View

Sorting

Products found: 12

logo
Offer a reference bonus
0.00

Audit Manager

Pro-fee and Facility Medical Auditing Software. Introducing Audit Manager.

Streamline the way you manage audits by merging audit workflow, management, education and reporting into one easy-to-use, web-based solution. Designed by auditors, for auditors, Audit Manager allows you to audit on your terms through immediate reporting, template customization, and total oversight of your entire audit program.

Benefits

Identify Revenue. Evaluate financial impact. Minimize denials and identify up to 10%, per provider, in missed revenue with extensive reporting and analytics tools.
                                              
Increase Efficiency. Improve your auditing efficiency by up to 40%. Reduce the amount of time you spend completing audits with our user-friendly interface.
                             
Improve Accuracy. Customize your audit templates. Include your own standards, MAC carrier guidelines and claim scrubber tech for ideal results.

Software Features

Cloud-based Access. Never install software again. Access your audit tools, assignments, reports and training from anywhere, any time.

Flexible Audit Management. Experience total oversight of your entire audit program. View the status, and each associated status, of every audit, by any auditor.

E/M Calculator. Save time with every audit. Automatically calculate E/M codes with a built-in calculator while you audit.

Reporting. Capture and create clean, professional reports on every aspect, of any completed audit.

Education Modules. Enjoy pain-free training. Track and report deficiencies on core competencies, and access training modules based on the outcome of audits.

Customizable Templates. Ensure consistent language across your audit staff. Create your own customized audit findings/recommendations comment templates.

Pro-fee and Facility Audits. Manage your entire organization's audit program with Audit Manager. Leverage simple-to-use modules to audit either your pro-fee or facility auditing needs.

Audit Coders & Providers. Audit anyone with the click of a button. Easily identify and sort your coders and providers, then start your customized audit.

Risk Adjustment. Automatically complete your risk adjustment audits more efficiently. Then, deliver your audit results back to your provider or coder with clean, professional looking reports.


... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
11
9
logo
Offer a reference bonus
0.00

Auxilium Cyber Sec

Auxilium protects clients, partners and individuals as well as issues, which are most important for you (your freedom, your privacy, your protected workflows). Also we protect you from unauthorised access to your intern IT environment and to cyber attacks.

PENETRATION TESTING, SECURE DESIGN, IMPLEMENTATION

Infrastructure and cloud. Company provides visibility into the security state of your network from internal and external prospective and an extensive penetration test of your organization perimeter and identify weak links that can allow attacker to get access inside your network. Mobile and desktop software.Developing good software is not easy. But it is even harder to secure it properly. Team will test the security of your software, perform code reviews and ensure security of your customers. Web - your website represents your brand and can bare critical business functionality. At the same time it is one of the easiest attack surface to access. Therefore Auxilium wants to help you ensure that your web site is secure properly maintains its functionality by performing Penetration tests and analyzing the efficiency of existing security measures. Hardware (IoT devices, connected cars, robots, etc.).Auxilium performs an extensive penetration test, provides appropriate security measures for your specific scenario or help you to make your products secure by design.

RISK ASSESSMENT, THREAT MODELLING

Does your organization have a known problem in information security field or you simply want to increase the security level without knowing where to start? Auxilium can perform cost-effective and rapid analysis of your ICT environment pinpointing the most acute issues and assisting you with mitigating them.

SECURITY STRATEGY AND IMPLEMENTATION

Is your organization striving for comprehensive and efficient information security management with high long-term added value? Team will design Information Security Strategy following frameworks like ISO 27001 and PSI DSS, among others, and provide you with necessary assistance and experience to embed such Information Security Strategy seamlessly into your daily operations.

INCIDENT RESPONSE AND FORENSICS

Has information security inside your organization already been breached or are you suspicious that something is not right? Auxilium extensive expertise in intrusion detection and reverse engineering will help you uncover the high-profile security incidents including hacking intrusions or malware infections.

SOCIAL ENGINEERING PENETRATION TESTS

With the constant evolution of defensive technologies people remain the weakest link in the system. No matter how good your technologies are, attackers can exploit your employees to achieve their goals. Auxilium will simulate this threat for your organizations and help to educate your employees afterwards.

