|What You Need to Do||How Redspin Can Help|
|You've never performed internal testing before or perhaps you are new to the organization and need help prioritizing high risk issues. You have multiple types of sensitive information to protect: employee personal information, financials, intellectual property, etc. You need to establish a baseline and a develop a practical plan for the future.||Technical Internal Security Assessment|
|Your business relies exclusively on the security of your virtualized environment. You have recently deployed or significantly changed your virtualized infrastructure and documented policies and procedures are still in development. You are looking for guidance on what best practices should be implemented in your environment.||Virtualization Internal Security Assessment|
|You want to simulate a real-world attack on Internet-accessible critical infrastructure and understand the level of risk that exists at this exact moment. You are looking for a manual testing approach to complement your existing automated scanning processes to better identify and validate all security vulnerabilities and their impact to your environment.||
External Network Security Assessment
|Your web application stores sensitive information that, if breached, would significantly damage your business. Time-to-market deadlines, multi-location developers, and limited resources may have resulted in insufficient security testing during the development lifecycle. Your web application has just gone live and you need to know for sure it is safe from malicious attackers on the Internet.||Web Application Security Assessment|
|Employees are the weakest link. How do you make them the strongest link? Periodic testing has shown to significantly improve employee information security awareness and reduce the risk of sensitive data compromise.||
Social Engineering Security Assessment
Technology companies have also been among the first industries to deploy enterprise-wide virtualization. By distributing internal computing services and resources while centralizing IT administrative tasks, these companies have improved scalability, balanced workloads and ultimately lowered costs. From a network security standpoint, virtualization presents new challenges as the execution of software tasks can be completely or partially separated from the underlying hardware. Redspin's virtualization service is specifically designed to test company's policies and controls in the context of this environment.
An even further evolution of virtualization is cloud computing. In this model, companies utilize a third-party service provider's global infrastructure to optimize computing tasks, distribute data storage, improve response times, and take advantage of built-in redundancies. Typically, these deployments are implemented under service level agreements (SLA's) with quality of service (QoS) guarantees.
Major cloud service providers include Amazon, Google, Microsoft, Rackspace Cloud, and Salesforce.com. Although gaining in popularity, concern over security issues continues to constrain wider adoption of cloud computing. The most important issues cited are: poor configuration or bugs in the cloud service software; the theft of information by hackers; employees negligent with confidential information.
As yet, the technology industry is unregulated by the Federal government in terms of security compliance. However this may change in the near future. In a recent Department of Homeland Security's (DHS) initiative, the agency sets out the goal of improving cyber security as a matter of national interest. The government's proposal included a provision to penalize "certain" IT firms and high technology companies $100,000 per day unless they comply with strict directives imposed by DHS. Non-compliant companies that were deemed "critical to the national interest" could include web hosting companies, ISP's, broadband providers, software companies and even search engines.
Redspin is well-prepared to meet the diverse needs of technology companies and have some of the largest tech firms in the world as clients. We have also proven our ability to react quickly to new legislative compliance issues, no matter what the industry.