Security Strategy and Architecture Consulting
Planning an enterprise deployment of WAFs, IDS/IPS, Virtualization & Consolidation, or Identity Management and Multi-Factor Authentication? EA consultants provide expert guidance to help your company get the most return on investment from these necessary yet expensive propositions.
Virtual Infrastructure & Cloud Computing Security Assessments
Troubling economic times have put pressure on enterprise IT departments to deliver more value while cutting costs.
Virtualization and Consolidation solutions from companies like VMware, Microsoft and Citrix can create tangible
reductions in cost. Virtualization projects commonly reduce entire data centers full of legacy systems down to
a few racks of blade servers. However, with this consolidation comes threats from new attack vectors.
EA consultants are experts in the field of Virtualization Security, and can help you ensure that the risks inherent
in shared physical infrastructure are mitigated properly.
Cloud computing is taking the IT world by storm, and many enterprises, enticed by the scalability and reliability provided by the cloud, are moving critical applications to cloud providers. EA consultants have expert knowledge of the security considerations relevant when using shared infrastructures such as Google Apps, Amazon Web Services (AWS), Sun's Network.com, VMware's vCloud and Microsoft's forthcoming Azure. We can help you make the most of these exciting new technologies while minimizing the risks inherent with shared infrastructures.
Vulnerability Management, Penetration Testing & Code Review
From blackbox infrastructure assessments to greybox web application tests, security asesssments are our specialty. Relying on extensive experience performing manual 'ethical hacking' rather than relying exclusively on automated tools, EA consultants have a proven track record of finding flaws that other assessors miss.
EA actively supports the Open Web Application Security Project (OWASP), and several of our consultants are well known experts in the field of Web Application security.
Web Site Vulnerability Management
EA's strategic partner WhiteHat Security Inc. delivers effective vulnerability management for your public facing or Intranet web sites at affordable rates. WhiteHat's Sentinel solution is delivered as a Software-as-a-Service (SaaS) which provides massive scalability and the ability to start detecting and mitigating your web application vulnerabilities rapidly.
Web Site Vulnerability Remediation
Vulnerabilities discovered by the WhiteHat Sentinel service can be remediated rapidly by implementing "virtual patches" into supported Web Application Firewalls (WAF's). EA consultants work with your company to help implement these quick-fixes, and can also help your staff develop changes to your code or architecture to permanently mitigate the vulnerabilities.
Penetration Testing
EA consultants have the "security mindset" and are expert at finding vulnerabilities in your applications, systems and networks that are often overlooked by other assessors. We provide expert assessment of your External and/or Internal systems to help you find and fix problems before the bad guys do.
Code Review
Are you deploying a particularly sensitive application? While blackbox testing can be very effective at identifying many security issues, combining blackbox testing with source code review (known as greybox testing) is the best way to gain maximum assurance. Our consultants provide expert security code review services for several popular web application development languages and frameworks, including PHP, ASP .NET, python, Ruby and Java.
PCI and FISMA Compliance Consulting
The advent of PCI-DSS has imposed stringent regulatory requirements even for small, privately held businesses. EA can help your company implement the security controls and document the processes required by the specification, without breaking the bank.
EA also has experience providing compliance consulting for Federal Government Agencies. Our consultants understand the intricacies of the numerous NIST guidelines and special publications, and can help you put together a compliance program that will make certification and accreditation cost effective and rewarding.
EA has experience dealing with auditors from the
Office of Inspector General for various agencies, and can help your
agency prepare for their annual audits. Proper preparation can make the potentially harrowing prospect of an OIG audit
an efficient and amicable experience.
Denial of Service Attack Mitigation
Organized crime has moved online, and financially motivated attacks
are a real threat. If your site is presently down as a result of an extortion based DDOS attack,
don't pay the ransom! EA can help!
EA's strategic partner Prolexic can provide immediate relief from DDOS attacks and get your site back up and immediately. Once the crisis has been averted, EA can provide expert analysis of your present technology architecture and provide recommendations for hardening your business against future DDOS attacks.
Information Mining and Data Gathering
The Internet is the "one computer" that has the capacity to store and distribute staggering amounts of information. In this age of hyperconnected radical transparency, it can be difficult for companies and individuals to be aware of all the information they are exposing to the net, intentionally or otherwise.
EA's strategic partner Paterva provides comprehensive Intelligence Gathering Services to answer the
following questions:
Infrastructure Footprinting
How big is my organizations' Internet footprint? Where are my IT assets exposed worldwide?Email Address Harvesting
What email addresses are associated with my organization's domain? What are the name, gender, geographic location and social network affiliation of these individuals?Sensitive Data Leakage
What documents, images and other potentially sensitive data is my company or my employees exposing to the Internet? These may include confidential or proprietary intellectual property, indexable directories on web servers, internal memos, phone directories, presentations, budgets, meeting minutes, etc.Online Reputation Management
Designed for high profile, high net worth individuals or celebrities, this service provides a periodic (daily/monthly/weekly/quarterly/annual) review of "what's new on the net about me?" Is it true? Can this information be corrected and/or suppressed if false?Person Profiling
Who is this individual? What are their professional and personal affiliations? This search relies exclusively on public domain information. Although these profiles can be created for any individual, it is expected that they will be most useful for key personnel within an organization, such as board members, executives and senior management. These profiles will include:
Incident Response & Forensic Investigations
Do you know, or suspect that your company's IT security has been breached? These days, hackers are motivated by profit, more than glory. Thus it's unlikely that a breach will result in overt symptoms like defacement of your company's website.
It's far more likely that the breach will result in the installation of a permanent agent which will use covert channels to allow the attacker continuous bidirectional access into your network going forward.
EA consultants are experienced in performing forensically sound post-incident analysis and investigation to help your company determine the extent of the breach, contain the incident, and help you get your operations back up and running as quickly as possible.
Whether the attack was perpetrated by anonymous malicious Internet users, or trusted insiders,
EA can help you recover, and ensure that the situation is handled discreetly and profesionally.
Security Training
EA's strategic partner Aspect Security provides a comprehensive suite of security education training for
developers, security professionals and managers. Aspect is the leading provider of application security training
courses, averaging 500 students per quarter. Aspect understands that education and training is one of the critical
building blocks to achieving application security in an organization. Since 1998, Aspect has taught thousands of
developers, architects, testers, and managers how to build and test applications to ensure security.
From individual course offerings, to entire training initiatives, Aspect can meet your organization's
application security training needs.
