 |
Technical Security Assessments
|
|
VeriSign Global Security Consulting experts
use vulnerability and penetration testing, wireless assessments and
code reviews to assess the risk to your critical infrastructure, servers,
and applications. Regular technical security assessments help ensure
that your systems are safe and efficient and that you’re able to take
advantage of technical advances.
|
| The Purpose | Check for weaknesses. Prepare for new threats, whether internal or external. Manage and monitor vulnerabilities. |
| Value to You | A tested and well-tuned system. An antidote to complacency about your security. The opportunity for full-featured managed security if you need it. |
| How We Work | Run regular vulnerability tests. Scan the entire system - from OS to application code. Mimic a malicious intruder. Translate your goals into technical requirements. |
| The Results | Business-focused risk analysis. Actionable vulnerability findings and recommendations. Enhanced threat-response capabilities. |
| Why VeriSign | Vendor-independent recommendations. Exposure to a broad range of industries. Consultants who were formerly IT professionals in the industries we serve. Unique intelligence about the most current threats. |
| Learn More | To talk with us about security and your business, call 650-426-5310 or submit your inquiry online.
Or, see the Global Security Consulting Services Overview. |
The Purpose
Vulnerability Assessment
We schedule regular vulnerability assessments to check for technical
weaknesses in your network. These assessments also include evaluation
of new systems and preparation for new threats. We scan your system,
then we use manual procedures to validate the scans and to provide an
additional layer of detail.
Penetration Testing
We often follow-up vulnerability assessments with penetration testing.
Penetration testing helps us identify how intruders can exploit vulnerabilities
that aren’t fixed quickly. We focus on identifying the technology that’s
available now to solve the problems at hand. Technology, of course,
changes - often rapidly. So we reexamine your technical security frequently
to make sure it’s up to date.
Application Security Assessments
Enterprises are increasingly extending application access to
users and business partners outside traditional boundaries. This trend
towards integrating applications between business partners means the
application security framework that your company relies on must be stronger
and more dependable. It must ensure that only authorized users and partner
applications are allowed access to key enterprise applications and data.
Our application security assessments include black box and white box
testing as well as detailed code reviews that can help you pinpoint
weaknesses and find ways to fix them.
Wireless Security Assessments
A wireless security assessment helps you identify and mitigate
risks and vulnerabilities associated with your wireless network. We
analyze your wireless business requirements and examine your network
architecture, configurations, and standards.
Tactically, we identify signal leakage and
deployment of unauthorized access points in your wireless network. We
identify vulnerabilities in access points and wireless LAN clients.
We can also search for (and attempt to break) inappropriate use of encryption
technologies information. We prepare a report classifying your risks
and analyzing the impact of suggested changes on your wireless deployment.
Back
to top
Value to You
A Tested and Well-Tuned System
Regular vulnerability testing assesses and continuously validates the
strength of your technical security. It’s also a requirement to remain
in compliance with certain regulatory requirements and standards of
good practice. We scan your entire system, from the operating system
to actual application code. Such a detailed test gives you both efficiency
and safety.
An Antidote to Complacency
We don’t just identify vulnerabilities, we validate both their existence
and risk to your organization. We uncover whether a combination of vulnerabilities
work together to increase risk. We perform a variety of tests to isolate
specific weaknesses.
Flexible service offerings
We can provide one time and recurring application, network, and host
vulnerability assessment and penetration testing as either a single
consulting engagement or an ongoing managed service. For more information,
read about VeriSign’s Managed
Vulnerability Protection Service.
Back
to top
How We Work
- We scope the work.
We perform vulnerability
and penetration testing, wireless assessments, and code reviews. We
work with your security and information officers to define the scope
of the work you want us to undertake. We can also work with other companies
if you’ve outsourced your IT and hosting services.
- We learn your goals and analyze the current state of your security.
First and foremost,
we make sure we understand your business goals. We want to make recommendations
that are not only technically sound - but tailored to your business.
- We assess your risk.
We examine your
network’s host servers, operating system, and applications. We check
to see if sensitive data is exposed. We try to replay authentication
data. We see if we can exploit encryption algorithms. We try to take
advantage of inadequate input validation controls. We see if we can
exploit buffer overflow vulnerabilities.
Networks have many
components and are very porous. The application layer is especially
vulnerable. We look not just at the way applications interact, we also
review the code behind them. We examine your database servers - and
we check their connectivity and queries. We check your modems. We scrutinize
how your wireless network is configured.
- We mimic a malicious intruder.
We gather network-
and device-level information. We run automated scanning tools and do
manual testing. We approach your network as a black box as an outside
intruder would - without any previous knowledge of how it’s configured.
We also test it as a white box as a disgruntled employee might - with
network diagrams and customer application information.
How Long It Takes
A technology assessment takes approximately one to two weeks.
Back
to top
The Results
Enhanced Technological Safety and Stability
Regular technical security assessments help ensure that your systems
are safe and efficient and that you’re able to take advantage of technical
advances.
Enhanced Event-Response Capabilities
Regular scanning provides a better understanding of your vulnerabilities
and a better ability to identify and respond to the first signs of an
attack.
Tailored Recommendations Ranked by Cost and Effort
We rank our recommendations. We know everyone has a limited security
budget. We identify the technological improvements that are best for
your business and rank our recommendations accordingly. We help you
prioritize your spending: we do a cost-benefit analysis of each recommendation
and identify which technology investments are the most cost-effective.
Back
to top
Why VeriSign
Technological security and technological efficiency
are both vital to your business. We don’t just concentrate on security
- we concentrate on your business. We also provide recommendations that
are vendor independent to give you the freedom to implement the solution
that suits you best. Read about Our
Approach - the foundation for all our work.
Many of our consultants are IT security professionals
who’ve worked in Fortune 1000 companies or in the financial, healthcare,
life sciences, retail, and manufacturing industries. Their understanding
of technical solutions is both broad and deep. Read about Our
Expertise.
We help you stay competitive - we use our knowledge
and experience to benchmark your risk against your industry. Read Industries
We Work With to learn more about our experience in your industry.
VeriSign consultants perform thousands of tests
annually. We handle billions of Internet transactions every day which
gives us unique intelligence about the most current threats. Read about The
Value of VeriSign.
Back
to top
|
Worldwide Sites
