TSEI believes in helping you take action to enhance your security posture, and not simply checking a box like some compliance auditors. We conduct a thorough survey of your corporate network, partner networks, public networks, and other custom connections (e.g. SCADA, external accounting/payroll) to ensure we fully understand the scope of the corporate security exposure. We have performed assessments for a variety of clients, to include: Governments, utility companies, banks, law firms, information technology companies, etc.
Automated tools are like relying on a robot to find problems, they can only find what they are programmed to know, therefore we don’t rely on them. A skilled hacker is not going to look at your network with only a automated tool, and that is why we don’t either. We focus our penetration testing on looking at your network like a hacker would. Many networks today are “eggshell” networks (they are hard on the outside, but soft on the inside) and for this reason we focus on both external and internal threats to assess the level of damage that could be done.
Today’s computer security market is filled with gimmicks and products that are guaranteed to fix your problems, but honestly there never has been and there never will be a silver bullet short of unplugging your network from the outside world, and that is not an option in most businesses. This is why it is critical to understand your technical vulnerability, your business processes, and how different business units inside the company interact. From here we can quantify the relative risk vectors so that a security program can be put in place to combat threats.
In order to have a comprehensive physical protection plan we assess your physical security posture from the ground up. We begin by analyzing all of the breaches that could occur, their likelihood, and then addressing each of those issues with rational mitigation. Emphasis is placed on access control, remote video/audio surveillance, and multiple layers of technology and personnel placement to provide early warning and minimize security breach false postives.
You computer security has been compromised, what now? We provide incident response services as well as investigations to reconstruct the five W’s (who/what/why/where/when) of an event. We use this same logic to also think about how an attacker might look at your corporate resources, and by applying this logic and our forensic knowledge we can address issues for you before they are exploited by a third party.
We take a rational threat assessment approach by first understanding the threats, then ranking the respective risks, and finally quantify the consequences if they were to happen. Only then can we determine mitigations and their respective monetary costs to determine where to focus attention and budget.
Threat assessments and managing risks go hand and hand, therefore we often conduct these services together. However, if you already have your threat actors well defined, we can apply our risk methodology to your threat agents and help you understand your top risks, the consequence of not addressing them, and the mitigations that can be done to reduce your risk profile.