Information Security Testing and Assessment

Information Security Testing and Assessment is a process of identifying different security vulnerabilities in your technology infrastructure. The risks found in the vulnerability assessment are issues that may be exploited by a malicious individual or program to gain access to your confidential and proprietary data.

Group-IB professionals have in-depth experience helping organisations reduce risk exposure, protect information assets and limit the impact of security-related events on business activity. Our global experiences working with law enforcement, combined with our deep cultural and technical advantages, put our protection and assessment services in the upper echelon of all international security companies.

We offer comprehensive vulnerability assessment and penetration testing services to satisfy your organizational requirements.

We have the experience necessary to identify problems in complex network environments without negatively impacting day-to-day operations. We work with your technology teams to pinpoint immediate security issues, provide a comprehensive review of best practices and provide actionable steps to remediate your network security problems.

To increase the effectiveness of an organisation’s threat and vulnerability management, Group-IB professionals deliver integrated end-to-end services that address prevention, detection and correction in these areas:

• Penetrating Testing and Vulnerability Assessment
• WEB-Application Security Assessment
• Application Security Code Reviews
• SCADA Security Assessment

In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).

We have more than 90 employees serving customers in more than 25 countries. Our clients include various banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers from Australia, Argentina, Brazil, Canada, EU, Russian Federation, UK, USA and Ecuador.

Group-IB employees participate in key IT-security conferences such as e-Crime, Cardex, APWG:Counter-eCrime Operations Summit (CeCOS), and the SCADA Security Summit.

Information Security Testing and Assessment

We provide a comprehensive report, which includes, but not limited to:

• Summary of findings and recommendations;
• The general control review result;
• The vulnerability test results;
• Risk assessment results including identified assets, threats, vulnerabilities, impact and likelihood assessment, and the risk results analysis;
• Recommended safeguards

Information Security Testing and Assessment

• Group-IB is the winner of the annual business award "Company of the Year" in the field of Telecom & IT according to the business weekly "The Company" (2012);
• Services from one of the leading companies in sphere of computer forensics and cybercrime investigations with extensive experience;
• Our qualification is proved by various thank you letter from LEA and companies of different countries;
• Unique experience in threat intelligence and vulnerability assessment.

Information Security Testing and Assessment

• When is it necessary to conduct information security assessment?
  • • You need to validate the security of a system after you've made an effort to harden it against vulnerability.
    • You need to quickly understand the security properties of a new or unfamiliar system or technology, perhaps after acquisition, or prior to deployment.
    • You need external confirmation and expert analysis to help catalyze an internal effort to secure a system known to be vulnerable.
    • You need the technology of a third-party assessed, and they are unlikely to be forthcoming with internal information.
    • Your budget or timeframe is otherwise limited and you need to strike a balance between time and thoroughness.

    With industry compliancy and information security laws and mandates being introduced in the past four years, the need for conducting a vulnerability and risk assessment is now paramount. These recent laws and mandates include the following:

    • The Healthcare Information Privacy and Portability Act (HIPPA) is driving the need for vulnerability and risk assessments to be conducted within any health-care or health-care-related institution.
    • The recent Gramm-Leach-Bliley Act (GLBA) is driving the need for vulnerability and risk assessments to be conducted within any banking or financial institution in the United States.
    • The recent Federal Information Security Management Act (FISMA) is driving the need for vulnerability and risk assessments to be conducted for all United States federal government agencies.
    • The recent Sarbanes-Oxley Act affects all publicly traded companies within the United States that have a market cap greater than $75 million; they are now subject to compliance with the Sarbanes-Oxley Act, Section 404, which also is driving the need for vulnerability and risk assessments to be conducted for publicly traded companies.
    • The recent Canadian Management of Information Security Standard (MITS) requires regular security assessments for all Canadian federal government agencies.

    The need to conduct vulnerability and risk assessments is being driven by these new laws and mandates. Organizations must now be information security conscious and must develop and implement proper security controls based on the results of their internal risk assessment and vulnerability assessment.

• Why is it important to organize an information security assessment?

  • By conducting a IT-security assessment and vulnerability assessment, an organization can uncover known weaknesses and vulnerabilities in its existing IT infrastructure, prioritize the impact of these vulnerabilities based on the value and importance of affected IT and data assets, and then implement the proper security controls and security countermeasures to mitigate those identified weaknesses.

    This risk mitigation results in increased security and less probability of a threat or vulnerability impacting an organization’s production environment.

• How often do I need to organize an information security assessment in my company?

  • It varies and depends on the complexity of your systems, but most companies would check their systems with a security assessment and penetration testing at least once a year.

• What is the time frame for typical information security assessment?

  • We can generally perform your penetration test within one to two weeks after we have a signed engagement letter. If your circumstances require an expedited test, please don't hesitate to contact us as we can often create availability in our schedule for you.

• What do we need to start security assessment?

  • You need to sign NDA with Group-IB firstly, after which we will provide you a special scoping questionnaire and conduct an interview with your key employees. An active phase starts shortly thereafter.

• Can a security audit interfere with employees?

  • It does not interfere with staff productivity and does not preempt any business activity.

• What tools do you use?

  • Our toolkit is constantly reviewed to ensure we are able to meet the challenges presented by a continuously evolving security environment. Representative tools we have used include Metasploit, Nessus, & Retina. The tool(s) selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment.

    As a rule, we only utilize subscription-based tools in order to ensure we are using tools with updated definition files to help ensure we are testing for recently emerged exploits or vulnerabilities.