Organizations today have deployed numerous technologies to handle near constant communication and to support day-to-day operation of the business. Businesses within virtually every market vertical have deployed IT systems to handle their most sensitive assets, infrastucture, and resources. Although these changes have resulted in unprecedented gains in productivity, they also provide new and exciting opportunities for the attacker. Wireless, Web-enabled, Mobile, and VOIP technologies have all added to the “attack surface” that is exposed by an organization. BLS offers a suite of CyberSecurity assessments which are intended to help organizations identify vulnerabilities, develop mitigaition strategies, and better manage overall risk.
Black Lantern Security engineers will work with organizations to develop and execute a vulnerability assessment based on prioritized business objectives, available resources, emerging threats, and resource sensitivity. BLS’s engineers use a mixture of open source, custom, and commercial tools to systematically assess the security posture of critical components without significantly impacting the daily operations of a business or organization. BLS will work to identify vulnerable products, services, and systems using the latest signatures, vulnerability research, and reporting. The team will also analyze systems, services, and infrastructure for mis-configurations that open up otherwise secure systems to attack.
Web Application Assessment
Each day, companies execute scores of internal and external web-based transactions using enterprise web applications and business tools. Web Application Assessments are based on the established OWASP frameworks and will test both internal and customer facing enterprise applications for misconfigurations, vulnerabilities, and basic logic flaws that would allow an attacker to access and exfiltrate sensitive customer data including (PII, PHI), intellectual property, financial data, or business intelligence. A thorough examination of the systems that support and service customers, employees, and partners is vital to maintaining business operations throughout the customer’s organization. BLS’s security engineers will work to ensure that these systems continue to function with the correct levels of confidentiality, integrity, and availability.
A wireless assessment begins with the identification and enumeration of both authorized and rogue wireless access points. The information collected and analyzed will include deployed encryption, SSID, channel information, access point location, access point name, equipment vendor details, and hardware MAC addresses. This data will then be used to identify new or previously unknown vulnerabilities in wireless devices and configurations. The testers will provide recommendations for improvement with explicit steps to implement fixes.