RED TEAMING

Are you ready to see what a real attacker what do to meet his objective? Are you ready to really test your defenses? Auxilium will identify weak links in your organization through pre agreed controlled attack scenarios (Digital, Physical and combined). It is a step beyond the traditional security testing and security reviews.

SECURITY TRAININGS

Auxilium really like to share our knowledge and experience. Team will teach your employees to detect social engineering attempts and improve their security awareness, and your developers to write secure code and your engineers to create solutions which are secure by design.

... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
17
15
logo
Offer a reference bonus
0.00

Network Penetration Testing by Depth Security

Network Penetration Testing     

Simply understanding real-world information security threats and associated risks within the context of your organization has never been more difficult. Without an accurate understanding of exactly what your security posture looks like it's nearly impossible to know where to spend time and resources and in what order. We live in a world where the attackers are getting more sophisticated at a faster rate than the defenders are. The discovery of new vulnerabilities and ways to exploit them is an everyday occurrence. What was not vulnerable yesterday may be vulnerable today. Company’s network penetration testing services provide the quickest path to ground when you are trying to understand the real-world risk posed to your infrastructure, applications and users. They use the same techniques and tools that attackers do in order to actually show you what is possible rather than theorizing about it. Instead of guessing about impact and what "could" happen, they show you what can happen and provide play-by-play details of how and why exploitation occurred. They then provide prioritized tactical and strategic recommendations for how to address the issues discovered. Depth Security team provides this data in an easily consumable format for multiple audiences including executives, managers and technical staff.
  • External Discovery
It is difficult to defend yourself without knowing your complete attack surface. But more than ever, security leadership and staff are placed in that exact position. Perimeter Discovery service gives you a solid view of your external-facing systems and data. Experts go beyond simple DNS and IP enumeration to find what you don't know is out there.
  • External Network
Performed from the perspective of an internet-based attacker. Team simulates real-world attacks on your organization by focusing on internet-exposed assets and users.
  • Internal Network
Executed from the inside of your organization's network. These engagements simulate an attack by an agent with internal access to your network such as a rogue employee or contractor.
  • Wireless
Performed from the perspective of an attacker who is within wireless range. They evaluate the wireless network's security posture in the context of generally accepted network security "best practices."
  • Trusted Access
Performed from the perspective of an authorized entity with some level of access to your environment. Common scenarios include testing with the same level of access as partners and vendors connected to your organization's network through remote access technologies such as VPN, SSLVPN, Citrix, etc.
  • Continuous
 Penetration testing is most commonly performed annually, semi-annually or quarterly. These engagements offer a "point-in-time" perspective on the security of an organization.  Continuous penetration testing begins with an initial annual penetration test as a starting point,followed by continuous, ongoing testing throughout the year.
  •  IoT (Internet of Things)
Depth Security’s team has identified and responsibly disclosed many vulnerabilities within popular IoT devices. Let them discover and exploit software and hardware flaws within your devices and services before someone else does.

Why Choose Depth Security?

  • Remediation Verification (Re-test) Included
  • Post-Assessment Debriefing Presentation Included
  • Prioritized, Short and Long-Term Recommendations
  • Executive, Management and Technical Reports
  • Real-World Attack Scenarios
  • Step-by-Step Exploitation
  • Mature, Experience-Driven Methodology
  • Thousands of Assessments Performed
... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
18
12
logo
Offer a reference bonus
0.00

Pondurance Enterprise Security Testing

Assessing the security posture through Enterprise Security Testing is one of many the steps necessary to protecting the organizations information assets. With the advent of new technologies and inherent interconnectivity, an entire digital frontier has become unharnessed. With these great conveniences and efficiencies new challenges are presented that increase the complexity of protecting sensitive information before it ends up in the hands of an adversary.

