Protect Your Business with Information Security Consulting
At Caliber Security, we are experts at helping companies protect their business and assets. In addition to scans and penetration tests on networks and applications, we can also review and test the policies and procedures that your people are following to ensure that you’re protecting yourself from future issues.
Network & Systems
Network Vulnerability Scan & Review
Caliber’s vulnerability network scanning service provides a moment-in-time view of your system weaknesses. The value in this service is that it identifies low-hanging fruit in order to effectively and rapidly mitigate your overall security risk. This assessment is targeted at computer systems, networking devices, or one or more particular programs and applications that are available across the network. A network vulnerability scan is typically recommended on a quarterly to yearly basis, as it is a critical underpinning for any information security program. Additionally, vulnerability assessments and penetration tests are required for some compliance standards such as PCI. While not required for HIPAA, it is also recommended as a best practice for healthcare organizations that interact with patient data.
The value in our network scanning service is not the scan in and of itself, but rather the actionable relevant reports that we create with it. These reports provide clear direction to you and present an actionable plan to shore up risks. You can count on us to deliver clear, actionable, and relevant analysis and reporting, every time, for your network review.
Network Penetration Testing
Caliber’s network and infrastructure penetration testing identifies security weaknesses in your network and in the devices within the network. Our skilled testers thoroughly search to identify potential vulnerabilities such as improper security configurations, out of date software, missing patches, weak communication algorithms, command injection, and other similar items. For infrastructure penetration tests we often include the testing of firewalls, switches, virtual and physical servers, and workstations.
Penetration testing is a proactive way to discover exploitable vulnerabilities in your computer systems and networks. For penetration testing, it’s important to understand that basic automated testing is typically not enough to identify all of the major vulnerabilities in your network. At Caliber, we help you gain a thorough understanding by using both an automated and manual testing process. This allows us to go beyond basic testing and move into providing you a more robust picture of your vulnerabilities. This information is compiled and presented to you in an actionable and relevant report that gives you a clear path on what to do to remediate issues, before an attacker is able to interrupt your business operations.
Mobile & Applications
App & Mobile Structured Assessment
Your information security journey should always begin with an assessment. An assessment will help distinguish what assets are most valuable to you and how to best protect them. Whether you have a robust security system in place or you have few protocols, you need to understand your applications and mobile apps for vulnerabilities and weaknesses. Caliber works closely with your organization to identify threat levels based on your business needs, technology profile, and overall risk approach.
App & Mobile Vulnerability Scan & Review
We use scanning tools to identify vulnerabilities on your apps and mobile software. The results of the vulnerability scans help inform you about known and potential vulnerabilities, so those weaknesses can be addressed and managed.
What is most important about any app or mobile vulnerability scan is the interpretation of the output of the scanning results. All too often in the information security industry we see boilerplate reporting with a lot of copy and paste, and no clear direction on what to do to resolve identified vulnerabilities. Are all of the vulnerabilities equally important? How are you supposed to resolve them? And where should you begin? We interpret and prioritize the data to provide you with a roadmap to resolving issues in a way that makes sense and provides the most value to your specific business. You can count on us to deliver clear, actionable, analysis, and reporting for all of your apps security needs.
App & Mobile Penetration Testing
Web Application Penetration Testing (Pen test) is used to determine vulnerabilities in applications that process and/or store sensitive information. This typically includes credit card data, personal identifiable information (PII), and other proprietary data. Our web application penetration testers seek to obtain access to gather sensitive information from your applications which we can then help you determine where risks associated with application vulnerabilities lie.
To fully test your apps, it’s important to know the difference between basic vulnerability testing and a high-skill attack simulation. At Caliber, our testing methodology goes deeper than traditional penetration test companies, to provide you with a complete picture of your information security vulnerabilities. We also incorporate your company’s unique requirements and risk factors into our analysis to ensure the most effective testing and remediation recommendations.
Social Engineering and Phishing
Social engineering is basically a penetration test against people within an organization. It provides a true assessment of an organization’s security training and awareness practices. By performing social engineering assessments of your organization, Caliber is able to establish a baseline security posture and make recommendations for modifying and developing stronger policies and procedures.
Caliber can provide three different levels of social engineering threat modeling based on your security needs: low, medium, or high risk. All of our social engineering is done in adherence to ethical guidelines. The output of our threat modeling is an actionable and relevant report that will provide you with a roadmap to develop better security procedures. Our reports contain security metrics from social engineering that are consistent, and reusable. For us, it’s not good enough to simply do a pass/fail social engineering test, which does not have an actionable output of the process. We like to look at pass/fail rates as percentages, as opposed to just saying you failed and proving to you that we can break your security. We also adhere to the standards of non-attribution, where we want to help fix the process and educate employees, not blame the person who made a mistake. These are all reasons why most of our clients find our social engineering service to be a little different and a lot better than what other companies do.