Action

Information Security increases productivity, organization and control in your company.

Don’t let vulnerabilities in your information technology structure interfere the work flow of your company.

The dissemination of the culture of information security must be a permanent activity, be it public or private, profit or nonprofit.

Your company must be safe whenever a threat presents itself. Today, investment in information security is paramount.
RISK AND VULNERABILITY ANALYSIS

Our proposal
In order to establish an investment plan, it is necessary to understand the risks your company is exposed to. The service of Risk and Vulnerability Analysis is already known to be an important tool in tactical and strategic support. Understanding the risks means gaining mobility.

BENEFITS:
• List of all threats, vulnerabilities and risks.
• Knowledge of the probability of the occurrence of each threat.
• Recommended controls and solutions as preventive measures.

NETWORK AND SERVICE AUDITING

Our proposal
The management of information security is a permanent concern of any IT manager; however, sometimes there is no structure to create an exclusive department to handle this demand. As a result, updates do not occur, users have vulnerable passwords, the configuration of the work stations, servers and network security devices are not defined and adjusted, resulting in more vulnerabilities. In order to service the market of companies with IT security deficiencies, we offer the service of SECURITY MANAGEMENT ANALYSIS, in which we analyze and document:

• Network topology;
• Sub-networks;
• Protocols;
• Bridges / Switches / Routers / Gateways / Hubs;
• Internet Links;
• Inventory of the servers and stations (hardware, software, paths, configurations);
• Printers and other network assets;
• Analysis of the vulnerabilities of the servers and work stations.
• Analysis of network traffic with passive capture of packets and logs.
• Identification of the packets that are really being transferred in the network.
• Analysis of the network load balance;
• Analysis of the current policies;
• Policies for user creation, maintenance and rights;
• License policies for the use of software;
• Backup policy and bug control;
• Policies for interception and correction of security failure;

After the conclusion of this stage, the company will have the documentation of its network, the security level in which it currently is, and what vulnerabilities it has and how to fix them. Following this analysis, we can correct and adjust your security infrastructure, implementing vulnerability correction, creating security policies and presenting a report of the new network status. Learn more about our Security Management Analysis technique. Contact us for any questions, and receive a proposal adequate to your company.

FORENSIC INVESTIGATION

Our proposal
Several companies experience internal problems with fraud, attacks and data theft. Few, however, make these incidents public. The reasons range from the lack of methods to investigate the frauds and punish the offenders to the lack of knowledge as to whether the company has been defrauded (or is being robbed and is not aware of it), or even the fear of losing reputation.

In order to meet this need, we offer forensic investigation services in computers and corporate networks. With the use of state-of-the-art forensic analysis tools and advanced techniques, we can perform detailed analyzes both in the companies network and in its computers, generating conclusive reports.

Further application of the forensic analysis in the company is the discovery of what is transferred in the network, which computers access the Internet the most, which websites are more visited, etc. This way, the network manager may measure better the use of the network and even correct hardly identifiable problems.

Learn more about our Forensic Investigation technique. Contact us for any questions, and receive a proposal adequate to your company.

INVASION TEST

Our proposal
The complete assessment of the security level of a corporate environment is an external activity - it demands interviews, definitions, etc. Most companies do not have that time to spare. The Invasion Test proves to be a dynamic alternative in the validation of the security process: It is an invasion attempt aiming at obtaining information that your company considers classified. This kind of validation presents the real current level of exposition of the corporate information, analyzing:

• Networks (LAN / WAN / Wireless);
• Data communication;
• Peripheral network topology (DMZ);
• Data Center;
• Gateways;
• Extranet;
• Intranet;
• Access points via VPN.

BENEFITS:

• Assessment of the security controls liable to violation.
• Validation of an already implemented security environment.
• Report from and external and independent team.

TRAINING CAMPAIGNS

Our proposal
Campaigns for raising user awareness is an activity that has been growing among big companies, presenting good results. This procedure consists of organizing, in an attractive format, lectures for the users about issues that the company considers relevant (e-mails, passwords, access to websites, etc). Depending on the number of employees, this stage may take up to one week. Attractions can be included in the program in order to attract more user attention to the issue at hand. Learn more about our Awareness Campaigns technique. Contact us for any questions, and receive a proposal adequate to your company.

COMPETITIVE EDGE

Our capacity for understanding the companies’ strategies in order to promptly meet their business needs.

Copyright © 2011 - Squadra Consultancy

squadra@squadraconsultoria.com.br

Phone: +55 (51) 3026.3184