Security Assessment is the process of identifying software or hardware flaws in systems, networks and applications and depicting their impact on the corporate risk.
ADACOM features a wide range of security assessment services, customized and tailored to actionable attack scenarios:
- Vulnerability Assessment: identify, score and document technical vulnerabilities in systems and networks
- Penetration Testing: attack and break into corporate systems using all possible points-of-entry by exploiting technical vulnerabilities
- (Web) Application Security Review: assess application errors, exploit technical and business flaws in web or client-server applications
- Wi Fi Assessment: discover potential WiFi networks and experiment different ways of getting access
- VPN Testing: assess the access levels offered for remote access to your employees or business partners
- Social Engineering: review your corporate security plan by ‘attacking’ the human factor
ADACOM has a vast experience in delivering different security assessment scenarios for multinational organizations and features a >95% break-in ratio, using commercial, open-source and proprietary tools, while maintaining a large database of own exploits.
ADACOM uses international standards for describing and scoring technical vulnerabilities, while following celebrated methodologies for their security assessment engagements.
Vulnerability and Compliance Management
Modern information security standards (such as PCI DSS, ISO 27001, etc.) call for the systematic monitoring of vulnerabilities and non-Compliance, across the corporate infrastructure. A Vulnerability and Compliance Management (VCM) program provides metrics to senior management in order to far better utilize the people, processes and technologies and provide stronger security.
- Compliance Monitoring: monitor if the infrastructure (servers, networks, applications) is configured according to the corporate standards, assess password complexity and strength, document open ports and services, etc.
- Vulnerability Scanning: scan the infrastructure for known vulnerabilities (and variants of known vulnerabilities), identify missing patches, open ports and unnecessary running services.
- Reporting and Analytics: gain ‘rich picture’ of the corporate security posture as well as detailed information for ‘C’ Level executives, Directors/Senior Managers and Administrators/Operational Managers, monthly trending of vulnerabilities and non-compliance per geography, side by side comparison of vulnerabilities and non-compliance per geography, etc.
Mobile Device Management
Mobile Device Management (MDM) solution enables you to manage large-scale deployments of mobile devices. Our solution provides the ability to quickly enroll devices in your enterprise environment, configure and update device settings over-the-air, enforce security policies and compliance, secure mobile access to corporate resources, and remotely lock and wipe managed devices. With MDM, you can manage a diverse fleet of Android, Apple, BlackBerry, Symbian, and Windows devices in a single console.
- Increase scale of mobile deployments
- Enable BYOD and shared device programs
- Centralize management of mobile platforms
- Gain real-time visibility into mobile environment
- Manage the entire mobile device lifecycle
- Administer consistent policies across devices
- Enforce enterprise security and compliance
- Secure data transmitted to and from devices
- Complete enterprise Data Loss Prevention (DLP)
- Automate processes and issue resolution
- Analyze and report critical device information
On-Line Brand Management
ADACOM’s On-line Brand Management (OBM) services audit, monitor and recover your brand online.
Using sophisticated techniques and human analysis on a 24×7 basis, our OBM services offer unparalleled expertise on detecting brand misuse, report brand infringements and provide recommended actions: from site shut down to UDRP or acquisition.
- Global Infringement Audit: provides an overview of your brand’s online posture.
- Domain Name Monitoring: detects infringements and cybersquatting on your brands.
- Brand Control: detects misuses of your logo, content and images and reports on potential trademark infringements.
- Registrant Investigation Reporting: prepares organizations for legal action.
- Domain Acquisition Services: prepare an investigative report and negotiate for the domains you wish to acquire, related to your online brand.
- Dispute Resolution Policy (DRP) and Uniform Dispute Resolution Policy (UDRP): prepare organizations to initial investigation and filing a claim.
- Site Shut Down: eliminate cybersquatting and quickly remove fraudulent sites from appearing online.
Managed Security Services
ADACOM’s Managed Security Services (MSS) protect your corporate information assets while lowering the internal costs associated with information security management, monitoring and support. Our MSS offering is supported by our Security Operations Center (SOC) on a 24×7, and our customers can view their real-time system status and configuration, submit and track change requests and trouble tickets, generate custom reports, view archived reports through a secure web portal.
- Firewall Management service: Based on our 15 year experience in the firewall market, ADACOM has built its unique firewall management service offering using multi-vendor best-of-breed products, while our standard level of managed firewall service includes complete configuration management, 24×7 firewall availability and security event monitoring, as well as ongoing reporting of service activity
- IDS/IPS Management service: Our certified engineers provide our IDS/IPS management service through leading commercial IDS products
- Log Monitoring Services: ADACOM provides Log Monitoring, a flexible and powerful service that can play a vital role in providing optimal visibility and monitoring effectiveness by taking advantage of native sources of event data in network hosts (servers, routers/switches, firewalls, IDS) and correlating them with other security relevant data.
