Security Services

Freewater provides an array of
IT and business consulting services

Penetration Testing

In today’s business environment, computer systems are relied upon more than ever to automate vital business processes. Unfortunately, as your computer infrastructure becomes more complex it also becomes more difficult to secure; couple this with the easy-to-use “hacking” tools available on the Internet and you have an ideal setting for some unwelcome guests. So what can your organization do to shield against these intruders? Even if you have preventive (i.e. firewalls) and detective (i.e. intrusion detection systems) security measures in place, to obtain true IT security it is necessary to think and act like an intruder through a penetration test! A penetration test is a process for evaluating your system security through a proven penetration methodology built on industry-accepted practices. Freewater’s approach encompasses the ten security domains and methodically evaluates your entire security posture. Upon completion of the penetration test you will receive a detailed report of design flaws, system weaknesses, and implementation shortfalls. Armed with this knowledge clients have realized a better return on their IT investment, a clearer concept of asset protection, and a more secure network and server configuration. Freewater provides:

  • External testing
  • Internal testing
  • Application attacks
  • Wireless security testing
  • Human factor (social engineering) testing
  • All testing can be completed “white box” or “black box”

Freewater can design and implement a comprehensive solution to fill the IT security gaps identified during your penetration test; however, we recognize the value of “hands-on” experience, so we are happy to craft solutions implementable by your existing IT staff.

Vulnerability Monitoring

The annual penetration test is an outdated methodology for increasing a client’s network security posture. In order to combat a cyber criminal’s daily attack patterns, we have developed a daily vulnerability monitoring and penetration testing lifecycle. Every day, our client’s perimeters are monitored for vulnerabilities and subjected to manual penetration tests by our team of military grade ethical hackers. Any findings are immediately reported to the client for mitigation.

  • Daily Vulnerability Assessment
  • Hourly scan of Public IP Addresses
  • Immediate Manual Penetration Test of Discovered Vulnerabilities

We report the vulnerabilities to you and assist you in eliminating each potential attack vector.

Social Engineering Assessments

The easiest, most cost effective way around an organizations firewall, or other security devices, is through the “end-user”, or employee. Convincing an employee to click on a link, open an email attachment, or browse to a malicious post shared on a social networking site is much easier than breaking in through the front door. Imagine getting an email from your boss that asks you to review the sales projects for this quarter. Or, imagine getting an email from your child’s school with a “New Electronic Report Card,” only to realize once you’ve clicked on it that it wasn’t really what you thought it was. These scenarios are used daily by cyber criminals. We expose your employees to real-world social engineering tactics every month. However, instead of infecting your employees PC, phone, or tablets, we provide them with training.

 

  • Monthly Social Engineering Attacks
  • Monthly Training Modules and Flyers for All Employees
Network Security Monitoring
By using a custom Intrusion Detection System, our Network Forensics and Incident Response experts provide round the clock monitoring of all traffic coming into and leaving a client’s network. If a network event shows an indicator of compromise, a forensics investigation is initiated and the client is guided through incident mitigation.

  • Custom IDS Appliance developed by the Department of Defense’s former Top Cyber Security Subject Matter Experts
  • Cutting edge signature development based on real-world threat intelligence and industry collaboration
  • 24x7x365 monitoring by Network Forensics and Incident Response Experts

Combine this layer of security with the preemptive Vulnerability Monitoring and Social Engineering Training efforts and you have the most effective, cost efficient cyber security service available.