Enterprise Security Testing Service Offerings:

Vulnerability Testing & Assessment – Vulnerability testing and assessments examine the underlying systems and resources that make up the infrastructure. Team searches for vulnerabilities and weaknesses that may put the enterprise environment at risk. The vulnerability assessment will provide an organization with the discovery, analysis, and controlled exploitation of security vulnerabilities that are accessible from external and internal sources. Identified vulnerabilities are validated through both manual and automated processes to eliminate false positive findings. Penetration Testing: Penetration tests help to truly quantify the impact of a real-world security incident or an attack against your environment. Leveraging the same tools and techniques as an attacker, penetration testing activities are performed to fully assess the effectiveness of the organization’s controls. Pondurance approaches penetration testing in a controlled manner by first coordinating with client personnel to identify the goals and objectives of the test, establishing rules of engagement, and expected end results. From an availability perspective denial-of-service (DoS) conditions are never intentionally pursued in penetration testing engagements. Finally, Pondurance consultants maintain constant communication via our secure portal so that everyone is aware of the activities as they unfold and are completed. Secure Configuration Review: Pondurance reviews operating systems and network devices for configuration settings that align with industry best practices and vendor-recommended guidelines. Security Architecture Review: This activity reviews a comprehensive list of the organization’s technical and strategic information security requirements, such as network design, access controls, environment assets, remote access, and monitoring, alerts, and reports of the underlying infrastructure. The architecture is then compared against best practices or requirements and any improvements or gaps are documented with recommendations to assist with alleviating the current risk. Physical Security Testing: This service penetrates the physical security of a targeted facility through the identification of gaps and/or weaknesses in the facility’s physical security controls. This service includes the manipulation of locks, identification systems, and entryways. Social Engineering: Social Engineering identifies gaps in your employee information security awareness training and pinpoints what changes to your business’s culture will need to be made to continue to conduct business in the modern world. Based on these needs, the following social engineering tests are available:
  • User Based: This uses various electronic communication mediums (email, telephone, social networking, etc.) to take advantage of the environment’s users in order to gain access to sensitive information or targeted data. Common scenarios include coordinated pre-texted calling scenarios and targeted email phishing campaigns.
  • Physical Based: A physical based social engineering test takes advantage of weaknesses in the physical security and your user’s security awareness training to attempt to gain unauthorized access to the facility and sensitive data assets.
Wireless Testing: Wireless testing provides examines security vulnerabilities and exposures within the targeted environment through the use of wireless radio analysis and configuration review. This service can target technology and implementation vulnerabilities, as well as user information security awareness.

... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
16
7
logo
Offer a reference bonus
0.00

Securicon Federal Security Services

The Federal Risk Management Framework (RMF) process is integral to Federal Information Security Management Act (FISMA) compliance. Although it outlines minimum requirements to address daily threats, agency-specific initiatives are often needed to handle risks and vulnerabilities.

At Securicon, we believe that you shouldn’t play catch-up with your security processes. We provide a wide range of services that enable Federal information security managers to implement comprehensive, proactive security programs.

Based on your agency’s unique needs, our services fall into seven major categories:

1 . Risk Management Framework (RMF)
Security Planning and Documentation – Steps 1-3b
Security Assessment – Steps 4-4b
Continuous Monitoring – Step 6
2. Cyber Operations
3. Cybersecurity Operations
4. Systems Engineering Support
5. Security Program Development/Support
6. Technical Consulting Services
7. Governance, Risk And Compliance (GRC)

Risk Management Framework (RMF)

Security Planning & Documentation  –Based on RMF steps 1-3b, Security Planning and Documentation services ensure adequate security controls are incorporated into the design of the system through logic, reasoning and a comprehensive understanding of the technical aspects of the system. These are then documented in the System Security plan to ensure the security controls are implemented so-as to adequately protect the confidentiality, integrity and availability of the system and the data it stores and processes.
Security Assessments – Based on RMF steps 4-4b, Securicon’s Security Controls Assessment ensures that the system’s controls have been implemented and that they are effective in protecting the system and its sensitive data.
Continuous Monitoring – As a central role in the RMF process, Continuous Monitoring provides organizations with near real-time insight into risk management. Each customer continuous monitoring program is often implemented in different ways to accomplish the mandated continuous monitoring functionality. Therefore, Securicon will work with each customer to ensure our services complement existing program capabilities to result in a strong program that results in secure networks and systems, while also ensuring compliance with the OMB-mandated RMF program requirements.

Cyber Operations

Securicon’s professional support services to DOD and other government entities include:

  • The development of unique manning and organizational constructs designed to meet the requirements of a dynamic and high-paced operational environment.
  • Creation and update of department-wide policies supporting cyberspace operations and doctrinal publications for a wide range of forces and staff elements.
  • Application of the joint planning process, joint intelligence preparation of the operational environment, and fundamental operational principles to the planning, preparation, and execution of the full range of military cyberspace operations.
  • Innovative and out-of-the-box concept development to identify and mature new methods of cyberspace capability employment and integration into the full spectrum of military operations.

