services

Risk Assessment

Foundstone consultants follow a tried, tested, and proven methodology to conduct superior network Security Assessments. By focusing on protecting the right assets from the right threats with the right measures, we achieve the highest levels of assurance and business value.

Protecting the right assets from the most severe threats begins with securing all device connected to your network. Foundstone identifies and thoroughly tests potential points of attack after enumerating every live host, open port, and available service. Foundstone attempts to identify all vulnerabilities and focuses on areas where a compromise would have the greatest impact and create the highest risk to your business. We also understand the policies and regulations that drive the need for security, especially for e-commerce and financial services. Our analysis is not disruptive to your organization, with minimal or no impact on staff and business productivity.

Footprint Analysis and Information Gathering

The Footprinting and Information Gathering phase results in a detailed blueprint of your company’s network and its security profile: two major components to measuring the network’s overall risk. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications.

Vulnerability Scanning

The information gathered during the Footprint Analysis and Information Gathering phase is used to perform the Vulnerability Scanning phase and penetrate vulnerable systems. Foundstone takes a holistic view of the network and chains multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically culminates in pilfering sensitive data such as password hashes, restricted databases, or attaining specific trophies that your company identifies.

Manual Vulnerability Verification

Foundstone consultants go the extra mile during our security assessment and perform manual verification of the discovered vulnerabilities to minimize the number of false positives, thus saving you time during the remediation process. Manual checks are performed to ensure that the operating systems are properly identified and version numbers are correct to best of our knowledge.

Penetration Testing

Foundstone's penetration testing provides the most thorough test of internal defenses available. Foundstone consultants scrutinize all hosts in scope for any weakness or sliver of information that could be used by an internal attacker to disrupt the confidentiality, availability, or integrity of your systems.

Vulnerability Analysis

The last step of Foundstone’s Comprehensive Security Assessment methodology is vulnerability analysis. An in-depth analysis of your vulnerabilities is performed to determine the systemic causes and to develop strategic recommendations. Foundstone consultants then categorize and prioritize the strategic recommendations by people, process, and technology. This information seamlessly feeds into the Foundstone next-step recommendations specific to your organization.

The Foundstone Comprehensive Security Assessment offering gives you the best of both worlds by performing a penetration test as a subcomponent of the External Security Assessment. This enables you to see if your network can be penetrated from the outside and gives you a comprehensive list of all security vulnerabilities on your perimeter network.

Foundstone offers a Vulnerability Assessment that utilizes Foundstone’s award winning Foundstone Enterprise software. The Vulnerability Assessment provides a rapid and efficient inventory of the devices, services, and vulnerabilities of internet-connected networks.

A typical comprehensive security assessment consists of the following assessment areas:

Click here to view a full datasheet about this service.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download