Tanner

INFORMATION SECURITY SERVICES

Data and Information Security Services

Information security is an ever-increasing concern in business. Navigating the complexities of keeping your data safe can be confusing and even frustrating.

Today’s market is saturated with cyber security companies that use high-pressure sales tactics, obscure buzzwords, and vague promises to entice customers. It can be difficult to identify the ones whose information security services will actually be effective and provide you with lasting peace of mind.

At Tanner, we take a different approach than most competing network security companies. We work closely with our customers, taking the time to identify security risks and offer effective solutions. We invite you to contact us today and let one of our security analysts help you create a plan that is right for your business.

SERVices

Understand Risk with an IT Security Review

An IT Security Review helps provide critical insights for building an effective network security risk assessment strategy that addresses the risks and provides effective solutions.

Your IT department works hard to protect your network from potential threats, but rapidly evolving hacking techniques can make the task both daunting and costly for your organization.

Your IT team is constantly inundated with network monitoring solutions that promise to solve your security problems once and for all.  Unfortunately, many of these products lack the complexity to adequately protect your network. They provide a false sense of security wrapped up in a huge, unnecessary bill.

At Tanner, we understand that your company has its own unique set of network monitoring and security needs. Things we consider when determining what safeguards to implement include:

  • Business Operations and Procedures

  • Compliance Regulations

  • Risk Tolerance

  • Staffing Levels

  • IT Security Review Process

Security reviews (also known as network security audits) start by identifying the unique threats facing your organization, followed by a gap assessment and risk analysis. We employ a proprietary set of 50+ network monitoring software controls derived from multiple frameworks.

A security review from Tanner will help you:

  • Understand current risk posture and compliance requirements

  • Select and prioritize the most effective security controls

  • Identify and quantify risk to information systems

  • Understand the strengths and weaknesses of your existing security controls

  • Align your IT risk management strategy with your security and business goals

Network Vulnerability Assessment Process

A Network Vulnerability Assessment is a great way to determine a network’s susceptibility to hacking. This is accomplished through a specialized scanning and assessment process that is designed to identify common threats, such as:

  • Outdated server OS and software versions

  • Insecure/deprecated server settings

  • Default or easily-breached login credentials

  • Unencrypted network protocols

  • Excessive access on anonymous or guest user accounts

Company servers contain a wealth of valuable and sensitive information, and hackers know how to access and steal that data. Our network vulnerability management service will help ensure that your network is (and remains) secure.

Tanner’s Network Vulnerability Assessment Process

A vulnerability assessment should provide actionable information to the customer, regardless of their level of technical knowledge or expertise. Traditional “vulnerability scans” create lengthy reports and provide recommendations that might not fit your particular network.

Our goal is to provide you with detailed, yet concise, reports that will convey the identified risks while providing the necessary recommendations and information to fix the problems.

Over 6,000 vulnerabilities were publicly released and documented in 2015 alone; that’s an average of over 500 per month!

Due to the rapidly evolving nature of network security, we strongly encourage companies to schedule regular and recurring vulnerability assessments. Monthly network vulnerability assessments are the simplest way to keep a pulse on the security of a network and ensure a timely response to future threats.

Vulnerability Assessment Deliverables

After performing a detailed assessment of your organization’s servers and IT systems, Tanner will deliver a detailed report containing all of the following information:

  • Executive summary

  • Number of the discovered vulnerabilities on the network

  • Severity assessment of found vulnerabilities

  • Pattern of risk over recurring assessments

  • The risk level of each identified host

  • Prioritized action plan to fix the identified vulnerabilities

Additionally, you have direct access to an experienced Information Security Analyst who can answer any questions you may have about your report, the discovered vulnerabilities, or recommended actions.

Network Penetration Testing

Network Penetration Testing (or pen testing) is a full hacking test against a computer network.  Penetration testers will use all the same techniques as a malicious hacker to help identify weaknesses in the network.  The report includes a detailed description of each finding along with recommendations to help improve the overall security of the network.