Securicon’s support of security engineering activities includes:

Assisting the government in the planning and allocation of project specific security requirements and capabilities to current or future enhancements.
Supporting the government in the security impact analyses required for Engineering Change Request (ECR) projects.
Assisting the government in the documentation of project specific security concepts to support new capabilities and in the development of a security requirements traceability matrix.
Supporting in the development and execution of a security test plan and security testing and evaluation of new and existing capabilities to support Certification & Accreditation activities.
Supporting the Government in its work with partner organizations in the development of capability specific security concepts/architectures.
Developing security requirements traceability matrix documentation, security test plans, and Certification & Accreditation (C&A) artifacts.

Security Program Development/Support



Today’s Federal managers with information security responsibilities are often stretched thin and do not have the time or resources to stay current with applicable Federal laws, regulations, standards and guidelines. To achieve success, these Federal managers need to be operating under an Information Security Program that has the correct policies, procedures and resources aligned to ensure all areas of information security and information assurance are appropriately understood and addressed. A successful information security program starts with ensuring a proper security organization exists and necessary resources are available.
The areas that Information Security Programs encompass include:
· System, Data, Asset Identification
· System Access Control
· Computer and Network Management
· System Development Life Cycle
· System Configuration Management (hardware and software maintenance)
· System Authorization
· Privacy and Data protection
· Incident Response
· Business Continuity Planning and Disaster Recovery Planning
· Personnel Security
· Physical Security
· Others – depending on Department, Agency or mission space

Securicon’s technical consulting services include, but are not limited to:


• Vulnerability Assessments
• Penetration Assessments
• Security Architecture Review & Design
• Social Engineering Assessments
• Physical Security penetration tests and assessments

Securicon’s GRC services fall into two major categories:

Program Assessments – We’ll partner with you to determine where you are effectively meeting compliance FISMA, OMB and DOD standards, and we will identify actions to achieve full compliance.
Risk Assessments – We’ll assist you in determining where your budget is needed the most – and where it will have the most impact.

... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
11
15
logo
Offer a reference bonus
0.00

Securicon Technical Consulting Services

Securicon helps customers seamlessly integrate and manage all of their Information Technology (IT) operations. Information security consultants are dedicated to securing our clients’ systems and networks, enabling compliance with applicable regulations, guidelines, and directives.
Consulting services  at Securicon are supported by a large group of skilled, highly-accomplished security professionals. These team members are driven to excel, constantly looking for new methodologies and techniques to help our customers prevail in the technical security arena. With decades of combined experience, the Securicon team has valuable insight into real-world strategies – which in turn ensures real-world success.


Comprehensive Security Services


The Securicon team includes both IT and Operational Technology (OT) engineers. These experts practice across a wide spectrum of professional security services, allowing experiences gained in one discipline to assist in solving problems in another.

Technical Consulting Services include:
  

  • Vulnerability Assessments – Identifying and prioritizing weak spots to protect mission-critical processes
  • Penetration Assessments – Figuring out where unauthorized access can occur and how it can happen
  • Security Architecture Review & Design – Establishing strategies with strong, effective security controls
  • Social Engineering Assessments – Highlighting weaknesses in internal training and procedures
  • Staff Augmentation – Enhancing our clients’ teams with Securicon expertise
... Learn more
-
ROI-calculator
Configurator
ROI-
-
15
16
logo
Offer a reference bonus
0.00

TBG Security’s internal penetration testing services

Prevent Data Loss And Theft

One of the bigger threats to an organization’s IT security are those with network access, namely employees. Network access obstacles frustrate even the best employees: what at first might seem like harmless workarounds can actually seriously compromise a company’s security posture. Examples include ignoring encryption policies, losing devices, sharing usernames and passwords, and simplifying passwords to speed up processes. And, while less common, let’s not forget the handful of disgruntled employee wanting to steal customer lists or seek revenge. TBG Security’s internal penetration testing services deep dive into your internal network(s), mapping out access rights and uncovering hidden weaknesses in the system.

