Security Posture Assessment (SPA)

Over time, a well-designed and expensive security infrastructure may become vulnerable for newer types of attack. For example, we have found web servers that do not filter user input and hence may make their back-end application vulnerable to SQL attacks. We have also found that websites using strong authentication are still vulnerable to phishing attacks due to the lack of protection against the hijacking of secure sessions. While perhaps sounding far-fetched and sophisticated, these risks have led to actual fraud .
It is not secured untill it is tested !!

How we can help
SINTRX SPA services  is unique in the market in that it looks beyond pure technical preparedness against cyber-attack. It takes a rounded view of people, process and technology to enable clients to understand areas of vulnerability, to identify and prioritize areas for remediation and to demonstrate both corporate and operational compliance turning information risk to business advantage.

In developing the assessment, SINTRX has combined international information security standards with global insight of best practice in risk management, cyber security, governance and people processes. Through a combination of interviews, workshops, policy and process reviews and technical testing, we rapidly:

•               Identify current gaps in compliance and risk management of information assets
•               Identify the scale of cyber vulnerabilities
•               Set out prioritized areas for a management action plan

The assessment provides the flexibility to assess the level of cyber security maturity on a site by site basis or at a company level. It helps identify best practice within an organization and provides comparator information.

In short, it provides executives with a rapid assessment of your organization’s readiness to prevent, detect, contain and respond to threats to information assets

Our aproach
SINTRX’s Security Posture Assessments (SPA) operates proactively to identify threats in all external or internal access points and suggest clear remediation options. Our approach to attack & penetration testing can be summarized as follows:

  • Step 1

We establish the scope, so that you can control the effects of any possible test in time and space. We also agree upfront on escalation and incident management procedures in case tests yield a noticeable operational effect.

  • Step 2

We document the type of attacks, the applications, the data and the potential weaknesses you are most concerned about. Our experience has shown that every company has its unique risk profile that drives the type, scope and level of hostility of our tests.

  • Step 3

We determine and scan for the systems, network components, and wireless connection points visible from the attack points. Our experience has shown that this type discovery generally leads to surprises that confirm the need of attack and penetration testing.

  • Step 4

We conduct a wide range of vulnerability scans and simulated attacks using SINTRX methodology and tools. All tests are bound by the agreed time-table and scope and by the SINTRX policy and service agreement. This ensures that the tests don’t miss anything and yet do not harm your normal operations.

With our Assess and Architect services, we deliver reports that are to-the-point, that answer the 'so-what?' questions and provide clear guidance on how to solve the issues at hand. The key benefits we offer are:

I- All penetration tests are performed by SINTRX professionals to limit your exposure and disclosure.
Our professionals arrive at their conclusions by using the same tools and techniques as rogue hackers, and by following a pragmatic and project-oriented approach to ensure predictability and consistency.

II- Selected hosts or networks are targeted carefully, to protect the integrity of critical systems, data and applications and keep any side-effect on other hosts to an absolute minimum.

III- A combination of Internet based and inside-the-DMZ tests ensure complete coverage and allow you to understand the vulnerability level in case of faulty configuration or maintenance later on.

Minimum Baseline Security Standards (MBSS).
In order to provide secure services toour customers, stakeholders and employees, it is imperative that these assets are effectively protected. In line with this objective the security departments within the organizations develop “Minimum Baseline Security Standards” (MBSS), which ensures that the assets are protected to a minimum standard level.
MBSS is IT technology focused procedures that grant the technical tasks that include but not limited to OS, Network Devices and IT Security solutions, Middleware, Infrastructure related applications, end user Applications and databases).

It’s how SINTRX adds values .
For more information on how we can make a difference in your organization, contact your local SINTRX professional or a member of our team.