Corporate organisations are subject to a constant stream of digital attacks from numerous sources, from individual hackers who operate alone to organise crime syndicates often located outside of Australia. Often these malicious individuals do not target a specific organisation but scan entire internet ranges for known vulnerabilities. In the event an exploit is found, attackers may be able to gain unauthorised access to sensitive data, deface public facing webpages and/or perform malicious activities that impact the business causing downtime, loss of sensitive customer information, negative publicity and ongoing financial consequences.
Enterprise Security Perth
Avantgarde’s IT security consultants offer our customers an enterprise security plan which have range of services to keep your network and systems secure and meet a security compliance level for business operational requirements at Perth(for example the processing of credit card information).
Vulnerability Assessments
Vulnerability Assessments are used to identify network and system vulnerabilities on a corporate information system. Avantgarde adheres to latest industry standard methodologies including the ISO 27001 risk matrix and NIST 800-115 for all testing. Whilst the most common vulnerability assessment is an external assessment against corporate services exposed to the internet, Avantgarde also performs internal vulnerability assessments on an organisation’s internal business systems. Vulnerability Assessments attempt to identify numerous weaknesses in security including:
- Remotely exploitable vulnerabilities
- Patch levels (OS and Apps)
- Unnecessary services
- Removable media and encryption of removable storage
- Stress testing/DDOS attacks
- Weakness of encryption
- Weakness of authentication
- Web Application Testing for security vulnerabilities and exploits
Based on the requirements of the engagement, Avantgarde’s security experts utilise a variety of tools to perform the vulnerability assessment including but not limited to Nessus Vulnerability Scanner Professional, MSBA, Nikto, Nmap, Metasploit framework, Wireshark, Hydra Password Cracking Tool, Netcat, Burp Suite Professional and SQLmap.
Penetration Testing
Penetration Testing starts with a list of vulnerabilities identified by an Avantgarde vulnerability assessment. Customers can engage an Avantgarde security specialist to attempt to exploit the vulnerabilities and determine whether the vulnerabilities can lead to unauthorised access or other malicious activity. The intent of this exercise is not to cause damage but to identify the risk of each vulnerability and discover how they could be used to cause damage to an organisation.
User Security Training
Corporate information systems are only as secure as the users who utilise the systems. The majority of information systems compromised often start with the end user opening a malicious email attachment or bringing a compromised USB key into a network. Whilst there are always measures that can put in place to mitigate these risks, doing so often restricts users from performing their day to day duties. The more security put in place by IT teams, the less flexibility users have to operate within the environment.
To better educate users about security risks, Avantgarde offers training sessions for users aimed at providing staff with the base knowledge to identify threats, understand the types of risks out there and prevent staff from compromising devices connected to the corporate network. Avantgarde can customise the user training for each of our clients allowing our customers to add/remove components from the agenda to meet requirements.
Operating System Hardening
Avantgarde provides Operating System Harding services to companies looking at increasing system security or meet a compliance such as Payment Card Industry Data Security Standard (PCI DSS) for companies looking to process credit card transactions. We deploy and configure industry leading security benchmarks such as Center for Internet Security (CIS) and Microsoft Security Baselines.
We also provide services for locking down servers exposed to the Internet to ensure unnecessary services are disabled, services exposed are secure and firewall rules are in place.
Avantgarde utilises a number of leading tools for Operating System hardening including but not limited to Microsoft Security Baseline Analyzer, nCircle’s Configuration Compliance Manager, Microsoft Security Compliance Manager and Microsoft SCW.
