Regardless of the size of your company, information security must be at the forefront of your mind. Information security revolves around all aspects of the business and can, or should, touch every department in the company. With constant changes in how business is run as well as a daily change in the threat landscape a solid infosec program is not only needed but required. With decades of experience in information security, Arrakis can help you stabilize your environment and increase the chances of success.
These solutions can be in several forms:
Vulnerability Assessment - All companies should have a complete understanding of their vulnerabilities as well as the ability to track and show improvement. All frameworks require vulnerability assessments be performed by an internal group as well as have, at least annually, a 3rd party vulnerability assessment performed. Using industry recognized tools, our professionals will capture and categorize your vulnerabilities for in-scope devices and IP addresses. After our discovery phase we will manually test each vulnerability to ensure there are no false positives and produce an exceptional report that is designed to be handed over to the auditors or other compliance and regulatory bodies. Quite often our reports and presentations are used in their native form for Board of Director meetings.
Penetration Testing - Taking our vulnerability assessment one step further, if you wish to have active attempts into penetrating your network then Arrakis personnel can help show how a vulnerability can be exploited to gain access to the network and potentially sensitive information. Penetration testing can be performed externally (from a hackers perspective) or internally (from an insider threat perspective) as well as demonstrate how easy it is to exfiltrate data to an external destination.
Wireless Security Testing - Wireless is the current trend in increasing the mobility of the user and flexibility in device connectivity. Essentially, technology has evolved to such a point where everything connects to the Internet. Also known as IoT (Internet of Things), companies are depending more and more on devices to perform specific functions and to remain secure while doing so. Arrakis wireless security testing service will evaluate and assess your current wireless infrastructure and security to show where improvements can be made. Additionally, with wireless radiating in all directions, it is always prudent for a company to understand the wireless perimeter to ensure that penetration attempts are not being attempted from the parking lot or the other side of the street.
Social Engineering - The first line of defense with a company is always going to be the individual user. Unfortunately the weakest link in a company is also the individual user. Using industry accepted tools/tactics/procedures, Arrakis can offer a complete social engineering campaign to help uncover the human weakness in your companies security. While in some cases successful social engineering can lead to personnel changes in most cases a successful social engineering campaign provides an insight into the effectiveness of computer security awareness training and can help target specific areas that need additional training. Social engineering can be in the form of phishing, phone calls, or social interaction.
Physical Security Testing - While most companies have the intention of being physically secure, unfortunately most are not. Arrakis professionals can identify physical security weaknesses and provide an actionable plan to remediate any findings. Arrakis has a long history of uncovering and exploiting physical security weaknesses for a variety of different types of entities including Fortune 10/50/100, financial, energy (nuclear), medical, and various government locations. Additionally, most Arrakis personnel have an extensive background in executive protection and can provide physical security consultation for high risk individuals. For a slight increase in testing, Arrakis will also include low level aerial drone surveillance to show top down weaknesses.
Policy Creation and Review - Quite often companies have some form of policies in place but a majority of the time those policies simply do not meet the requirements of the auditors or the required frameworks the company is supposed to follow. While the intention of the company is to be compliant, the deficient policies do not help and only bring closer attention of the auditors. Arrakis has years of experience writing policy and can help bring you up to speed with the frameworks and provide for an easier success rate when it is time to be audited.
CISO as a service - Some companies simply do not have the budget, experience, or training to have a CISO or an information security department. While all frameworks require a security department and a CISO it simply isn't in the budget or there isn't enough technical work to justify hiring the appropriate personnel. Arrakis can help you be acting as a trusted advisor to the CIO or COO to your company and essentially performs CISO functions. Technically, by the frameworks, someone in the company still must have the title of CISO however none of the frameworks indicate that the actual "work" can't be outsourced to a reputable 3rd party. Don't be caught short in high risk compliance areas like GDPR, FFIEC, FISMA, etc...
Network Security Architecture and Design - Even the most well intentioned companies can make architectural mistakes that can lead to increased risk. Does your company have a flat network? Do you have internal controls that prevent the users from accessing sensitive HR files? Is the file server that holds all of your companies financial data available to be accessed anywhere within the network? Are your executives isolated, and protected, from other areas within the network? Who can print to the printers located in the executive area? If you answered yes, or are unsure, of any of those basic questions then you are likely not following a comprehensive "defense in depth" network architecture and are allowing horizontal movement within your network as well as unfiltered exfiltration of data.
Investigations and Forensics - Arrakis personnel are more than capable to handle an internal investigation or partner with law enforcement to help resolve sensitive business investigations. Our trained and certified team of investigative personnel have years of experience and have worked the most sensitive of cases.
Information Security Assessment - While most other companies will provide targeted security assessments such as a vulnerability assessment or a wireless security testing service, Arrakis can offer a overall complete, and comprehensive, information security assessment that includes all other services. Essentially, all aspects of security are taken into account including security awareness training, architecture, rule sets, vulnerability assessments, social engineering, budgets, processes and procedures, organizations, certification and training, etc... Arrakis strives to approach the overall security assessment from the viewpoint of the regulators and will provide an extensive and detailed report that provides actionable items to remediate findings and reduce risk. Don't be caught short in high risk compliance areas like GDPR, FFIEC, FISMA, etc...