Penetration Testing
Vigilant Cyber Services utilizes penetration testing to confirm the true risk state of vulnerabilities identified during or after a vulnerability assessment. Where as a vulnerability assessment pinpoints and documents weaknesses in a system, penetration testing will take it to the next step and manually exploit the identified vulnerability. Through vulnerability exploitation process, Vigilant Cyber Services engineers will gain root or administrator-level access to the target systems and other trusted user account access.
During this process, advanced tools and proprietary utilities will be used to maintain availability of the servers while gaining access to potential vulnerable services. After manual verification of the information from the testing, Vigilant Cyber Services will provide a mitigation plan to secure the systems and prevent the information from being accessed. Vigilant Cyber Services is the de facto expert in the penetration testing sector and covers a variety of various technologies such as but not limited to:
- Perimeter Segments (DMZ, RAS, & Extranet)
- Internal Segments (LAN, WAN, & VPN)
- Wireless Networking (WLAN & WWAN)
- Telephony (VoIP & Traditional TDM)
- Virtualization Infrastructure (Server, Desktop, Cloud)
- Application Architecture (Web, Database, & Stand-Alone)
- Mobile Cloud Computing (BYOD Systems)
Social Engineering
Social engineering is the art of evaluating the security posture of an organization's user community and physical security systems. This is done through specialized hacking techniques such as but not limited to "phishing", random phone calls, information gathering, and tailgating. Social engineering reveals the weaknesses in human characteristics of employees due improper training executed by an organizations security program in conjunction with revealing gaps in the physical security system.
Vigilant Cyber Services has built a state of the art social engineering methodology to conduct our ethical hacking assessments. This methodology allows for our consultants to quickly determine where security risks exist in an organization security program and begin exploiting these vulnerabilities to quickly identify and gain access to key corporate assets. The tasks conducted during these assessments include but are not limited to:
- Lock Picking
- Magnetic Door Brute forcing
- Alarm System Avoidance
- Ventilation System Entrance
- Access Door Tailing / Piggy Backing
- Access Badge Procurement
- Access System Bypass
- Surveillance Camera Redirection
This unique assessment enables clients to find out their true level of defense against generic and sophisticated attacks. Vigilant Cyber Services will then build a protection and remediation strategy to enable the business to operate in a more secure and efficient manner.
Application & Database Assessment / Penetration Testing
Vigilant Cyber Services' application assessments determine if it is possible to breach or compromise system applications throughout the enterprise system and ensures that all tiers of the application and database architecture are properly secured on both the server side or the client side. Vigilant Cyber Services will focus on safeguarding the application system and surrounding infrastructure from threats, vulnerabilities, or exploitation and all application sub-systems. The assessments include various application and database attack methods such as:
- SQL Injection
- Cross-Site Scripting
- Arbitrary Code Execution
- Authentication Bypass
- Input Validation / Input Tampering
- URL Manipulation
- Hidden Variable Manipulation
- Buffer Overflows
- Cookie Modification
Vigilant Cyber Services application penetration testing is a key technique for verifying the security of applications. Combining manual testing with manual code review makes our hybrid application verification approach more comprehensive and more accurate than any other method.
Vigilant Cyber Services performs application penetration testing on complex enterprise applications for both large and small organizations. Our specialty is applications with complex architectures and security features. Over many years, we have tuned our process to be extremely efficient and effective.
Application penetration testing is uniquely effective at demonstrating the exploit-ability of a vulnerability. Manual penetration testing is also frequently the only way that environmental security controls, such as web application firewalls, URL-based access control mechanisms, and centralized authentication gateways can be tested. If code is not available, then creative penetration testing is the only way to generate assurance.
Application Code Review
Vigilant Cyber Services has unparalleled experience verifying the security of the code for complex enterprise applications. We verify all lines of code across a wide range of platforms and frameworks. Over many years, we have tuned our process to be extremely efficient and effective. Many vulnerabilities cannot be discovered without looking at the code, and for many other flaws, code review is simply more efficient than scanning or testing. Manual code review is the only way that several key security controls can be verified including access control, encryption, data protection, logging, and back-end system communications and usage.
Furthermore, manual code review is also very useful in identifying the attack surface of an application and tracing how data flows through an application from its sources to its sinks. Manual code review helps Vigilant Cyber Services understand the actual security architecture as implemented, so that we can isolate architectural flaws.
Vigilant Cyber Services has deep experience with virtually all modern software environments and frameworks, including C/C++, Java, .NET, ASP, Oracle, ColdFusion, Ajax, Struts, Spring, and many more. Even if the application code was not developed internal or a home brew ,Vigilant Cyber Services will work with any third party software provider.
Secure Application Architecture & Design
Furthermore, Vigilant Cyber Services can not only assist in making your application more secure but operate in a state of efficient performance. We help design, implement, and deploy secure applications for any need with your business model.