More than just automated scans

At Tanner, we recognize that solely relying on automated scanning tools often leads to missed serious security flaws. We use a combination of industry-standard scanning tools and manual hacking techniques to test network systems. Our personalized services include methods of manually investigating and testing your network to provide more complete coverage and help uncover hidden vulnerabilities or security concerns that would otherwise go unnoticed.

Tanner’s Process

Tanner follows a comprehensive process for every penetration test.  Our hybrid testing process combines automated tools with manual testing to find hidden or previously unknown vulnerabilities. We understand that hackers constantly find new and creative ways to hack into a network, so we take the same approach during penetration testing.  This is a key component of effective network penetration testing, because it simulates the mindset of a real hacker and provides more realistic test results.

Below are some of the methods we use as part of the manual testing process:

  • Password Cracking (Brute Force/Dictionary)

  • HTTP Parameter Tampering

  • SQL Injection

  • Protocol Poisoning

  • Buffer Overflow

  • Session Hijacking

  • Network Service Probing

  • Packet Sniffing

Qualifications and Experience

Tanner’s penetration tests are performed by qualified, experienced security analysts, all of whom have earned industry-standard certifications. All engagements are lead by an analyst with at least one of the following certifications:

  • Certified Ethical Hacker (CEH)

  • Certified Information Systems Security Professional (CISSP)

  • Bachelor’s Degree in IT Security

Security on multiple fronts

Our network penetration testing services offer comprehensive coverage for both your external and internal networks.

External Network Penetration Testing

We test your systems from an external location.  This simulates the actions of an attacker trying to break in from from outside the network.  External networks are attacked daily and need to be as secure as possible.

Internal Network Penetration Testing

We test your systems from inside your network.  This shows what an attacker might be able to access if a device on the network is compromised with malware, or if the attacker places a rogue device on the network.

FAQs

Will a penetration test slow down my network or affect my business operations?

Our team takes multiple precautions to ensure that your business operations and network remains fully functional during the penetration test. Our point of contact will maintain open and constant communication to arrange for times when using automated tools and more intrusive tests can be performed.

How often should a penetration test be performed?

While every organization’s needs are different, we generally recommend annual penetration testing to meet the requirements of various compliance standards. These annual tests will reveal any emerging vulnerabilities or hidden threats that could only be identified with thorough, regular, in-depth testing.

Penetration tests should also be performed whenever your network experiences:

  • Significant software or hardware modifications

  • Re-architecting of the network infrastructure

  • Modification of IS policies, procedures, or processes

Penetration Test Deliverable

After each test is performed, we deliver an actionable report containing the following information:

  • Executive Summary

  • Testing Methodology

  • Instructions on Recreating Test Results

  • Detailed Explanation Findings and Associated Risks

  • Recommendations for how to address each finding

The report highlights the gaps identified in tests, along with Tanner’s prioritized recommendations for remediating the identified risks. The end result is an improvement in the overall security of the application. Our findings take into consideration the size of the company and the sensitivity of its data when determining the importance and urgency of each recommendation.

Wireless Vulnerability Assessment and Services Penetration Audits

Wireless security can be a major concern for organizations. Threats to an organization from wireless networks are unique, and the risk the technology poses can be substantial. A wireless penetration audit identifies weaknesses in a network using real-world hacking tools and programs.

Tanner’s wireless penetration testing and network security assessment services help evaluate the security of an organization’s wireless implementation. It provides solutions that take into consideration a company’s size, and sensitivity of its data to determine the importance and urgency of each recommendation.

Methodologies for Wireless Penetration Testing

A wireless infrastructure security test focuses on identifying and verifying potential threats and attack vectors. Tanner’s network security team will evaluate the wireless signal coverage to identify the following:

  • Areas of Signal Bleeding

  • Authorized Access Points

  • Rogue Employee Access Points

We are then able to create a structured plan for wireless security vulnerability assessment and wireless penetration testing.

