Information Security Services | Information Security Solutions

 home company contact us

1 (866) 365-8401

  • Professional Services

    • Professional Services Overview
      Vigilar Professional Services provides security consulting expertise to help organizations of any size assess their current security state, meet information security challenges, design solutions to reach their optimal security posture and achieve regulatory compliance.
      Payment Card Data Security
      Vigilar’s PCI Compliance Services deliver a full range of PCI-specific assessment, remediation and education services to help organizations of all sizes establish and improve PCI compliance. Vigilar is recognized by the PCI Security Standards Council (PCI SSC) as both a Qualified Security Assessor (QSA) and as an Approved Scanning Vendor (ASV).

  • Security Solutions

    • TITAN™ - Vigilar’s Information Security Framework
      One of Vigilar's core tenets is that it is not sufficient to use information security software to secure the network alone. The data must also be secured from both external and internal threats. To this point, Vigilar has developed an innovative approach to the design and planning of security system software called the TITAN architecture that revolves around five key areas.
      Threat Analysis & Policy Management
      Partners: AlgoSec, Alterpoint, Altiris, BigFix, Cambia, eEye, eIQ Networks, Elemental Security, Firemon, Loglogic, McAfee, Qualys, Skybox
      Identity and Access Security
      Partners: Aventail, ConSentry Networks, Courion, CRYPTOCard, Cyber-Ark, Digital Persona, Imprivata, InfoBlox, RSA, SafeNet & Secure Computing
      Traffic Management
      Partners: F5
      Application and Content Security
      Partners: BorderWare, Certified Mail, CORE Technologies, Determina, Facetime, Fortify Software, Forum Systems, Imperva, Ingrian Networks, McAfee, NetContinuum, PGP Corporation, ProofPoint, Purewire, SafeNet, Securewave, SPI Dynamics, SurfControl, Symantec, Tizor Systems, TrendMicro, Tumbleweed, VMWare, Voltage, Vontu & Websense
      Network Security
      Partners: TippingPoint, AirDefense, AirMagnet, AirTight, Aruba, BlueCoat, Checkpoint, Cisco/Okena, CrossBeam, Juniper, Lancope, McAfee, Net Optics, Nokia, Nortel, Resilience, Sipera, SourceFire & Tufin

  • ATLAS™ Security-As-A-Service

    • Asset Identification, Prioritization and Management:
      Identifies infrastructure assets, security issues and network changes.
      Prioritizes assets and provides an asset-based risk score.
      Includes: Change Monitoring and Management, Asset and License Management, Network State Traffic Monitoring and Risk Analysis.
      Technical Support:
      Provides expert front line support for specified security vendors.
      Helps reduce technical support costs and ticket resolution times.
      Log Management:
      Provides a secured, tamper-proof, automated audit trail for system and application components.
      Authentication Management:
      Manages the entire Two-Factor Authentication token lifecycle including implementation, user provisioning, account approval and token inventory management.
      Systems Maintenance, Monitoring and Management:
      Provides ongoing maintenance, monitoring and management of leading third-party security devices (Firewalls, IDS, IPS).
      Gives your team access to Vigilar’s security expertise.
      Frees up your staff from the burdens of day-to-day management tasks.

  • IT & Security Training

    • Corporate On-Site Training
      Whether you work in a small, medium or large organization, Vigilar's Intense School is your single source for corporate on-site training covering advanced networking and security. Our customized enterprise solutions offer on-site technical training that allows corporate training managers the ability to easily administer their learning programs and track the progress of all participating employees.
      Individual Boot Camp Training
      Vigilar's Intense School holds Network Security, Microsoft, CompTIA and Cisco Boot Camps that offer certification in less time and at less cost than traditional training methods. Intense School's boot camps are all-inclusive – we provide hotel accommodations and lunch, comprehensive training and testing all in one location.
      Government Training
      Vigilar's Intense School's dedicated Federal team has trained thousands of Government information and IT security personnel, empowering these professionals to maintain peek performance of both their skills and the technologies they oversee.
      Online Training: Learn at Your Own Pace
      Vigilar's Intense School revolutionizes the newest wave of training through our Online courses, a unique and accommodating way to attain certification! Vigilar's Intense School fits the schedules and needs of our students by offering classes in the daytime, evening, and weekend hours.