Digital Forensics & Incident Response
Claims of fraud, financial tampering, computer crime, employee misconduct, and other wrongdoing require corporations, law firms, and government agencies to follow digital trails to piece together facts that lead to the truth.
Vigilant Cyber Service’s computer forensics experts help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation, regardless of the number or location of data sources. Vigilant Cyber Services computer forensics experts will assist you with your most complex and sensitive investigative or litigation matters involving electronic evidence or data preservation.
Cyber Crime Investigation:
We examine physical and digital evidence to uncover what did or did not happen, using Vigilant Cyber Service's combination of computer forensic expertise and traditional investigative techniques.
Data Preservation:
In the event of an investigation or litigation, Vigilant Cyber Services offers cost-effective and defensible methodologies and solutions to identify and preserve electronic data.
Virus / Malware Outbreak:
Onsite malicious code detection, clean up, and incident management.
Data Collection:
Regardless of the volume and complexity of your collection needs, our team deploys forensically sound, best-practice methodology to gather your data for electronic investigation and forensic analysis, or forensic discovery.
Data Recovery and Forensic Analysis:
Whether data was deleted or manipulated on purpose or by accident, Vigilant Cyber Service's digital forensics experts analyze the digital clues left behind to quickly and defensibly uncover critical information.
Hard Drives Analysis:
Forensics analysis of hard drives for evidence of crimes, intrusions, or incidents. Such evidence can be taken to authorities and courts
Root kit Detection:
Detection of root kits, back doors, Trojans etc for forensic purposes
Network Forensics:
Forensics assessment of network appliances for evidence of intrusion or undue activity
Expert Testimony & Reporting:
Our experts have the necessary experience and credentials to creditably serve as an expert witness or special master.
Risk Management: Analysis & Assessment
Vigilant Cyber Services security risk management experts work with you to assess your information security policies, processes, and technologies to identify weaknesses, categorize security risks, and recommend improvements. Our Security Risk Analysis and Assessment service helps fortify your environment and improve compliance with industry regulations by providing a comprehensive assessment of each important aspect of your security program including:
- Internal and external controls
- Policies & procedures
- Gaps vs. regulations and best practices
- Vulnerabilities & threats
IT Security Risk Assessment and Analysis: Reporting Objectives
The report objectives of our Security Risk Analysis sand Assessment service are to provide management with clear and concise answers to the following questions:
Within the scope of the control areas being tested, how well are you protecting your information-based assets from internal and external threats?
Are management, administrative, physical, technical and policy based controls adequate?
How do your controls compare to others in its industry?
What is the quickest, most cost effective way to manage risk to an acceptable level?
Methodology
Best practice benchmarks will be used by Vigilant Cyber Services to identify select control gaps and strengths. A gap analysis based approach allows Vigilant Cyber Services and your company sufficient control visibility to set objectives and priorities for remediation efforts. It also allows you to document and represent current control activities to regulatory auditors and examiners in the best context possible, as a best practice.
Regulatory, Governance & Compliance
Vigilant Cyber Services professionals are experienced in serving a variety of our firms' clients in a wide range of industries in areas such as royalties, licensing, distribution agreements, advertising, digital content and more. As a result, we understand the complexities and nuances of a range of business contracts, processes and procedures and have been able to help companies recover revenue misstated in self-reporting statements while maintaining and improving relationships with their business partners.
- HIPAA
- PCI/DSS
- SOX
- FISMA
- FFIEC
- ISO 27001
Disaster Recovery / Business Continuity
Vigilant Cyber Services has become a leading provider of continuity planning services and consulting to the government and private sectors. Vigilant Cyber Services develops procedures that address and document the steps for responding to a crisis event, recovering operational capability and resuming critical business functions, and eventually restoring all functions to "business as usual".
The key to our success is the ability to provide customers with unparalleled project management and planning facilitation services combined with our powerfully equipped web based planning system. Utilizing these strengths, Vigilant Cyber Services has been able to successfully train countless government agencies and corporate enterprises through the process of designing, developing, and maintaining their continuity plans.
Using lessons-learned and client feedback to continually improve our planning and project management approach, Vigilant Cyber Services has established a proven method of leading organizations through the continuity development process more efficiently and intuitively than other available alternatives.
Vigilant Cyber Services is capable of managing continuity projects of all types and sizes and can provide planning services which include staff training, plan development, meeting facilitation, and on-going plan development support. By selecting a customer-service focused company like Vigilant Cyber Services with a proven web-based planning tool, our projects are guaranteed to be completed on time, on budget, and in a successful manner.
Cyber Security Policy & Procedures
Policy Assessment Review & Gap Analysis
Vigilant Cyber Services will conduct an assessment on all documented security policies and procedures for proper adherence as related to ISO 27001 / 17799 industry standard best practices. This assessment will allow Vigilant Cyber Services to conduct a gap analysis between the organization and industry standards. From there, Vigilant Cyber Services will be able to recommend additional policies & procedures or modifications to existing policies that have been or need to be created.
