+1-347-994-8732
+91-022-23532909Security Consulting Service
As a CERT-India Empanelled auditor, we are proud to help secure websites for the Government of Punjab and Gujarat among others.
Introduction
Securing your information and protecting your company's reputation isn't just about technology.
- It's about understanding your assets, weaknesses, and the threats towards your business in order to calculate true risk.
- It's about mitigating that risk to an acceptable level.
- It's about policies, procedures, and configuration guidelines.
- It's about increasing the security awareness for your employees, and empowering them to stay ahead of the threats.
Security Brigade's Security Consulting Service is a highly flexible service with the goal of providing expert consultants and domain specialists to help you meet your information security requirements. Our Security Consulting Service aims to deliver relevant expertise to Clients in varied situations whether its board-room consulting, software security design, secure architecture design, DDoS attack management, or any other information security related business requirement.
- Experience of tens of thousands of hours of security assessments, implementation, design, development.
- Informative Reports focused on helping you understand your information security posture, in-relation to industry benchmarks and expectations.
- In-House Research and Development that allows us to provide unique and cost-effective solutions to complex problems.
- Prevent Loss of customer information, trust and organizational reputation.
- Unique Combination of proprietary in-house and industry-leading security assessment tools, processes combined with in-depth analysis of identified vulnerabilities.
Approach
Security Brigade's Security Consulting Service leverages a hybrid approach to deliver a comprehensive and accurate solution that goes well beyond industry benchmarks. Through industry best-practices coupled with automated and manual testing we deliver results that help you head off on-coming threats against your system and application infrastructure.
Our Approach
Our Security Consulting Service methodology is an in-depth process that has been built through experience and thorough understanding of customer requirements.
|
|
Technical Experience
Security Brigade has had the privilege of working with a large number of customers with varied operational environments. As a result, our consultants have broad technical experience and some of the environments we have worked with are listed below.| Operating Systems: Windows Server 2000, 2003, 2008, Redhat Linux, Sun Solaris, HP-UX, IBM AIX, Open VMS, Novell Netware, Open Enterprise Server, Suse Linux, IBM OS/2, Win NT, SCO Unix, SCO OpenServer, IRIX, FreeBSD, OpenBSD, NetBSD, OpenSolaris. |
| Databases: Oracle, SQL Server, IBM DB2, MySQL, PostgreSQL, Sybase, Access, SAP DB, Interbase, Ingres, Informix. |
| Firewalls: Cisco PIX/ASA, Checkpoint, Netscreen, Watchguard, Sonicwall, Fortigate, Web Application Firewalls. |
| Intrusion Detection Systems: ISS RealSecure, Cisco Secure, Dragon IDS, Fortinet, Snort, Sourcefire, Checkpoint RealSecure. |
| Network Devices: Routers, Firewalls, Switches, IDS/IPS, Load Balancers, Layer 7 Switches. |
| VoIP Devices: VoIP Routers, IP Phones, PSTN Gateways, ISDN Gateways, PBX Gateways, VoIP Switches, SIP Phones, H.323 Gateways. |
| Wireless Devices: Wireless Access Points, Wireless Routers, Wireless Bridges, Wireless Switches and Controllers, Wireless IPS, Wireless Client Devices. |
| Applications: ASP, .NET, PHP, Ruby, Perl, Python, C#, Java, C/C++, Delphi. |
| Web Servers: IIS, Apache, Tomcat, Netscape Enterprise, Caucho Resin Server, IBM HTTP Server, Lotus Domino HTTP Service, JRun, lighthttpd, Oracle HTTP Server, Sun Web Server, WebLogic. |
| Messaging Servers: Microsoft Exchange, Sendmail, Qmail, Lotus Domino, Blackberry Enterprise Server. |
| Others: Microsoft Sharepoint, SAP, Active Directory, ISA Proxy, Squid Proxy. |
| Mobile Devices: PDAs, Blackberies, Notebook Computers, Netbooks, Pocket PCs, Smart Phones, Tablet PCs, Microsoft Mobile Servers, Blackberry BES/MDS Servers. |
| SAP Systems: SAP R/2, R/3, BOBJ, APO, AFS, BW, BI, CCM, CC, CI, EBP, EL, EP, XI, etc. |
In-House Tools for Security Consulting Service
| sdFinder - Identifies internal hosts on non-contiguous IP ranges. It allows us to detect sensitive information about our clients commercial, intranet and extranet networks. | ||||||||
| webDiscovery - Identifies as many applications as possible on Client web-servers. The applications discovered through webDiscovery allow us to provide a superior web application security testing service than competitive services and products. It allows us to increase the scope of the audit and cover more areas that could be attacked by malicious users; that would not be covered by a traditional audit. | ||||||||
