Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Vulsec Presentation - IEEE

advertisement 
About Us
• Vulsec’s security experts deliver versatile tactics
tailored to arm your IT department in the fight against
hackers.
• We assess your organization to uncover the risks
threatening your data, and the shortcomings of your
Information Security Program (ISP).
• Vulsec’s accomplished team is equipped to provide
you with their unsurpassed skills in the fields of:
• Social Engineering, Penetration Testing,
Simulated Attacks, Mobile Device Risk
Assessments, and Enterprise Risk
Assessments.
• Our satisfied client list includes: Financial Institutes,
Power Plants, Hospitals, Casinos, Restaurants,
Hotels, Grocery Stores, and Retail Chains.
Our Partners
Vulsec created a partnership network to introduce industry
leading cyber security initiatives. We transform your IT
department into a state-of-the-art defense mechanism to
combat hackers.
We make unbiased, vendor neutral recommendations and
provide exclusive access to our vetted partner network. Our
promise is to find the data and protect the data.
Our clients are able to acknowledge an attack, mitigate an
attack, and remedy vulnerabilities to keep critical assets
safe.
In The News
• “Small businesses can’t afford to keep their head in the sand and think that hacking is only a problem the big companies
face. All businesses need to understand their vulnerabilities, and realize that what they may not know now can have an
incredibly detrimental impact later….” – Small Business Opportunities December 7th, 2015
• http://www.sbomag.com/2015/12/how-to-avoid-getting-hacked/
• “Big companies “should” have the resources to realize, relatively quickly, when a security breach has occurred. However,
these infrastructures are complex because secure architectural engineering has not happened before growth….”
– Boston CityBizList November 2nd, 2015
• http://boston.citybizlist.com/article/311580/interview-with-andrew-ostashen-vulsec-llc
• “Most employees are not properly trained in the subject of identifying threats to the company infrastructure, or how to
respond to them. Given the numerous techniques a hacker could employ – from rummaging through a dumpster to collect
improperly discarded documents to showing up at a place of business as a contracted technical employee and gaining
access to the main servers – comprehensive educational programs that train employees in detecting and responding to
hacking threats are imperative….” – Banker and Tradesman October 26th, 2015
• http://www.bankerandtradesman.com/2015/10/yes-it-can-happen-to-you/
The Security Life Cycle
Vulsec’s Security Life
Cycle (SLC) was
meticulously designed
to be customizable for
all industries in order
to successfully find
the data and protect
the data.
Phase 1
• Enterprise Risk Assessment
• What are the risks associated with the flow of data in the organization?
• Vulnerability Management
• Continuous Vulnerability Security Assessment.
• External Network Security Assessment
• Can the outside world get into the organization’s corporate network?
• Remote Social Engineering (Social Media Recon, Email and Phone Calls)
• Are employees giving out sensitive information?
• Managed phishing service.
• Physical Security Assessment
• Is the data center and data secure from unauthorized users?
• Wireless Security Assessment
• Are guest wireless users able to access the corporate network?
• Mobile Device Risk Assessment
• Is there corporate data going throughout employee’s mobile devices?
Phase 2
• Internal Penetration Testing
• Is my organization able to determine if we are breached?
• External Penetration Testing
• Is an attacker able to breach perimeter security to access the corporate network?
• Spear Phishing
• What would happen if an employee downloaded a malicious attachment?
• Are the organization’s employees aware of phishing tactics?
• Physical Social Engineering
• Can an unauthorized user breach the organization’s buildings perimeter security?
• Is the organization’s data center safe from a physical breach?
• Wireless Penetration Testing
• Can an attacker utilize a broadcasted wireless network to gain access to the corporate network?
• Does the organization’s ‘Bring Your Own Device’ BYOD policy increase the organization’s risk of data
compromise?
• Mobile Device Penetration Testing
• Vulsec will drop malicious QR codes, send corrupt SMS messages, and have users install deceptive mobile
applications.
Phase 3
• Simulated Attack
• Vulsec will perform a series of attacks that simulate real world scenarios. This allows the
organization to practice how to acknowledge an attack, mitigate an attack, and remediate
the vulnerabilities.
• This is similar to a ‘Capture the Flag’ scenario with your organization. Vulsec is trying to find
data through simulated attacks while your IT department is defending the infrastructure.
• Threat Simulation
• Vulsec will setup hand-crafted scenarios for your organization based on your goals.
• Assess security levels of corporate access with VPN credentials.
• Installation of malware on employee workstation.
• Standard user credentials provided to test privilege escalation.
Niche Services
• Cyber Security Due-Diligence
• Is the organization you are acquiring have their intellectual property breached?
• Does malware have a foothold within the organization?
• Point of Sale (PoS) Risk Assessment
• Can your PoS network be breached from within the internal network?
• Are your PoS terminals susceptible to a breach?
• Medical Device Risk Assessment
• Are the medical devices deployed throughout the infrastructure leaving your organization at
risk?
• Where are the medical devices located throughout the infrastructure?
• Casino Gaming Network Risk Assessment
• Is your casino designing a new game room or building a new casino?
• Vulsec can simulate your entire network to conduct assessments against a mirrored copy.
Vulsec Remote Security Appliance - VRSA
Vulsec has developed a Remote Security Appliance
(VRSA) that can be shipped and utilized for on-demand
assessments.
This option saves our clients $$ by providing personalized
service with zero engineer travel expenses.
Purchase hours or projects in advance for on-demand
assessments through our VRSA.
•
•
•
•
•
•
•
Virtual Environment Risk Assessment
IT Polices and Compliance Assessment
PII (Personally Identifiable Information) Gap Analysis
System/ Network Secure Image Hardening Assessment
Phishing Campaigning and User Awareness Training
Organizational Malware Health Check
Sensitive Data Identification Mechanism
Thank You & Contact Us!
•
•
•
•
•
•
•
•
•
Address: 30 Newbury St, Boston, MA 02116
Telephone: 617-648-9815
Fax: 617-648-9819
Email: info@vulsec.com
Linkedin Vulsec
Linkedin Andrew Ostashen
Facebook
Twitter
www.vulsec.com
Related documents
sample referral letter from Chief Examiner (or nominee) to Library
sample referral letter from Chief Examiner (or nominee) to Library
Internet Safety - CFFinfo
Internet Safety - CFFinfo
Executive Level Security Caliber Security Partners is a different kind
Executive Level Security Caliber Security Partners is a different kind
Web Security: Deep Dive
Web Security: Deep Dive
Comparison of career texts
Comparison of career texts
High Court case Citation Court Procedural History Facts Issue
High Court case Citation Court Procedural History Facts Issue
Life Cycle of Work Equipment
Life Cycle of Work Equipment
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Wireless Security Reviews
Wireless Security Reviews
CORE IMPACT
CORE IMPACT
GAO INFORMATION SECURITY Better Implementation
GAO INFORMATION SECURITY Better Implementation
Download
advertisement