Assessing the strength of your technical, physical and administrative security controls is critical to maintaining a strong security posture. Coalfire has experts to help you perform every type of assessment including system audits, code review, network, wireless and application penetration testing.

Our scanning services are the right choice for safe, accurate and cost effective vulnerability scanning. Our security engineers can conduct one-time internal or external vulnerability scans of your network and systems or can offer you our managed scanning solutions. We have built our services around industry-proven scanning engines and embed report filtering that reduces false positives and negatives. Additionally, our tools provide reporting output in XML, Word and Excel with sort-able data that makes assigning and tracking remediation easy. Our managed solutions provide assurance that security vulnerabilities are caught and quickly remediated, illustrating a diligent security posture over time that is critical for external audit review. All of our scan information is delivered through a secure portal solution that makes it easy to track status with all associated parties.

System configuration and management weaknesses have historically been the number one cause of security breaches. Secure system hardening and management procedures can greatly reduce the overall risk to an organization. Coalfire has extensive experience in system security testing in heterogeneous environments and leverages proven testing tools. Our testing services will provide a security profile of any system, including network devices, mainframes, AS400, Windows-Unix-Linux host systems, workstations, PDAs, databases, telecommunications, printers and appliances.

Coalfire conducts system characterizations as part of our system testing services to understand the information risk profile of the system and justified configuration parameters. We are able to test, analyze and report to a plethora of industry standards for system security hardening or test solely against an organization's security requirements and baseline configuration policies.

Whether or not you officially support wireless network technologies in your organization, you can bet that there is realistic risk exposure from wireless devices. Wireless networking technology is one of the fastest adopted technologies to date. Because wifi is readily available on laptops and easy to set up, it has been deployed in environments where there are strict no wireless policies in place for years. Coalfire can help you discover wireless technologies you may not be aware of and help you find where you have deployed wireless. We leverage the industry's best wireless testing and audit tools that allow us to execute wide ranging war driving assessments and focused penetration testing of wireless access points. For organizations that want to incorporate wireless assessment as part of their overall vulnerability management program, Coalfire can provide managed wireless assessment solutions that will provide real-time detection, prevention and alerting of wireless policy breaches or vulnerabilities.

The old saying that you are only as good as your weakest point is absolutely true- especially when factoring in the “people” aspect of IT security. Regardless of technologies you implement or physical barriers you erect, the strength of your controls comes down to the training, awareness, diligence and honesty of your company insiders. Comprehensive security policies and security awareness training are fundamental controls within an effective security program. Testing these controls is also critical to validating and improving program effectiveness.

Coalfire has a full suite of social engineering assessment services that test all aspects of your human control areas. Coalfire can customize these testing programs to evaluate the risk of information disclosure, using technical methods like online phishing, staff impersonation, pretext calling and physical control tests such as piggy-backing, lock testing, and other physical entry methods.

Application code vulnerabilities and design flaws are the new battleground in information security. The sophistication of tools and attack methodologies has exposed information, applications and developers to an onslaught of risk. Coalfire engages development teams and key development stakeholders to make certain that their applications are secured against attack. This includes ensuring that they are designed and built based on appropriate analysis of risks, threats, and exposures, and tested to meet their defined security requirements. Coalfire audits your application source code using manual and automated techniques to identify vulnerabilities.

In addition to source code review, Coalfire examines design weaknesses for flaws like legacy interoperability or insecure architectural dependencies that may result in a security compromise. Our code review provides detailed documentation of each finding that includes guidance for immediate resolution and long-term development risk treatments. Software development is an iterative process and requires that independent application code review be incorporated into your security development lifecycle at critical audit checkpoints. Coalfire has managed solution offerings that can integrate with your development teams for ongoing independent review and audit of application security.

Applications are the single most critical interface to sensitive information assets you manage and store. Your information security risk is critically linked to their security. Automated network and application vulnerability assessment scanning services have provided a base level of security to applications by looking for common contextual vulnerabilities that can be discovered using signature based scanning engines. Today, however, threat agents and attack vectors are much more sophisticated. They incorporate layers of attacks that leverage what may seem like innocuous information discovered about an organization and use this information to expose operational vulnerabilities in the underlying application functionality.

Coalfire’s application penetration services execute a full lifecycle of security testing processes that align to industry best practices like OWASP and NIST. We begin by information gathering about the organizations, host environment, application and services. We leverage this information to test the application authentication, business logic, data validation, denial of service and any other application or services in use like web services or AJAX. All application vulnerabilities or compromises are documented in detail with guidance for remediation and long-term risk treatments. Coalfire is sensitive to any impact to production environments and carefully scopes the testing services to reduce any risk of downtime.

Network vulnerability scanning provides valuable information about the security risk profile of your external network. However the depth of automated scanning usually stops at identifying the signature of vulnerability and many times does not validate the path a real network exploit may attempt. Network penetration testing helps you understand the full risk exposure that vulnerability could produce by executing attack methods that react to discovered weaknesses. Annual network penetration testing is the perfect complement to regular vulnerability scanning and provides a real world assurance that configuration and vulnerability management controls can stand the test from a real hacker.

For more information on Coalfire's security ssessment services, please contact: