Use Our Offense to Inform Your Defense
Security assessments are one of the best ways to gain a clear understanding of the risks facing an organization's information assets. Whether a high-level overview or a thorough, in-depth review is desired, DISD works with your staff to produce prioritized findings, recommendations, and remediation or mitigation steps to fit your organization's profile.
Assessments come in many forms. DISD offers services covering the spectrum – from policy & procedure reviews and audits to vulnerability assessments, penetration tests, and everything in between – at the physical, network, server, application, and user levels.
Specifically, DISD offers security reviews, vulnerability assessments, and penetration tests for the following environments:
Penetration tests are the best way to demonstrate individual vulnerabilities and exposures that can be linked together to exploit an application, system, network, or entire organization. Test results often prove helpful in obtaining support for enhanced security efforts. When performing a penetration test, DISD thoroughly examines an organization's network from an attacker's perspective, using proven tools, techniques, and methodologies, to assess threats to the confidentiality, integrity, and availability of information assets. We provide regular status updates, and will always be available and responsive to our customers' concerns during testing.
Each type of assessment is appropriate in different situations. DISD works with our customers to identify the most beneficial assessment for an organization's particular needs, and to identify the goals of the assessment prior to testing. DISD is also available to assist in remediation efforts upon request.
Be Aware, Prepare, and Be Vigilant
DISD offers a variety of defensive services to assist in erecting defenses, monitoring for, analyzing, and responding to attacks.
Network Security Consulting
Network security provides the first line of defense for an organization. Optimal configuration here is critical to maintaining secure internal systems and data. Relatively simple configuration checks and fixes to routers, switches, and load balancers can provide significant security enhancements. Similarly, documenting and reducing the complexity of firewall rulebases can provide a clearer picture of how an organization's security policies are implemented.
DISD provides perimeter and internal network device audits, configuration reviews, and remediation; firewall implementation and configuration services.
Integrating emerging technologies such as IP-based telephony, ZigBee, and IPv6 can help organizations reduce costs, improve efficiency, and provide new products and solutions. DISD offers consulting to help organizations deploy these and other emerging technologies securely.
Digital Forensics is the art of acquiring and analyzing digital information for use in investigations, incident response, and legal proceedings. The term is generally used to cover all types of computer, electronic, and internet-based investigations. DISD specializes in the acquisition, analysis, and investigation of information obtained from workstations, servers, network devices, mobile devices, and various other electronic media.
Remediation and Mitigation
Once a security issue has been identified - whether through internal or third party review, or as the result of a compromise - an effective response is essential. We can assist in these efforts, by calculating the risk exposed, prioritizing efforts, coordinating resources, and formulating one or more remediating or mitigating responses. DISD will also work to determine the level of effort and business impact of any new security measures - then test, confirm, and deploy the controls. Finally, DISD can work with internal staff to establish and implement standards to prevent recurrence of the issue.
Log Analysis & Security Information Management
Enormous quantities of data are produced by every system on a network from the moment they are powered on. Log management and analysis is the key to retaining and extracting useful information. Proper configuration of device, client, server, and application logging functionality helps ensure that relevant, informative, and potentially critical security and performance data is captured. Centralized collection, normalization, and correlation of these disparate log sources provides a way to derive actionable intelligence from the deluge of data.
DISD provides the following services in this area:
- Configuration of network and security devices, clients, servers, and applications to log appropriate content to a centralized location.
- Security Information and Event Management (SIEM) system implementation, configuration, tuning, and content development.
- Manage and/or monitor security infrastructure.
- Review or development of logging policies, procedures, and workflows; troubleshooting.
- Normalization, correlation logic, and rules development, custom reports, and other content to increase the value of information accessible from a SIEM product.
- Training for system administrators, network engineers, incident handlers, and other CSIRT staff.
Incident Detection and Handling
Computer incidents will never be entirely avoidable. As such, it is important to be able to quickly identify and handle incidents as they occur. Incident detection and handling requires a combination of procedural and technical abilities. For example, having an incident response plan in place is necessary to deal effectively with a computer security incident. Regularly testing the plan, the team, and the technologies will help minimize the impact of an incident and the corresponding potential for negative publicity.
DISD provides the following services to assist in incident detection and handling:
- Assistance in identifying and containing incidents, efficiently eradicating the issue, recovering assets, identifying root causes, remediating the associated vulnerabilities, and incorporating lessons learned to minimize the likelihood of future incidents.
- Network-based intrusion detection and prevention (NIDP) system configuration reviews, implementation, and tuning.