Taking control over IT systems, theft of confidential data, denial of service caused by an intruder’s attack – such occurrences can paralyze daily activity of the organization. To respond these threats we offer the complex security analysis of IT systems based on testing their resilience to attacks from Internet and internal networks.
Security Analysis of Computer Systems Architecture and Configuration
The analysis provides vital information on the level of a computer infrastructure security. We assess the architecture of the system’s components including operational systems, databases, application servers and network appliances. Based on the findings, we provide recommendations and assist in implementing solutions ensuring security of the data processed in your environment. The assessment is carried out according to best practices, including ISO standards, NIST SP800, IT Grundschutzhandbuch and other relevant documents. Our approach always considers the specificity of the examined organization and business requirements.
Scanning and Penetration Testing
Vulnerability scanning allows to provide a preliminary assessment of the resistance to attacks from external and internal networks. We use dedicated toolkits developed by leading global vendors. Penetration tests, being the fully controlled attacks on the IT infrastructure, are an additional element of the audit allowing to confirm the vulnerabilities in the examined environment. We use PTES as a basic standard for penetration tests, nevertheless other methodology may be adopted by our team. The test results are documented to unambiguously identify any detected vulnerability. The reports always contain recommended corrective actions allowing to reinstate due security measures. We have extensive experience in testing various kinds of computer environments, both in large and small organizations.
Application testing
Applications are particularly exposed to attacks, which can result in theft of confidential data, alteration or even loss of entire databases, along with all the stored information. An attack can also result malicious software being installed– the risk applies both to end user machines and servers. The attack can be conducted by a regular user, even not logged into the application. The consequences of inadequate application security measures are not restricted to financial losses and damage to the corporate image. A security breach pertaining to personal data processed by an application caused by inadequate protection may also entail legal consequences. Galach Consulting conducts comprehensive application security tests, based on the OWASP recommendations. We also conduct tests of mobile applications, used on smartphones and tablets.
IT security maintenance
Maintaining demanded level of IT systems’ security involves continuous commitment, including detection and patching software vulnerabilities, constant monitoring of infrastructure for possible security breaches, capacity and performance control. Such important activities may pose a problem in many organizations due to human resources shortage. We are ready to support your IT department taking a part of IT security administration tasks over.