| networkMapper - Network Mapper uses proprietary technology to be able to identify alternative network routes to bypass security mechanisms such as IDS/IPS/Firewall etc. It allows our experts to bypass existing security implementations and gain direct access to the systems behind them. | ||||||||
| webTester - Utilizes our Benchmark Development System to ensure that we can identify maximum vulnerabilities in applications through automated mechanisms. Along with flaws that are known, it uses in-house research to test for vulnerabilities that are not in the public domain. It allows us to automate the process of identifying and testing known and unknown vulnerabilities in web-applications and strike a cost-effective time to effort ratio. | ||||||||
| VA Framework - Integrated solution developed by our security experts that have an expertise in the vulnerability assessment domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements. | ||||||||
| PT Framework - Integrated solution developed by our security experts that have an expertise in the penetration testing domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements. | ||||||||
| webSpider - Uses advanced HTML, Java Script, Ajax, Flash and XML parsing engines to identify and map as much of the client applications as possible. This not only assists our automated webTester engine, but also assists in carrying out the manual testing process in an efficient manner. It allows us to attain a cost-effective balance between thorough testing and time required. | ||||||||
sapScan - Security and Configuration Assistant for SAP Security Audits.
| riskReview - General Risk Assessment Tool.
| erpInterrogate - ERP Security and Configuration Assessment and Control Tool.
| Windows Batch Scripts - Windows batch scripts to automate routine server hardening functions and processes.
| Linux Bash Scripts - Linux Bash scripts to automate routine server hardening functions and processes.
| Oracle Security Assessment Scripts - Oracle Security Assessment Scripts to automate routine hardening functions and processes.
| MSSQL Security Assessment Scripts - MSSQL Security Assessment Scripts to automate routine hardening functions and processes.
| Internal Vulnerability Database - Automated vulnerability database that is updated every 15 minutes from over 100 public and 20 private feeds.
| SQL Explorer: identifies vulnerabilities in and retrieves data from MSSQL, MySQL, Oracle, PostgreSQL, MS Access etc database servers. | |
Case-Studies
 | Security Consulting for a Publishing House Security Brigade provided Security Consulting for a large Publishing House. This case study highlights the process and methodology implemented to help our Client better understand their security posture, recommended roadmap and establish an action items to achieve the same. |
| Security Consulting for a Leading Managed IT Hosting Services Provider Security Brigade provided Security Consulting for a Leading Managed IT Hosting Services Provider. This case study highlights the process and methodology implemented to help our Client design and build a secure environment that would help them host critical infrastructure for their customers. |
 | Security Consulting for a Automative Company Security Brigade provided Security Consulting for an Automative Company. This case study highlights the process and methodology followed to analyze the Client's organizational challenges, design and succesfully implement a solution to help meet their business requirements. |
Deliverables
Security Brigade's reporting process is industry-unique and aims to deliver maximum value to your organization and the administrations / developers directly interacting with the security audit. Each report is customer-specific and contains detailed information, proof of concepts, source code examples and configuration details with the aim of educating your IT teams for the long-term. The following are some of the deliverables you will receive on completion of a Security Consulting Service.
Executive Presentation Provides a holistic overview of the consulting process, the organizational challenge, various factors taken into consideration and the solution delivered. The presentation is aimed at helping senior management understand the solution recommended and the action items required achieving the same. |
 |
General Consulting Report Provides a detailed insight into the process and methodology followed to tackle the challenge. It details the various factors and alternatives taken into consideration along with a detailed explanation and justification of the solution recommended. |
 |
Security Consulting Service