|
Tiger Team
The most effective way by far to uncover and correct security
weaknesses in any system is to simulate a determined attempt to
penetrate the system just like a real attacker would. This method
is commonly known in the industry as assembling a "Tiger Team."
Once assembled the Tiger Team's purpose is to systematically attempt
to exploit all known and suspected security holes in order to
discover vulnerabilities.
Crossbar approaches each Tiger Team assignment differently. We
research the unique details of each client's systems and networks,
including such aspects as how their machines appear to an outside
attacker, who provides their network connectivity, and phone company
listings, possibly revealing dialup modems. Because each client
is different, we treat them as such and do not simply use prepackaged
software to scan for vulnerabilities. We simulate the real thing,
by doing the things actual intruders would do, and log every keystroke.
Our final report contains detailed logs of our actions so technical
staff can see where the problems lie, play by play.
Crossbar's principals have a 100% success rate in penetrating
clients' systems on Tiger Team projects, and a commitment to flushing
out all of your vulnerabilities. "No brag, just fact."
Secure Code Review
To insure maximum security, we will review, find and correct security
weaknesses in the source code of your custom software and applications.
Policy Audit and Review
Crossbar will review your company's existing security policy and
help you update or create a new one from scratch if necessary.
Security Training
We will train your employees to be aware of what they need to
do to maintain the security of your company and its systems. This
training includes everything from how to properly dispose of old
computer backups and printouts, to how to avoid being the victim
of "social engineering." We also teach the art of Intrusion Detection--
how to tell if one or more uninvited intruders are sneaking around
in your systems and networks. What signs to look for, and most
importantly, how to react without antagonizing the intruder into
causing further damage.
Forensics
If you've just experienced an intrusion, don't touch anything! Immediately call us, and we will carefully examine the crime
scene on-site to determine what was done, and the possible motives
of the intruder. We will work with your staff to figure out exactly
what went wrong, and how to prevent it from happening again. We
understand the sensitivity of this scenario, and must stress that
the crime scene be as untainted by staff as possible. This has
a direct impact on the ability to gather clues and evidence.
|