Equitable Bank engages Conexsys to perform a network perimeter Security Audit to locate and protect against risks.
As part of their security review process, Equitable Bank chose Conexsys to poke around several key areas of their network perimeter. They wanted to clearly understand:
- What were the risks from Internet attackers – from public access as well as user-level accounts?
- How could they protect against these attacks?
According to David Yu, Equitable Bank’s Vice President of Information Technology, “Internal best practices dictate that our network devices are reviewed each year to maintain top-level security and protect Equitable’s assets.”
As part of our delivery, Conexsys utilized two key security assessment programs. First, we performed a Conexsys Remote Device Assessment of specific Internet-facing devices to uncover weaknesses. This service evaluates the security of a device from a remote network and compares its current status to industry best practices. To accurately replicate risks, we used industry leading tools and our own utilities and checklists to evaluate from a position on the Internet, with and without “insider” knowledge of the organization.
Second, we performed a Conexsys Discovery and Basic Vulnerability Scan to provide a snapshot of exactly what services are visible from the Internet, to see if there were any unauthorized or insecure applications visible. This service also includes predefined scans to report on vulnerabilities in off-the- shelf software.
The Real Value is in Customization
Conexsys’s value is our ability to customize our service and reporting to best suit our customers’ network audit requirements and business practices. According to Mr. Yu this was the key factor in choosing Conexsys, “We appreciate that Conexsys is flexible enough to customize their assessment and scanning services, and present the information in a customized report that meets our needs. The entire service with scheduling, project management and risk management, was complete in just under a month, which allowed us to focus on business as usual.”
“The intelligence that Conexsys provided helped us ensure that our security is locked down tight. Most importantly, for any vulnerabilities they do find, their recommendations are clear and actionable. For such a cost-effective service, it has a huge payback in confidence.”
Poking Around is Serious Business
Although calling our service “poking around” is a light hearted approach, we are very serious about your security. Conexsys has an extremely evolved process for security evaluations, from handling data to project management. We use a state-of-the-art tool kit with multiple commercial tools from our partner organizations to give analysts different perspectives on vulnerabilities. Our analysts are SANS GWAPT (Web App Penetration Testing) certified and Canadian Federal Government secret cleared. And our flexible scope definition and reporting formats allow customers to tailor the discovery and results to meet their goals.