How TBG Security’s internal penetration testing service works

They employ the world’s best and most certified white-hat hackers to uncover holes in your IT security.
Here are the steps involved:
  • Understand and prioritise your concerns and penetration tests goals (eg compliance, vulnerability, internal threat, etc)
  • Agree on penetration test approach and timings.
  • Assign expert cyber security penetration testers tasks best suited for the tasks.
  • Perform the penetration tests to uncover weaknesses in your cyber defenses.
  • Give you a stakeholder-ready report providing detailed review of your cybersecurity posture.
  • Work with you as Trusted IT Security Advisor, if ongoing services are requried

Benefits

  • Trusted cyber advisors for legal, finance, health and government sectors
  • Employ sophisticated social engineering tactics
  • All successful exploits fully documented
And here are just some of their Certifications: Certified Information System Security Professional (CISSP)(ISC)2
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Expert (OSCE)
Certified Ethical Hacker (CEH)
GIAC Certified Intrusion Analyst (GCIA)
Certified Information Systems Auditor (CIA)
GIAC Certified Incident Handler, SANS Institute (GCIH)
Certified Cisco Network Associate, Cisco Systems (CCNA)
Microsoft Certified Systems Engineer, Microsoft (MCSE)
Splunk Certified Architect (SCA)
The aim? To ensure that an employee’s mistake or malicious act does not damage the confidentiality and integrity of your systems. Once the analysis has been completed, you will receive a bespoke stakeholder-ready report on the findings. Also included will be expert recommendations on resolving specific weaknesses in your internal security posture.


... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
6
16
logo
Offer a reference bonus
0.00

Аудит сети by Si BiS

Современные компьютерные сети — это комплекс сложных систем, от качества и подхода к проектированию которых, зависит насколько они могут приносить пользу бизнесу и способствовать его росту. Аудит сети – это исследование текущего состояния, конфигурации, работоспособности и отказоустойчивости корпоративной сети.
Компоненты аудита сети :
  • Всесторонний анализ корпоративной сети и ее компонентов (LAN, WLAN, WAN, телефония, безопасность, управление и мониторинг)
  • Выявление «узких» мест, делающих сетевую инфраструктуру уязвимой и небезопасной с точки зрения конфиденциальности корпоративных данных
  • Оценка функциональности сетевых сервисов и их соответствия конкретным требованиям бизнеса
  • Разработка рекомендаций по модернизации уже существующих элементов сетевой инфраструктуры или замене на более современные решения, оптимизации и защите
Когда необходим аудит сети:
  • Отмечаются проблемы в работе сети, передаче сигнала или сбои при предоставлении сервисов
  • Требуется оценка качества услуг, предоставляемых Интернет-провайдером
  • Перед началом работ по модернизации сети и после завершения, для оценки результатов
  • При передачи сетевой инфраструктуры на аутсорсинг
Ценность для бизнеса:
  • «Здоровая», эффективная, отказоустойчивая корпоративная сеть
  • Безопасность корпоративных данных
  • Снижение рисков предоставления он-лайн сервисов клиентам по некачественному каналу
  • Результатом аудита сети компанией SI BIS станет выявление уязвимых мест в сетевой инфраструктуре и разработка решений по её оптимальной работе.
... Learn more
-
ROI-calculator
Configurator
ROI-
-
14
3
logo
Offer a reference bonus
0.00

ИТ-аудит by IT Solutions

ИТ-аудит (IT консалтинг) дает возможность оценить предоставляемую ИТ-инфраструктурой информацию по следующим семи критериям оценки:
  1. Эффективность – актуальность информации, соответствующего бизнес-процесса, гарантия своевременного и регулярного получения правильной информации.
  2. Продуктивность – обеспечение доступности информации с помощью оптимального (наиболее продуктивного и экономичного) использования ресурсов.
  3. Конфиденциальность – обеспечение защиты информации от неавторизованного ознакомления.
  4. Целостность – точность, полнота и достоверность информации в соответствии с требованиями бизнеса.
  5. Пригодность – предоставление информации по требованию бизнес-процессов.
  6. Согласованность – соответствие законам, правилам и договорным обязательствам.
  7. Надежность – доступ руководства организации к соответствующей информации для текущей деятельности, для создания финансовых отчетов и оценки степени соответствия.
Результаты ИТ-аудита позволяют:
  • Оценить соответствие ИС требованиям бизнеса, выявить недостатки и упущения
  • Эффективно планировать развитие ИС организации;
Принимать решения:
  • Обоснованно решать проблемы безопасности и контроля;
  • Обоснованно приобретать или модернизировать аппаратно-программные средства;
  • Планировать повышение квалификации сотрудников ИТ-подразделений.
... Learn more
-
ROI-calculator
Configurator
ROI-
-
15
13
logo
Offer a reference bonus
0.00