- Vulnerability Management Services: includes internal and external scanning, vulnerability testing, penetration testing, vulnerability alerting, and modem and wireless testing.
- Security Risk Profiling Service: provides enhanced risk based controls and improved network visibility, with a deep understanding of the business impact a potential vulnerability and/or network policy change might have.
ADACOM engages in a variety of approaches to meet our customer’s security design and architecture goals, determining security controls technology and placement by business asset criticality, traffic flow, bandwidth requirement and customer technology partiality.
Security Intelligence Services
Security Intelligence Services (SIS) provides measurable and accurate information about vulnerabilities, exploits, malware, phishing, regional and global online threats.
Organizations and corporations can extend their security experts capabilities by exploiting an experienced and multinational network of security practitioners, gain access to zero-day vulnerability information and leverage their security response capabilities.
ADACOM’s SIS result in immediate cost savings, eliminate false or misleading information regarding threats, boost confidence and maximize the investment protection of your corporate security program, by proactively providing deep insight on the global security landscape.
- Intelligence Research: Security information sharing and detailed cyber threat analysis help protect critical infrastructures from attack.
- Vulnerability Intelligence: Immediate access to zero-day protection through detailed and customized information related to technical threats.
- Fraud Mitigation: Step-by-step information for effective risk management through customized response processes.
- Incident Response: Eliminate negative security impact by intelligently responding to security incidents.
- Global Threat Intelligence: Early warning on global threats for leveraging your security awareness
- Integrated Intelligence: Integrate our SIS as a feed to your existing security mechanisms.
The provision of Certification Services is more than just the software of the solution, the personnel maintaining the solution and the technical infrastructure. The recognition and the trust of a Certification Services Provider depend on the internal policies and procedures the provider is implementing.
Policies and procedures are internal and confidential documents of the organization which describe the operations of the Certification Services Provider, and are critical input for an internal or external audit. An indicative list of these documents includes the Certificate Policy (CP), the Certificate Practice Statement (CPS), the Key Management Security Plan, the Key Management Policy, etc.
As a founding member of the VeriSign’s Trust Network and a VeriSign Affiliate since 1998, ADACOM has a vast experience in similar engagements and provides expert PKI consulting for developing the necessary policies for a Certificate Services Provider.
Generic top-level domains (gTLD) is the technical term for the suffixes extension of three or more characters which appear at the end of Internet addresses. They are part of the structure that forms the Internet’s global addressing system, or domain-name system (DNS), and are used to route traffic through the Internet.
The .COM .EDU .GOV .INT .MIL .NET .ORG. gTLDs already existed before the formal establishment of ICANN as an organization. Thereafter ICANN hold two application rounds, one in 2000 and another in 2003-4, where several proposals were submitted and evaluated. The gTLDs approved during the 2000 round are: .AERO .BIZ .COOP .INFO .MUSEUM .NAME .PRO while the gTLDs approved during the 2004 round are .ASIA .CAT .JOBS .MOBI .TEL .TRAVEL.
The new gTLD program (“.brand”), introduced by ICANN at late 2009, will change the way people find information on the Internet and how businesses plan and structure their online presence. New gTLDs have been in the forefront of ICANN’s agenda since their creation.
The new gTLD program open up the top level of the Internet’s namespace to foster diversity, encourage competition, and enhance the utility of the DNS.
Soon corporations and other entities can own their domain name extension. One of the most significant benefits of domain name ownership will be nearly unlimited availability of generic key words for creating unique, branded domain names.
A lot of Corporate/Marketing benefits exist attached to “.brand” top level domains (gTLDs):
- Enables the creation of succinct URLs to drive on-line response
- The entire domain name can promote the brand
- Access a nearly unlimited number of generic keyword domains
- Improve SEO
- Create and deploy URLs in real-time
- Apply URL version testing and modify immediately to deliver optimum results
Each of the gTLDs has a designated “registry operator” according to a Registry Agreement between the operator and ICANN. The registry operator is responsible for the technical operation of the TLD, including all of the names registered in that TLD. The new gTLD program will create a means for prospective registry operators to apply for new gTLDs, and create new options for consumers in the market. Any public or private organization can apply to create and operate a new gTLD providing that applicants for new gTLDs will meet very specific operational and technical criteria in order to preserve the security and stability of the Internet.