CIS provides corporations and professional clients with expertise in issues involving the investigation of hacked computers, networks, phones, electronic devices and websites.
Cyber security issues, such as data breaches, insider threats, and intellectual property theft often prove challenging for e-commerce companies, corporations and other professionals. An unwanted breach can be very costly to your organizational resources and brand reputation. More than ever, small- to medium-sized businesses have become targets for cyber criminals. Why? Too often, the security of these organizations is easy to penetrate and the data acquired can be high value. With our cyber security specialists handling over 1,500 intrusion cases each year, no one is better equipped than CIS to mitigate a company’s cyber security risk.
CIS considers our clients’ financial information, intellectual property, customer and vendor lists, business plans and legal documents to be the “crown jewels” of each client’s business. CIS is a “boutique cyber firm” that understands how cyber criminals, ex-employees and competitors think, and what lengths they will take to get what they want. For that reason, our highly trained cyber teams know how to probe your online defenses, network vulnerabilities, website weaknesses, and inadequate security policies to help protect your company from attacks.
- IT security audits
- Network penetration testing
- Website security penetration testing
- Vulnerability assessments
- Incident response and data breach Investigations
- Incident response forensics
- Litigation support
- Expert witness
IT Security Audits
Despite its importance, cyber security is often overlooked by many companies. Many organizations use legacy systems that are not designed to see modern cyber threats. A secure network starts with proper design for network segmentation, more detailed access controls, better logging and monitoring, and the removal of single points of failure. Most cyber security risks can be mitigated by implementing a security-by-design infrastructure.
Security Is More Than Just Meeting Compliance Or Regulatory Controls
Cyber security is no longer an exercise to satisfy regulatory compliance. It is a real risk faced by businesses that maintain financial records, intellectual property, medical records, and strategic vendor and customer relationships. Even some of the most publicized breaches were in offices that had IT departments with endpoint security, anti-virus systems, and firewalls installed. However, these measures proved not to be enough to avoid a costly breach.
CIS uses a proven three-pronged approach to help protect an organization from malicious attacks.
- Identify all network vulnerabilities.
CIS specialists perform a comprehensive analysis to identify all network vulnerabilities.
- Teams perform “Proof of Concept” exploits to illustrate current vulnerabilities.
Addressing actual vulnerabilities, as opposed to the “false positives” provided by most vulnerability scans, saves thousands of dollars on a company’s IT security budget.
- Get next step recommendations.
Next step recommendations may include a Network Infrastructure & Architecture Security Assessment Technical Report, an Executive Summary, and an in-person presentation for corporate executives and IT administrators on our findings.
Penetration Testing Services
A cyber criminal can easily gain access to a company’s “crown jewels,” i.e., its financial data, customer lists, intellectual property or company business plans. Such hackers can shut down a company’s website and destroy all of its records. Companies may also be vulnerable to targeted Phishing campaigns, where perpetrators pose as certain companies to try to steal sensitive information from its user or subscriber base. For these problems, CIS can help with our advanced penetration testing services. Our experts offer proof of concept, demonstrating how a client’s existing defenses can be penetrated and then follow up with a plan of how to protect that client’s data.
CIS penetration testing experts apply their professional knowledge on how to hack into even the most advanced systems. Our white-hat hackers can conduct black-box, gray-box, and white-box penetration tests, depending on the needs of each client. Different from a vulnerability scan that identifies potential vulnerabilities in your network, a penetration test will evaluate your network from the perspective of a malicious hacker. Our team of experts will examine your company’s information, employees and IT systems in order to find vulnerabilities and exploits that will allow us to gain access into the system and gain control over a company’s critical information. Our cyber professionals includes penetration testing veterans with CEH, ECSA, CPT, CFDE, and CPTE certifications who subscribe to ethical codes of conduct but have the passion to help our clients protect themselves against the risks of a cyber breach. These specialists analyze Internet-facing systems for weaknesses that could leave sensitive information vulnerable to attack, and identify what can be accessed once the network is compromised. Our experts work closely with our clients to formulate customized penetration testing goals based on the security posture of each organization. Once complete, each client receives a detailed report on our findings, with actionable recommendations for mitigating and addressing cyber vulnerabilities.
- Known vulnerabilities and weaknesses of un-patched systems and applications
- Buffer overflows and DDOS attacks
- System application vulnerabilities
- Web application vulnerabilities, such as SQL injection, cross site scripting and cross site forgery
- Specially crafted malware that penetrates firewalls, anti-virus, and defense systems
- Social engineering tactics that allow us to gain access through physical and electronic methods to critical information
- Gaining a foothold in the network
- Pivoting to gain access to the “Crown Jewels of the Network”
- Egress testing of the capabilities of your network to detect egress of important documents
- Comprehensive reporting that documents every step we took along the way
CIS offers advanced Web Application penetration testing services.
Different than the automated-scanning methods performed by most companies, CIS uses manual testing methods to identify and verify vulnerabilities. This eliminates the false positives provided by many automated systems and the wasted dollars spent trying to fix vulnerabilities that don’t actually exist.
CIS staff assesses and tests an organization’s Web applications to evaluate the risks these applications pose to their Internet facing and internal websites, as well as to the sensitive information these applications manage. Discovering and exploiting vulnerabilities is beneficial; however, CIS provides additional service by evaluating the Web application within the context of the business. This gives a complete understanding of the risks and potential threats to the organization, regardless of the type of organization. Our clients include e-commerce organizations as well as companies that use internal and external web applications, shopping carts, or third party APIs.
CIS Web Application penetration testing services are designed to test each client’s system limitations, thus reducing the risks faced by Internet-accessible assets.
- SQL Injection – traditional and blind (OWASP A1)
- OS command injection (OWASP A1)
- Cross-site scripting (OWASP A2)
- Broken authentication and session management (OWASP A3)
- Insecure direct object references (OWASP A4)
- Cross-site request forgery (OWASP A5)
- Security misconfiguration (OWASP A6)
- Insecure cryptographic storage (OWASP A7)
- Failure to restrict URL access (OWASP A8)
- Insufficient transport layer protection (OWASP A9)
- Unvalidated redirects and forwards (OWASP A10)
- Test PHP applications against remote and local file inclusion
- Exploit WebDAV configuration weaknesses
- Evade firewalls
- Reveal Weak HTTPS Encryption