Security Policy and Procedure Creation
For organizations that do nor currently have any security policies in place, Vigilant Cyber Services can assist in the creation of foundational security policy and procedures applicable to the business and operational needs of a network. This can also be done with respect to any compliance regulations governing the organizations business model.
- Physical Security
- Video Surveillance
- Access Control
- Facial Recognition / Biometrics
- Video Analytic
- Forensics For Video
- Physical Penetration Tests
Video Surveillance
Vigilant Cyber Services Networks has done video for casinos, Manhattan, Newark Airport, Prairie band Casino, Plymouth Prison, the Algerian Military, etc.
Access Control
If it locks, we can pick it, or build it better.
Facial Recognition
Vigilant Cyber Services Networks has been reporting and presenting on Facial Recognition for over 6 years. We’ve talked about it at the biggest Information Security conferences in the world. We can discuss it with you.
Video Analytic - Need to find out how many people are in videos? Or unattended package detection? Machinery not working correctly at a remote site, and need to be inspected?
- Forensics for Video - Did someone delete the video the lawyers need?
- Physical Penetration Tests - How could someone break into that facility?
- Digital Forensics/Incident Response – drop down menu
- Legal Hold/ e Discovery
- Cloud Forensics
- Breach Response
Secure Design & Deployment
Vigilant Cyber Services uses an industry standard best practices methodology which is comprehensive, yet flexible and will work “within” business process objectives. Vigilant Cyber Services provides professional security services for the full life cycle of a inter-networking system; including planning, design, implementation, operations and optimization (PDIOO), and maintains expertise in the most complex security technologies and multi-vendor environments. Our expertise encompasses all aspects of today's technologies such as:
- Network Infrastructure
- Voice Over IP (VoIP)
- Wireless Networking
- Server & Desktop Virtualization
- Application Design & Coding
- Mobile & Cloud Computing
Vigilant Cyber Services professionals are experienced in designing, deploying and supporting data networks for the government, public and private sectors. We are experienced in implementing cutting-edge high performance LAN and WANs, as well as designing advanced security solutions such as high performance routing & switching infrastructures, secure wireless, firewalls, intrusion detection systems and VPN's. Customers can take advantage of this expertise to ensure that their data networks deliver real benefits in any business environment.
Managed Security Services Provider
Vigilant Cyber Services Cyber Security Monitoring (CSM) is a managed service combining cutting-edge detection hardware, proprietary software, and expertise from industry leading security experts into a innovative methodology for identifying, responding, and remediation of cyber attack.
Vigilant Cyber Services provides comprehensive managed security services custom tailored to provide a unified, cost-effective answer to your business challenges. We combine best-of-breed technology, best practices, and a team of certified technical professionals to deliver 24/7 on-premise, co-located, and hosted managed services to public and private companies.
We provide full life-cycle for cyber defense.
We are white hat hacking experts.
- Firewall Management
- Logging And Event Correlation
- Intrusion Detection System
- Compliance Monitoring
- Remote Access
Security Training
The protection of information systems is becoming increasingly complex, and demand for new and improved services in both the public and private sectors is intense. As enterprises re-invent their infrastructure to meet the demand, cyber-security threats pose a real danger. Vigilant Cyber Services offers non-degree training programs to help professionals gain vital skills that can be used immediately to safeguard against security threats within critical information infrastructures.
Penetration Testing
Our penetration testing training course is designed for network administrators and security professionals who need to acquaint themselves with the world of offensive information security. This penetration testing training introduces the latest hacking tools and techniques in the field and simulates a full penetration test, from start to finish, by injecting the student into a diverse and vulnerable network.
Pen Test Level II
This course takes all of the skills acquired in the Penetration Testing course and further hones them by exposing students to an extremely challenging lab environment developed using actual scenarios faced by the Offensive Security team during live penetration tests. During the course, students are given an in depth examination of the vectors used by today’s attackers to breach infrastructure security.
Wireless Security
Vigilant Cyber Services Wireless Security training teaches students the base concepts of wireless networking and builds upon that foundation to conduct effective attacks against wireless networks of varying configurations. Not just for penetration testers, this course is highly recommended for anyone responsible for wireless networks. By understanding how they are attacked, administrators will know how best to protect their wireless infrastructure.
Advanced Windows Exploitation
This course makes use of extensive hands-on material, covering such advanced topics as DEP and ASLR evasion, heap spraying, function pointer overwrites, buffer space limitations, Windows driver exploits, and creating custom hand-made shell code. This is not an entry-level course. Experience with a debugger, previous Windows exploitation, and a intense tolerance for hard work is required.
Advanced Web Attacks and Exploitation
Vigilant Cyber Service's Web Security training course takes the student deep into the realm of web application penetration testing. From mind-bending XSS attacks, to exploiting race conditions, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today.