When it comes to enforcing and following leading security practices, companies often overlook network and physical security configurations. A company’s defensive posture must remain adaptive to emerging security threats and vulnerabilities. The prudent method to verify that a company has proper safeguards in place is to have a third-party test and analyze all aspects of their security infrastructure, and provide recommendations to mitigate corporate risk. In the Information Assurance (IA) community, this is accomplished through penetration testing and vulnerability assessments.
Penetration Testing
Tapestry Solutions offers varied services in the field of penetration testing (“Red Teaming”) and tailors its approach to each individual client. Tapestry can provide the crucial third-party perspective required to properly evaluate a company’s security posture. Penetration testing and analysis covers all angles from which a malicious person can gain access to a company’s assets – physical, virtual, and through personnel. Tapestry offers the following services in the field of penetration testing:
- Physical Security
- Access Restraints (e.g., Doors, Locks, Badges)
- Monitoring Systems (e.g., CCTV, IDS, Alarms, Guards)
- Information Disposal (e.g., Shredders, Dumpsters)
- Network Security
- Network Mapping (e.g., Port Scanning, Traffic Monitoring)
- Server Testing (e.g., Web, Database)
- Password Cracking/Ethical Hacking
- Wireless Scanning
- Social Engineering
- Help Desk Calling
- Spear Phishing
- User Awareness Testing
Vulnerability Assessment
Tapestry Solutions’ Information Assurance (IA) practitioners can assess a company’s patch level using a variety of commercially common and Department of Defense (DoD) approved tools. A vulnerability assessment can provide customer management teams visibility on how well systems are being maintained, configured and protected. In addition, Tapestry can assist in setting up a patch and configuration management system that ensures that all systems on a company’s network are patched within a timely manner and are protected against the latest known exploits and malware. Proactive patch management is vital in the prevention of virus outbreaks and can aid containment of rare instances when a virus does make it through the firewall—both of which, when unchecked and unprepared for, can have a devastating impact to corporate productivity and expense.