ОЦЕНКА БЕЗОПАСНОСТИ

АУДИТ БЕЗОПАСНОСТИ. ВНЕДРЕНИЕ СТАНДАРТОВ. УПРАВЛЯЕМАЯ БЕЗОПАСНОСТЬ

Внедрение и поддержка ISO 27001, VDA, TISAX, GDPR, НД ТЗИ КСЗИ, других стандартов и требований. Официальная сертификация.

БЕСПЛАТ­НЫЙ СКАН

Автоматическая оценка безопасности веб-сайтов в режиме «чёрный ящик». Быстрый результат. Различные режимы сканирования, глубина и качество. Выберите бесплатное тестирование по требованию или недорогую подписку на непрерывный мониторинг. Узнайте больше.
Лицензионный скан

ЛИЦЕНЗИОННЫЙ СКАН *

Ручное сканирование уязвимостей веб-сайтов и сетей коммерческими сканерами Acunetix, BurpSuite Pro, Qualys, Nexpose. Ограниченная отчётность: резюме и необработанные отчёты сканеров. Минимальный заказ включает простой веб-сайт или сервис (до 20 страниц и 2 форм), либо 16 IP-адресов, занимает 2-3 дня и стоит 15 $ за IP-адрес при сканировании сетей (Qualys + Nexpose) или 180 $ за сайт или сервис (Acunetix + BurpSuite Pro). Подробнее.
Пентест

ПЕНТЕСТ *

Ручная и автоматическая оценка безопасности веб-сайтов, сетей, приложений и т. д. Опцио­нально: тесты DoS/DDoS, социальной инженерии, Red Team, обратная инженерия и исследования уязвимостей «нулевого дня», анализ безопасности исходного кода ПО. Оценка рисков, рекомендации по снижению рисков и отчётность. Помощь по устранению уязвимостей и повторная проверка после устранения. 

... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
2
8
logo
Offer a reference bonus
0.00

Тестирование на проникновение

Наш подход к проведению тестов на проникновение позволит Вам не только подготовиться к прохождению аудита, но и получить полезную информацию о реальном состоянии дел в сфере защиты ваших информационных ресурсов. Наши работы включают в себя не только системы, входящие в область действия стандарта PCI DSS, но и смежные информационные системы.

 

Тест на проникновение проводится с целью выявления существующих уязвимых мест в элементах ИТ инфраструктуры, практической демонстрации возможности использования уязвимостей (на примере наиболее критических) и формирования рекомендаций по устранению выявленных уязвимостей.

Тест на проникновения может проводиться для периметра корпоративной сети (внешний тест) и для внутренних ресурсов (внутренний тест). Работы могут проводиться с уведомлением администраторов и пользователей тестируемой системы, либо без него (Red Team Test). 

Работы по тестированию на проникновение, как правило, выполняются в несколько этапов:

  •  Сбор предварительной информации. Например, о структуре и компонентах корпоративной сети (сетевая адресация, компоненты сети, используемые средства защиты). Сбор осуществляется из доступных источников, в том числе из сети Интернет;
  •  Определение типов и версий устройств, ОС, сетевых сервисов и приложений по реакции на внешнее воздействие (т.е. по рекации на различные запросы);
  •  Идентификация уязвимостей на сетевом уровне и уровне приложений (автоматизированными и ручными методами);
  •  Моделирование атак на сетевом уровне;
  •  Моделирование атак на уровне приложений;
  •  Подготовка отчета и рекомендаций по результатам работ.

