"The general feeling in our management is that our computer system is impenetrable. I'm personally concerned about this, as it has never been subjected to a comprehensive security analysis. At the same time, ironically, I can't get the budget for a comprehensive security analysis because of our management's feeling of security. What can I do?"

This is neither an uncommon nor an easy problem, but we have a solution for it. While you may not get the budget for a comprehensive security analysis, you might get a budget for a penetration test. A successful penetration test by our skilled experts will show to your top management beyond any doubt that the system is not impenetrable and will more than likely yield a budget for a subsequent comprehensive security analysis of the entire system. 

"We have purchased an e-banking application from a vendor who claims that its security is extremely high as the application is employing state-of-the-art security technology. It's not that we don't believe them but we'd feel better - and it's a matter of due diligence - if an independent security team could take a look at this application."

Our experts can perform an in-depth security analysis of your application, searching for weaknesses in design or implementation, programming logic, authentication, authorization, communication with other components (e.g., databases), integration etc. All security problems that we uncover will be evaluated and their severity assessed to help you prioritize the order of addressing them.

"Our company has a public web site connected to an internal database server, extranet for our business partners and VPN access for employees. Recently we've introduced wireless network and I'm more and more concerned about the overall security of our digital data and services. I'd like someone knowledgeable to analyze it, pinpoint the vulnerable points and help us fix them without opening new ones."

In increasingly sophisticated environments the number of potential security weak spots tends to grow beyond control unless properly managed. To date, we have done a great number of security analyses of various information systems, ranging from small LANs with no public servers to large corporate networks with virtually every kind of functionality, connectivity and technology you can think of. We analyzed network topologies and configurations, workstations and servers, services and applications; and provided help with fixing all sorts of vulnerabilities we found in them. Doubtlessly, your system is special and unlike others in many ways. Fortunately, so is our expertise.

"We have installed an intrusion detection system, and have in place procedures for handling suspicious events. We want to test our system's security, our intrusion detection systems and our incident handling procedures in a realistic attack simulation."

Our penetration testing service is ideally suited for this task. Acting as an attacker, we'll simulate the activity present in a real attack, giving you the opportunity to detect it and react to it. At the end of the test, you'll be able to compare the actual results with required ones, and carry out the necessary corrective actions on either technical or organizational level.

"We're considering buying a complex software package for processing some of our most sensitive data, and we're down to selecting among the finalists. As part of the selection process, we want an objective security assessment, and comparison, of these software packages in order to make the optimal decision."

Our experts are trained to understand your security needs, as well as analyze any software package. We'll focus on the areas that are most critical to your organization, and make a comparison of the products you're considering. The result will be a comprehensive security matrix that will help you assess the "security factor" in your purchasing decision process.

"We're offering many services to our customers over the Internet. We struggle to install security patches and fixes as quickly as we can, but we feel we don't have a good outside security view of our system. We'd like someone to regularly inform us about any vulnerabilities we may be - or become - open to, and then provide effective recommendations for eliminating them."

Our Internet exposure management service will provide exactly what you're looking for. We'll regularly scan your perimeter and promptly inform you of any new vulnerabilities that expose your system to malicious attackers. We'll also provide recommendations for eliminating these vulnerabilities and help your administrators implement these recommendations, resulting in a minimum exposure time.