Once the wireless access points have been discovered, Tanner will attempt to enumerate weaknesses in the wireless infrastructure. Our unique approach to wireless penetration tests includes the following:

  • Exploiting weak encryption protocols, such as legacy WPA and WEP

  • Identifying weak or easily guessed pre-shared keys

  • Testing default configurations and open wireless access points

  • Identifying misconfigurations

  • Determining user susceptibility to rogue access point association

  • Preventing man-in-the-middle attacks

In the next phase of testing, we connect to the network and attempt to escalate access to higher privileged areas. This includes examination of the segmentation between guest and employee wireless networks, as well as the configuration of the wireless network.

Penetration Test Deliverable

The deliverable for this engagement includes two main parts:

  • A report highlighting the gaps identified in the wireless penetration test.

  • Prioritized recommendations to help remediate the identified risks and improve the overall security of the wireless network.

Social Engineering Testing

No technical solution can protect an organization if an employee allows a hacker into the network. The goal of these attacks could be technical (breaching a network to compromise sensitive data) or physical (gaining access into restricted areas). Whatever the goal, social engineers design their attacks to take advantage of our natural tendency to be helpful, trusting, and non-confrontational.

Social Engineering Security Testing identifies human weaknesses within an organization. The combination of technology, psychology, and creativity makes social engineering a real, and often undetectable, threat. It has become an extremely popular and effective way for hackers to gain access to a company’s information systems and steal sensitive information. Some of the methods Tanner’s Information Security team uses to combat social engineering hacks include:

  • Phishing: Sending spoofed emails to employees with malicious attachments or links.

  • Pretexting: Pretending to be a person of authority to get employees to perform actions that compromise the network (e.g., providing valid login credentials).

  • Media Dropping: Having employees introduce malicious files from external devices onto the company network.

  • Physical Security: Attempting to bypass physical locks, motion sensors, and other security controls to access restricted areas.

Tanner’s Process

Our Social Engineering Testing engagements are built from the ground up and tailored to meet the needs of your specific organization. Each test begins by using public resources and select employees to gather information on the organization. We then leverage this information to convince end-users to break company security policies that jeopardize the integrity of the network.

Pre-scripted online tests are ineffective because they fail to simulate the actions of real-world attacks. Our customized approach uses the same sophisticated techniques that hackers have been using for years to compromise high-profile companies across the world.

Social Engineering Test Deliverable

Upon completion of the Social Engineering Testing assessment, you will receive a detailed report containing the following information:

  • Statement of the engagement’s purpose, scope, and approach

  • Description of attack methods used during testing

  • Detailed social engineering security logs, including:

  • Originating IP addresses of compromised systems

  • Usernames/login credentials

  • Times of actions/exploits

  • Overview of identified risks

  • Prioritized recommendations to help reduce risk

What is social Engineering training?

Understanding how easily a social engineer can get into a company’s network is one thing, but changing the employees’ behaviors is another. Tanner’s Information Security team is here to help with both.

We strongly believe that education key to long-term risk reduction. Tanner’s Employee Security Training focuses on helping users understand their role in maintaining and protecting the company’s security.

Our social engineering training (aka security awareness training) program targets the following key areas:

  • What end-user actions put the organization at risk

  • Examples of recent cyber threats

  • Recognizing and responding to cyber threats

  • Company security policy compliance

Our cyber security training program helps you create a culture of vigilance within your organization. It teaches your employees how to combat cyber threats targeted at end-users like themselves and avoid costly or even devastating security breaches.

How we’re different

Most security awareness programs focus only on abstract concepts and scenarios that users have heard multiple times before. These programs fail to address real-world, company-specific issues and threats. Our in-person training model is a much more effective solution that costs roughly the same as some of the leading digital training courses.

