Coefficient Technologies assesses the client’s IT organization’s management, documentation, and design of operations as well as conformance with best practices and any relevant regulatory requirements
Coefficient Technologies assesses employee awareness of security threats by trying to coax employees into disclosing passwords and other sensitive info using various simulated attack vectors, such as phone and email. This exercise tests the security of client account data and other sensitive information in terms of employee adherence to corporate IT policies and procedures.
The risk assessment is a top down analysis of an organization’s security posture. Coefficient Technologies uses a proprietary risk evaluation model that provides the basis for a report which describes key assets, threats and vulnerabilities, and recommendations for risk mitigation. The model can be used for scenario planning and to revalidate the organization’s security posture after risk mitigation activities.
Business Continuity Assessment (BCA)
We help small to medium sized organizations manage operational, technical, and security risks. Using ISO Standard 22301-2012 framework, we assess the viability of your current business continuity management system. We also custom build continuity programs that meet organization specific goals for organizational resiliency. Program components include gap analysis, policy development, risk assessment, impact analysis, plan creation, testing, training, and awareness.
External Technical Assessments
Without any assistance from the client, our experts identify all Internet-accessible corporate networks and information systems. The purpose of this exercise is to make the client aware of all assets which are currently visible on the Internet and therefore exposed to possible Internet threats. This assessment is typically performed prior to the PSA in order to confirm the assessment targets.
This assessment involves the enumeration of vulnerabilities and risks that are accessible from the Internet – the “hacker’s perspective” – and includes expert validation and penetration testing. ADI starts by using scanning tools to harvest vulnerability data. Our experts then validate all results to eliminate false positives and uncover any other vulnerabilities that may have initially escaped detection. To the extent possible (without damaging systems or data) identified vulnerabilities are exploited to assess their real severity, the level of exposure, and potential impact of a breach.
Targets of this assessment include firewalls, routers, load balancers, VPNs, servers, applications (client-facing or otherwise), and any other perimeter or Internet-facing information assets. We evaluate protection measures in terms of their ability to maintain the confidentiality, integrity and availability of networks, systems, applications, and data.
As part of the PSA, penetration testing is performed on critical applications. Techniques include SQL injection, URL injection, CSRF injection, directory traversal, auth vulnerabilities, AJAX vulnerabilities, etc. Goals for the exercise include unauthorized access and privilege escalation as well as an analysis of availability risks.
The Wireless Security Assessment targets corporate and guest wireless LAN deployments to identify weaknesses in configurations, authentication protocols, and wireless architectures. We identify any of the client’s rogue (or unauthorized) access points.
Internal Technical Assessments
This onsite assessment focuses on vulnerabilities and security concerns associated with the client’s critical network and computing assets which operate behind firewalls.
The LAN Security Assessment targets a sample of users’ desktops and laptops to gain a broader characterization of the level of security implemented within the user computing environment.
Active Directory is the lynchpin of any Microsoft computing environment, as it is responsible for account provisioning, setting security policies, controlling access to shared resources, and much more. If configured improperly, weaknesses may be created that can lead to compromise of the security of the entire network. The ADSA identifies those security vulnerabilities and suggests fixes.
Using security benchmarking tools, ADI audits router configurations to score the configuration against best practices in router security. The result of the analysis is a list of recommendations for each configuration analyzed.
Using server-side security benchmarking tools and checklists, ADI audits Windows and SQL server configurations to identify weaknesses or deviations from security best practices and provide recommendations.
Virtualization has revolutionized server utilization and data center economics. However, this novel approach comes with new risks. Traffic between virtualized servers on the same host is difficult to monitor. Malware can spread unabated. Intrusion detection may be ineffective. Our VSA examines virtual system configurations to assess whether clients are adhering to virtualization security best practices.
DLP is an emerging class of technology products which monitor gateways, laptops and desktops to ensure that sensitive information such as credit card numbers, health care data and IP do not escape designated network boundaries or onto computer peripherals in an unprotected or unauthorized manner. Our DLPA leverages this technology to monitor corporate traffic for a predetermined length of time to detect violations of data handling policies or procedures.