Подробнее https://itfb.com.ua/testirovanie-na-proniknovenie/

... Learn more
-
-
ROI-calculator
Configurator
ROI-
-
14
14
logo
Offer a reference bonus
0.00

Управление информационной безопасностью by BMS Consulting

Управление событиями и инцидентами Управление событиями и инцидентами является комплексной задачей, для решения которой необходимо собрать разрозненные данные о событиях и состоянии информационной безопасности в компании, провести ее обработку с использованием современных методов корреляционного анализа и выявления аномалий и представить удобный инструмент для мониторинга, выявления инцидентов, реагирования и отчетности.
Система управления событиями и инцидентами (SIEM –Security Information and Event Management) собирает информацию о событиях на всех компонентах информационно-телекоммуникационной системы компании, постоянно анализирует поступающие данные и, выявляя корреляцию разрозненных событий, обнаруживает инциденты информационной безопасности, уведомляет о них службу мониторинга, предоставляя также механизм для расследования и реагирования на них. Также система способна связывать данные, полученные из журналов событий с информацией о сетевом трафике, знаниями топологии сети, сведениями об уязвимостях систем и понимание ценности для бизнес различных компонент ИТ-инфраструктуры. Благодаря своей гибкости и тесной интеграции со всеми ИТ-системами, данная система является центральным компонентом управления защитой информации в любой компании.
Продукты: IBM QRadar, HP ArcSight, McAfee Enterprise Security Manager, AlienVault Unified Security Management

Тестирование на проникновение
Анализ защищенности, также известный как тест на проникновение или пентест является одним из самых быстрых методов проверки устойчивости компании к взлому и хакерским атакам.
Чтобы проверить защищенность системы, выполняется симуляция действий хакеров по взлому сети компании с использованием различных инструментов и методов. Атака может осуществляется через интернет-подключение, из внутренней сети, по беспроводному каналу, через модемные соединения либо с использованием технологий воздействия на персонал (социальная инженерия) и может быть направлена на конкретные системы (интернет-банкинг, портал обслуживания абонентов, ERP), отдельные подразделения или же на компанию в целом. При этом BMS Consulting проверяет не только наличие уязвимостей, но и реакцию персонала на действия аудиторов в части выявления атаки, противодействия ей, оценки и ликвидации последствий. Проведение такого анализа позволяет выявить наиболее уязвимые места и процессы компании, приоритезировать риски и сформировать план действий по повышению защищенности информационных ресурсов компании.

Сканирование уязвимостей
Использование инструмента сканирования уязвимостей позволяет выстроить иммунитет компании по отношению к атакам из сети Интернет, использующим известные недостатки программных и технических систем.
Каждая сложная программа и информационная система содержит ошибки, способные привести к ее нестабильности или уязвимости к взлому. Новые уязвимости появляются ежедневно, и одна из основных задач специалистов по ИБ — регулярная проверка своих систем на их наличие и выполнение рекомендаций производителей. BMS Consulting предлагает собственную онлайн-платформу для проведения сканирования уязвимостей Ваших систем из Интернет и изнутри сети. Также специалисты BMS разрабатывают методологии и регламентные документы для обеспечения внутреннего процесса управления уязвимостями, который включает проведение регулярных проверок на наличие уязвимостей, организацию и контроль выполнения работ по их устранению.
Продукты: Rapid7 Nexpose, McAfee Vulnerability Manager

Анализ защищенности исходного кода приложений
Статический анализ исходного кода приложений позволяет выявить все ошибки разработчиков и запутанные цепочки программной логики, содержащие уязвимости, которые могут сделать приложение потенциальной жертвой хакеров.
BMS Consulting осуществляет автоматизированный поиск типичных ошибок программирования, а также ручной поиск потенциально опасных ошибок и недостатков кодирования, которые могут стать причиной уязвимостей безопасности. BMS проводит анализ программных и пользовательских интерфейсов приложения на защищенность процессов ввода и вывода данных, поиск недокументированной или излишней функциональности. Благодаря использованию современных систем автоматизации анализа программного кода, проверка от BMS позволяет выявить более 80% недостатков кода и 100% критических уязвимостей безопасности. Широкая поддержка популярных языков программирования и высококвалифицированная команда позволяют гарантировать качество анализа и давать клиентам BMS Consulting уверенность в безопасности их приложений.
Продукты: HP Fortify, IBM AppScan
... Learn more
-
ROI-calculator
Configurator
ROI-
-
0
2

The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.