In order to effectively address a client’s security needs, a whole-picture view is required. Which assets are most valuable or most important to protect? Where is the weakest link and how secure is it? How well are employees trained and educated? These are critical questions that must be asked. I provide a range of security consulting services to small businesses. The utmost care is taken with all our work. The main streams of work we perform are as follows:
Network Penetration Test
Network Penetration Testing involves the emulation of actual attacks by threat actors. In these engagements, the network infrastructure is assessed for vulnerabilities, which are then exploited to gain initial access to the network. Lateral movement and pivoting are employed to traverse the network and discover further systems, services, and their vulnerabilities.
Web Application and API Assessment
Web applications and Application Programming Interfaces (or APIs) are how people communicate with servers. These assessments look at the security of that communication, both to and from the server.
Assumed Breach
Whether a system is compromised by and outsider or an employee mistakenly clicks the wrong link, the breach will happen. An assumed breach assessment begins internally. What is assessed is what can happen from there.
Physical Assessment
During a physical assessment, the physical premise of the business is assessed for potential weaknesses. This might include the assessment of locks, cameras, RFID nor NFC badges, and the protocols and controls in place in the event of a physical breach.
Social Engineering and Phishing
Assessing the response of personnel is sometimes important to business continuity and can include the use of phishing emails, phone calls, and/or website cloning.
Risk and Vulnerability Assessment
Risk Assessments are often the first step in an audit of a company’s security posture. We determine the most valued assets, whether information, people, physical items, or finances, and assess both the likelihood and impact of a loss or breach.
Vulnerability Assessments involve scanning the attack surface of the business for holes in the protective outer layers.