By showing users real-world examples of cyber threats that could affect their workplaces, we help them understand how to recognize social engineering attacks and how to effectively respond with appropriate actions. Our training sessions are engaging, interactive, and fun.

What you get

Your onsite training session begins with an explanation of current social engineering trends and the kinds of issues companies like yours face every day. We present different tactics, techniques, and attack vectors technical hackers use to steal private information, and compare this information the methods social engineers use to access secured data. We then offer and suggest an array of preventative measures your company can use to start deflecting socially engineered cyber security attacks immediately.

A Holistic Approach to Network Security Consulting

Network/Cyber Security Consulting is about much more than just implementing hardware or software solutions. Effective cyber security services are tailored to address the specific threats and risk faced by your organization.

Every company needs to understand what they are protecting, how it will be protected, and when preventive measures have been successful. Organizational needs vary based on compliance requirements, business needs, and industry-specific threats.

Tanner’s network security analysts are familiar with all the latest security tools, threats, compliance regulations, and industry developments. Each individual organization requires a customized approach that best fits its needs.

Our Network Security Consulting services are designed to address issues like:

  • Risk identification and assessment

  • Vulnerability remediation

  • Secure network architecting

  • Regulatory compliance requirements (PCI, NCUA, HIPPA, GLBA, etc.)

The Tanner Difference

Every day, Tanner’s network security consulting team helps organizations like yours address a wide range of security concerns. Here are a few of our recent success stories.

PCI Compliance – A large corporation contacted us over fines levied by a merchant provider for gaps in PCI compliance. Their combination of global e-commerce sales and local transactions was presenting them with a unique challenge. With our help, the company met all of the merchant provider’s requirements and significantly increased their security posture, all within about three months.

Compliance Auditing – A financial services organization contacted Tanner because a recent compliance audit revealed negative findings about their operations. They wanted to resolve this issue quickly, but the report was too ambiguous for them to devise a clear resolution. Our IT support team went right to work and quickly provided an independent, customized IT controls audit. This resolved their issue and saved them from the costly repercussions of remaining out of compliance long term.

Affordable Testing Solutions – Another company contacted us because they believed they were paying too much for annual security tests through another company. We were able to provide various cyber security service options that helped the company save money and maintain a secure network.

Quality, Cost-Effective IT Security Solutions

No matter what your company’s network security concern may be, Tanner can provide you with expert network security analysis services. Our methods have already proved effective in other organizations and can all be customized to fit your company’s needs.

Let one of our dedicated network security consultants help you and your team create and implement effective cyber security measures for your organization. We are here to answer your questions, provide recommendations, and help you make better-informed decisions about your information security management program.

Tanner_Trust_T

Unmatched Industry Experience

With Tanner, you gain access to:

  • Industry analysts with valuable, relevant credentials, including Certified Ethical Hacker (CEH) and Certified Information Systems Security Professional (CISSP)

  • Thorough security assessments based on knowledge and experience

  • Post-engagement reviews (included in our upfront pricing)

  • Complimentary access to a dedicated security analyst for a minimum of one year after any engagement

  • Flexible test scheduling that helps prevent system interruptions

Actionable Strategy

All of our services include a detailed assessment and action plan that include:

  • Reports with executive summaries, prioritized action plans, and detailed descriptions of all relevant findings

  • Customized approaches to cyber security that fit the needs of your business

  • Compliance with PCI, HIPAA, GLBA, NCUA, and NIST regulations

Other cyber security consulting firms will try to sell you on products and services that fail to implement even the most basic security controls. They implement solutions that don’t even detect or prevent basic hacking attempts.

When you engage with Tanner’s experienced information security team, you know you are working with one of the industry’s top information security companies. Our goal is to deliver actionable, realistic recommendations that increase security and reduce risk. Contact us today to find out how you can drastically improve your network security without making expensive hardware or software upgrades.

John Pohlman

Director of Information Security Services

Contact Us