Contact Us
This form does not yet contain any fields.

    Cybersecurity

    Security is a continual process that must evolve as both business technology and the threat landscape change.  Instill multiple layers of protection into your network, web applications, servers, computers, mobile devices, and most importantly, your users.

    Security Assessment

    Vertigrate utilizes a customized approach with proven cybersecurity standards to provide its clients with a holistic view of their infrastructure.  We identify, verify and prioritize vulnerabilities, misconfigurations, and legacy settings that could adversely impact our client’s operations and/or reputation.  Our clients receive a confidential report in plain English summarizing our findings and recommendations, along with a roadmap that addresses those items identified by our assessment.

    Because each client is different, our approach to each engagement is different.  Below are some of the types of services that we can include as part of any security assessment.

    Digital Reconnaissance

    Using a combination of open source intelligence, commercial tools, and good old-fashioned ingenuity, Vertigrate builds a profile of its client’s public facing technology assets including email, remote access, file exchange, web and DNS servers.  Vertigrate employs this same approach to high-profile personnel; building a report of any public information, including social media profiles and associates, blog posts, compromised credentials, and data leaks.  The information gathered during this phase proves to be invaluable during later phases such as penetration testing, social engineering and user awareness training.

    Penetration Testing

    Penetration tests are helpful in validating that a certain security posture is being met.  Vertigrate utilizes standards-based methodologies to launch targeted attacks at specific technology assets selected and owned by Vertigrate’s client.  Depending upon the location and business function of the technology asset we tailor our approach accordingly to attack weak or recycled credentials, improperly configured technology assets, overly broad user access, and unpatched systems.

    Vulnerability Assessment

    Using the latest methodologies and tools Vertigrate uses its expertise to identify and evaluate both external and internal facing technology assets.  Our work reveals not only missing patches, unnecessary services, rogue wireless access points, default credentials, and misconfigurations, but it also inspects whether additional layers of security are available on your devices that can be implemented with no impact to the business.

    Password Auditing

    Many organizations have diligently moved to complex password requirements in their infrastructure, but it’s an arms race against the bad guys.  Password cracking tools and hardware are faster and more sophisticated than ever before.  The advent of this faster technology, more efficient dictionary and word mangling attacks, and the availability of rainbow tables means that the vast majority of passwords meeting complexity requirements can be cracked in just a few hours.  To make matters worse many Windows environments still have passwords stored in older vulnerable formats alongside the newer more secure formats.  Vertigrate can demonstrate how long it would take to crack existing passwords, identify whether client domains are still using weaker cryptographic formats, provide an action plan to remove those weak formats, and recommend changes to existing password policies.

    Social Engineering

    Over 90 percent of compromises are due to user error, oftentimes via a successful phishing email.  Using the information collected during our Digital Reconnaissance phase, we send specially targeted email messages to client approved phishing recipients.  All results are logged and provided in a summary report.

    User Awareness Training

    Users are unfortunately often the weakest link when it comes to information security.  IT departments can implement controls to minimize exposure to risks and mitigate damage, but the end user can still make an honest mistake that discloses confidential corporate information and/or access.  Vertigrate will custom tailor an educational program that delivers common sense approaches to password and physical security, wireless networks, phishing, malware and hoaxes in plain English.

    Physical Penetration Testing

    Test how effective your building access controls are.  Using tried and true tailgating and impersonation methods, we test whether someone dressed as a client, colleague, or workman can gain access to employee floors and even plant surreptitious devices on your network without your knowledge.