    1. Professional Services

      » Penetration Testing
    2. » Security Policy & Procedure
    3. » Social Engineering
    4. » VoIP Security
    5. » Vulnerability Assessments
    6. » Web Application
    7. » Web Application Penetration

    8. Audit Services

      » PCI Data Security Standard
    9. » Equifax Audits

    10. PCI Compliance

      » PCI Gap Analysis
    11. » Quarterly PCI Scanning
    12. » PCI Onsite Audit
    13. » PCI Management Program

  • Vigilar’s Web Application Penetration Testing Service

    Vigilar’s Web Application Penetration Testing is a “hands-on” test of Web Applications and their controls, using real-world hacking tools, to discover the depth of risk that may be posed by vulnerabilities in Web applications. Web Application Penetration Testing provides a thorough identification of exploitable vulnerabilities in Web applications, a risk level for each vulnerability and recommendations for remediating those vulnerabilities. This test supports compliance initiatives for regulations such as PCI, GLBA or FFIEC that require penetration tests.

    Web Application Penetration Testing Overview

    Key objectives for Vigilar Web Application Penetration Testing include:
    1. Discover high-risk Web Application vulnerabilities that expose risks of loss of confidentiality, direct loss of data assets, risks to reputation, compliance risk, or liability exposure.
    2. Define remediation options for any vulnerabilities found, including methods of directly remediating, as well as compensating controls.
    3. Provide auditable documentation for examiners and auditors as a part of a compliance initiative.
    4. Deliver high-level executive reporting useful to management, as well as detailed technical reporting for technical staff.
    Click Here to Get More Information About Vigilar's Professional Security Services

    Vigilar’s Web Application Penetration Testing Process
    A penetration test locates logics flaws not typically detected during a vulnerability assessment. When a vulnerability has been identified, the exploitation process is documented, showing the steps a hacker may follow to exploit the vulnerability, including screenshots and examples of data that may have been extracted.

    Key tasks include:

    Information Leakage Discovery: using common and advanced research tools (such as Google hacking and code comments) to find information that could lead to an attack or otherwise disclose information that should not be public

    Privilege Escalation and Data Leakage: performing a “hands-on” walkthrough of the application to detect where users with insufficient permissions are able to access unauthorized areas

    Automated Vulnerability Scanning: using commercially available, proprietary and open source tools to identify potential vulnerabilities in the Web application

    Ethical Hacking Analysis: reviewing data collected and formulating possible attack vectors, targets, and exploitation methods than can be used to gain privileged access

    System Exploitation and Penetration (Vulnerability Validation): validating the discovered vulnerability by attempting to exploit the vulnerability. Vigilar security experts execute the attack plans formulated by the Ethical Hacking Analysis. Vigilar uses combination of tools and techniques to attempt a successful penetration. Upon successful penetration, Vigilar takes sample file, data, or screenshots to prove the vulnerability was successfully exploited. Screenshots depicting the step by step process of exploitation are taken and presented in the report.

    Vigilar’s security experts provide the risk level for each vulnerability. Risk level is determined by looking at the probability that the vulnerability could be exploited along what could be compromised by the hacker if the vulnerability was exploited. Remediation recommendations are also provided for each vulnerability, including Vigilar Best Practices on effectively remediating the identified vulnerabilities.

    Common examples of Web application security vulnerabilities identified during the penetration test include:
    1. Brute Force
    2. SQL Injection
    3. Cross-Site Scripting (XSS)
    4. Client-Side Pricing
    5. