor Evaluations

    We can assist you in evaluating and selecting vendor products from the RFP (Request for Proposal) stage to Procurement and Deployment. In our assessment, we keep your business foremost in mind and then can help in negotiations as well. We ensure that the products are easily deployable in your environment, operational effective, easy to manage and easy to sustain. All of our solutions are designed to fit your business need.

17. Wireless Security

    Not only are we adept in wired security solutions, some of our employees and consultants are top-notch wireless security professionals and with the ubiquitous nature of wireless access that is prevalent, our solutions look at providing the necessary security measures. We look at access point security and zoning restrictions, conduct wireless penetration testing, develop wireless security architectures and designs, and recommend wireless security strategies.

All of our solutions are designed to fit YOUR business need.
You tell us, how we can HELP ...