Scada-security has designed a security offering for the SCADA/Process control environment.
Penetration Testing - Is your network secure? How do you know? The only way to know for sure how your network will perform under attack is to actually attack it. Our team of certified security experts will launch controlled, non intrusive attacks against predetermined test network segments and prepare a report detailing what holes were found, how they were exploited, how much of a threat they are, and suggestions on how to fix them.
How does a penetration test work? - A penetration test starts with a large amount of research. Any data about your company and employees we are able to find will then be used to more effectively plan and execute attacks on your network. The next step in the test is to scan and footprint the network. Once we have gathered an appropriate amount of data, we begin attacking your test network components using many of the same tools that malicious hackers use. All research, footprinting, and attacking will start in a very quiet way, growing louder and more aggressive as the test progresses. This allows us to gauge what kinds of attacks your network will block, and which it will allow. By the end of the test, we will have collected enough information to prepare a report detailing everything we found, highlighting any points of concern, and how to improve your security.
Unlike some “penetration tests” performed by other security firms, Scada-security.com will go as deep into your network as you want. This makes the test very much more realistic, and provides a good deal more data about the real state of security throughout your network. In some cases, we will be unable to get beyond the network perimeter (a very good thing). Should this happen, we offer a variety of ways to continue the test via a secure tunnel, allowing us to bypass perimeter security without leaving any holes for attackers.
One of the most recently popular and difficult to secure vulnerabilities is the client-side attack. These attacks don’t target the network’s perimeter or any of its services, but instead targets your end users. Statistically, even with good training, and good perimeter defenses, these attacks will be successful a significant amount of the time.
Internal Penetration Testing The goal of an Internal Penetration Test is to simulate an attack by someone inside the organization. This attacker could be anyone who has access to any building or network in your organization. Typically, an organization’s network is weakest on the inside, precisely where these attackers will be. Our security experts will carry out such an attack, mainly targeting access control systems, wireless networks, and, optionally, physical security. In the end, you will know how an attacker would exploit the systems in your organization.
External Penetration Testing An External Penetration Test aims to simulate an attacker outside your organization, who is also usually in a remote location. Such attackers may be malicious hackers from a few miles away, or a few continents away.
Custom Penetration Testing If your needs are more specific than either of the above offerings, we would still like to help. Scada-security.com will work with you to test a specific system or set of systems. A good example of this is a new installation of IDS/IPS systems. In order to be useful, they need to be tuned, and tuning these systems can be difficult. It’s even more difficult without controlled attack traffic to reference. Scada-security can assist in this and many other situations. Contact us to see how we can help you.
Vulnerability Assessment - Attaining a good security stance is never easy, but it is much more difficult when you don’t know where you currently are. A Vulnerability Assessment will help nail down exactly what areas are weak and where to devote esources. Scada-security’s team of certified security experts can cover your organization from top to bottom, or only in the areas you feel that need help.
Wireless - One of the newer risks to sensitive networks is the proliferation of cheap and easy-to-use wireless devices. Many times, people will bring in these unauthorized devices and attach them to the network without anyone knowing. And, without proper security settings (which are never there by default and rarely applied), they open the internal network to anyone within several miles. Even laptops with built-in wireless capability can be a threat when attached to your network. Scada-security’s team will find any rogue devices in your area and alert you to their presence.
Local scan - Having strong security measures on the perimeter of your network is only the first step to having a good security stance. The best methodology is “defense in depth,” which says that any secure system should have good security measures in place throughout the system, not just in selected places. While most attackers are located outside your network, many attacks are actually executed from inside of vulnerable networks, where there are generally fewer defenses. Scada-security.com can perform scans of your internal networks to find any weak points and help eliminate them.
Remote Scan - The perimeter of your network is the first line of defense against a world full of malicious hackers. The devices that make up the perimeter are often difficult to configure and rarely installed correctly. Scada-security will perform a scan of your network’s front line to verify the proper functionality of the devices. These scans are able to be performed as a single event, or as part of an ongoing verification of your network’s security.
Policy Review - At the core of every good security program is a well-written and current policy. The policy should drive all other parts of the security process, including technology purchases and implementations. A good policy will be a useful tool instead of a hindrance, allowing for easy fixes to existing problems, and preventing new problems from occurring. Scada-security.com can help you write a new policy, or shape up your existing policy.
Consulting - If your organization has security needs above and beyond our defined services, we offer consulting at an hourly rate. Contact us and let us know how we can help make your organization more secure.
Please contact us at:
Purchase, NY 10577