Cyber Security Services
Exelcius Technologies goal of a security assessment (also known as a security audit, security review, or network assessment), is to ensure that necessary security controls are integrated into the design and implementation of a project. Exelcius Technologies security assessment services will properly assess complete documentation outlining any security gaps between a project design and approved corporate security policies. Management can address security gaps in three ways: Management can decide to cancel the project, allocate the necessary resources to correct the security gaps, or accept the risk based on an informed risk / reward analysis.
The following methodology is used by Exelcius Technologies to outline the effective means for conducting security assessment.
- ◈ Requirement Study and Situation Analysis
- ◈ Security policy creation and update
- ◈ Document Review
- ◈ Risk Analysis
- ◈ Vulnerability Scan
- ◈ Data Analysis
- ◈ Report & Briefing
Exelcius Technologies goal for vulnerability assessment is of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
A vulnerability assessment process that is intended to identify threats and the risks they pose typically involves the use of automated testing tools, such as network security scanners, whose results are listed in a vulnerability assessment report.
The process typically includes:
- ◈ Discovering and catalogue all assets within your network
- ◈ Assigning a value to identified assets
- ◈ Identifying vulnerabilities and threats that exist for each asset
- ◈ Assessing the likelihood that threats may be exploited.
- ◈ Building a recommendation for cost-effective mitigation
Exelcius Technologies goal for Penetration testing, also called pen testing or ethical hacking, is to attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network
Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in -- either virtually or for real -- and reporting back the findings..
The process of penetration testing may be simplified into five phases:
- ◈ Reconnaissance
- ◈ Scanning
- ◈ Gaining Access
- ◈ Maintaining Access
- ◈ Covering Tracks
Exelcius Technologies goal of performing forensics is to gain a better understanding of an event of interest by finding and analysing the facts related to that event.
Network forensics is related to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Exelcius Technologies has the capabilities to implement and use niche technologies like Wireshark, Tcpdump, Niksun, Encase Enterprise, RSA Netwitness apart from the log analysis of system, network and security devices..
Computer forensics: The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analysing and presenting facts and opinions about the information. Exelcius Technologies can perform both memory and disk image analysis. Exelcius Technologies has the capabilities to implement and use technologies like Encase, Access Data FTK, RSA E-CAT and Redline, Volatility, log2timeline, F-response etc.
The phases of the investigation and forensics process are the following:
- ◈ Collection of forensics data and incidents
- ◈ Classification of incident for Investigation
- ◈ Examination of the collected data and incidents
- ◈ Conducting interviews
- ◈ Collecting artefacts and retention as required
- ◈ Analysis of the examined forensics data
- ◈ Reporting
- ◈ Reports