CYBERSECURITY

Incident response

iRangers utilizes a successful, well-defined approach to addressing and managing the aftermath of a security breach or commercial espionage.  Our approach can greatly reduce the damage caused by the incident and helps to reduce the recovery time and cost. iRangers can help your organization in all or part of the following incident handling steps:

  • Containment and isolate the incident and prevent it from spreading
  • Ensure business continuity by creating temporary infrastructure on demand
  • Assist and support your lawyer
  • Forensics – collect and archive information to be used as evidence
  • Root Cause Analysis
  • Assist your press officer for communication with customers and media
  • Support for law enforcement process
  • Elimination and Remediation
  • Recovery of data and software
  • Post Mortem – Debrief and workshop to discuss improvements to prevent similar incidents from happening again

 

Software Security

Most organizations rely heavily on software applications to run their business.  Flexible application delivery models utilize web browsers, mobile devices, thin clients, application streaming, and custom API’s which makes securing these applications in today’s environment challenging.  iRangers provides a comprehensive security service offering for mission-critical software applications, enabling you to identify threats, implement an effective application security program, and mitigate risk.  The iRangers software security model covers the following steps:

  • Error handling and logging
  • Data protection
  • Authentication
  • Session management
  • Input and output handling
  • Access control

Vulnerability and Security assessment 

Security assessment helps to evaluate the strength of customer’s defense against the attacks that are most likely to be performed by actual attackers. Hidden security gaps leave the organization vulnerable to security incidents, data breaches and incompliance to regulatory requirements, which hurt a customer’s reputation, negatively impact market share and revenue. Security assessment provides you with the knowledge and awareness to stay proactive in eliminating the threats and improving the security at all levels of the business.

Our approach and services cover these areas:

Infrastructure

  • External network vulnerability assessments
  • Internal network vulnerability assessments
  • Firewall configuration assessment
  • IPS/IDS/DLP configuration & vulnerability assessment
  • Network architecture reviews
  • Device configuration reviews
  • Wireless security assessments
  • VoIP software & hardware condition and configuration assessment
  • Microsoft enterprise software: Active directory reviews, Microsoft Exchange configuration review, deep analysis of Microsoft Lync infrastructure elements, assessment of Microsoft SCCM configuration
  • Mobile device and MDM (Mobile Device Management) security assessment
  • Social engineering and physical penetration test
  • Insider threat assessments
  • Custom services

Application

  • Web and application client/server assessment
  • Mobile application assessment
  • Source code review
  • Software development lifecycle review
  • Custom services
  • Security Architecture and Design

 

Enterprise architecture is one of the most powerful management tools used by progressive organizations. Many organizations find their security controls keeping preventing them from getting achieving a target objective and reducing their effectivity. At the same time, executive level is worried about sufficient level of protection for information being handled inside of the organization or being shared with customers, public and partner. You keep asking yourself, what is going to be the business impact if a system in your enterprise becomes compromised? To be effective, the security must demonstrate value to the business, avoiding to be associated with an inconvenience and obstacle for effective operations. The challenge of security architect is to understand the quality of risk. Enterprise architecture enables the ongoing alignment of business processes and strategies with the right technology solutions. Enterprise architecture helps busy IT and business executives transform data about technology into powerful management insights. Enterprise Security Architecture is not about developing for a prediction, it is about ensuring the development allowing to maintain and sustain the agility to change. It may be unknown where the future development is going, what will be the challenge and how we are going to get there but we have to be ready. iRangers adopts methodologies of The Open Group Architecture Forum (TOGAF) and Sherwood Applied Business Security Architecture (SABSA) to establish, design and improve customer’s security framework and architecture.

  • Custom and framework-based enterprise architecture development
  • Enterprise architecture governance and architecture team operating models
  • Analysis & (re)design of security approach & perception
  • Review, management and policing of business attributes (business strategy, management, technical strategy, operation, risk management, legal/regulatory, user)
  • Structuring of enterprise elements into context, conceptual, logical, physical, component, and service
  • PCI DSS Assessments

Companies accepting, processing and transporting payment related information including credit card data are required to comply with PCI DSS.  We apply different services and approaches like gap analysis, pen testing and consultations to help our customers become DSS compliant.  We have designed our processes in accordance with the DSS approach and scope:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Certifications and expertise:

  • CompTIA CASP
  • CompTIA Security+
  • CISSP
  • SABSA
  • TOGAF
  • ISO 27002
  • ITIL
  • NIPS
  • NIDS
  • SIEM
  • ISC2