Overview
Foundstone security consultants follow a tried, tested, and proven methodology to conduct superior Internet security assessments. By focusing on protecting the right assets from the right threats with the right measures, the highest levels of assurance and business value are achieved for our customers.
The process begins with securing Internet-connected devices on your network. Foundstone Internet security consultants identify and thoroughly test potential points of attack after enumerating every live host, open port, and available service. These vectors are often found in routers, firewalls, DNS servers, web servers, database servers, and even legacy hosts that have no Internet-related business purpose. Foundstone attempts to identify all vulnerabilities and focus on areas in which a compromise would have the greatest impact and highest risk to your business. We also understand the policies and regulations that drive the need for security, especially for e-commerce and financial services. Our analysis is not disruptive to your organization, and causes minimal or no impact on staff and business productivity.
Key Benefits
- Protect your network perimeter
Get a comprehensive list of all security vulnerabilities on your perimeter. Verify if your networks and web applications can be penetrated from the outside. - Save time and money
Schedule, contract, and execute third-party network assessments quickly and cost-effectively while still gaining the benefit that comes from using the same commercial scanning tool. - Get a complete network overview
An executive summary details trends, architectural, and systemic issues. It also provides a rapid and efficient inventory of the devices, services, and vulnerabilities of Internet-connected networks.
Methodology
- Footprint analysis and information gathering
The footprinting and information gathering phase results in a detailed blueprint of your company's network and its Internet security profile, two major components to measuring the network's overall risk. Our Internet security consultants approach footprinting without significant prior knowledge about your company's network. This allows us to create a thorough mapping and overcome any blind spots you might have. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications. - Vulnerability scanning
The information collected during the footprint analysis and information gathering phase is used to perform vulnerability scanning and penetrate systems. Foundstone takes a holistic view of the network and chains multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically culminates in pilfering sensitive data such as password hashes, restricted databases, or attaining specific assets that your company identifies. - Penetration testing
Foundstone's penetration testing provides the most thorough Internet defense test available. Foundstone Internet security consultants scrutinize Internet systems for any weakness or information that could be used by an attacker to disrupt the confidentiality, availability, or integrity of Internet-connected systems.
Foundstone's proprietary penetration testing methodology is divided into two essential phases for a comprehensive, detailed understanding of your company’s network and how best to protect your most important assets. For organizations that require the most thorough penetration testing activity on their networks, Foundstone offers a variety of options, including social engineering, denial-of-service testing, intrusion detection system and incident response validation exercises, and more. Foundstone consultants analyze the results and develop an accompanying executive summary that details trends, architectural, and systemic issues.