About Us • Vulsec’s security experts deliver versatile tactics tailored to arm your IT department in the fight against hackers. • We assess your organization to uncover the risks threatening your data, and the shortcomings of your Information Security Program (ISP). • Vulsec’s accomplished team is equipped to provide you with their unsurpassed skills in the fields of: • Social Engineering, Penetration Testing, Simulated Attacks, Mobile Device Risk Assessments, and Enterprise Risk Assessments. • Our satisfied client list includes: Financial Institutes, Power Plants, Hospitals, Casinos, Restaurants, Hotels, Grocery Stores, and Retail Chains. Our Partners Vulsec created a partnership network to introduce industry leading cyber security initiatives. We transform your IT department into a state-of-the-art defense mechanism to combat hackers. We make unbiased, vendor neutral recommendations and provide exclusive access to our vetted partner network. Our promise is to find the data and protect the data. Our clients are able to acknowledge an attack, mitigate an attack, and remedy vulnerabilities to keep critical assets safe. In The News • “Small businesses can’t afford to keep their head in the sand and think that hacking is only a problem the big companies face. All businesses need to understand their vulnerabilities, and realize that what they may not know now can have an incredibly detrimental impact later….” – Small Business Opportunities December 7th, 2015 • http://www.sbomag.com/2015/12/how-to-avoid-getting-hacked/ • “Big companies “should” have the resources to realize, relatively quickly, when a security breach has occurred. However, these infrastructures are complex because secure architectural engineering has not happened before growth….” – Boston CityBizList November 2nd, 2015 • http://boston.citybizlist.com/article/311580/interview-with-andrew-ostashen-vulsec-llc • “Most employees are not properly trained in the subject of identifying threats to the company infrastructure, or how to respond to them. Given the numerous techniques a hacker could employ – from rummaging through a dumpster to collect improperly discarded documents to showing up at a place of business as a contracted technical employee and gaining access to the main servers – comprehensive educational programs that train employees in detecting and responding to hacking threats are imperative….” – Banker and Tradesman October 26th, 2015 • http://www.bankerandtradesman.com/2015/10/yes-it-can-happen-to-you/ The Security Life Cycle Vulsec’s Security Life Cycle (SLC) was meticulously designed to be customizable for all industries in order to successfully find the data and protect the data. Phase 1 • Enterprise Risk Assessment • What are the risks associated with the flow of data in the organization? • Vulnerability Management • Continuous Vulnerability Security Assessment. • External Network Security Assessment • Can the outside world get into the organization’s corporate network? • Remote Social Engineering (Social Media Recon, Email and Phone Calls) • Are employees giving out sensitive information? • Managed phishing service. • Physical Security Assessment • Is the data center and data secure from unauthorized users? • Wireless Security Assessment • Are guest wireless users able to access the corporate network? • Mobile Device Risk Assessment • Is there corporate data going throughout employee’s mobile devices? Phase 2 • Internal Penetration Testing • Is my organization able to determine if we are breached? • External Penetration Testing • Is an attacker able to breach perimeter security to access the corporate network? • Spear Phishing • What would happen if an employee downloaded a malicious attachment? • Are the organization’s employees aware of phishing tactics? • Physical Social Engineering • Can an unauthorized user breach the organization’s buildings perimeter security? • Is the organization’s data center safe from a physical breach? • Wireless Penetration Testing • Can an attacker utilize a broadcasted wireless network to gain access to the corporate network? • Does the organization’s ‘Bring Your Own Device’ BYOD policy increase the organization’s risk of data compromise? • Mobile Device Penetration Testing • Vulsec will drop malicious QR codes, send corrupt SMS messages, and have users install deceptive mobile applications. Phase 3 • Simulated Attack • Vulsec will perform a series of attacks that simulate real world scenarios. This allows the organization to practice how to acknowledge an attack, mitigate an attack, and remediate the vulnerabilities. • This is similar to a ‘Capture the Flag’ scenario with your organization. Vulsec is trying to find data through simulated attacks while your IT department is defending the infrastructure. • Threat Simulation • Vulsec will setup hand-crafted scenarios for your organization based on your goals. • Assess security levels of corporate access with VPN credentials. • Installation of malware on employee workstation. • Standard user credentials provided to test privilege escalation. Niche Services • Cyber Security Due-Diligence • Is the organization you are acquiring have their intellectual property breached? • Does malware have a foothold within the organization? • Point of Sale (PoS) Risk Assessment • Can your PoS network be breached from within the internal network? • Are your PoS terminals susceptible to a breach? • Medical Device Risk Assessment • Are the medical devices deployed throughout the infrastructure leaving your organization at risk? • Where are the medical devices located throughout the infrastructure? • Casino Gaming Network Risk Assessment • Is your casino designing a new game room or building a new casino? • Vulsec can simulate your entire network to conduct assessments against a mirrored copy. Vulsec Remote Security Appliance - VRSA Vulsec has developed a Remote Security Appliance (VRSA) that can be shipped and utilized for on-demand assessments. This option saves our clients $$ by providing personalized service with zero engineer travel expenses. Purchase hours or projects in advance for on-demand assessments through our VRSA. • • • • • • • Virtual Environment Risk Assessment IT Polices and Compliance Assessment PII (Personally Identifiable Information) Gap Analysis System/ Network Secure Image Hardening Assessment Phishing Campaigning and User Awareness Training Organizational Malware Health Check Sensitive Data Identification Mechanism Thank You & Contact Us! • • • • • • • • • Address: 30 Newbury St, Boston, MA 02116 Telephone: 617-648-9815 Fax: 617-648-9819 Email: info@vulsec.com Linkedin Vulsec Linkedin Andrew Ostashen Facebook Twitter www.vulsec.com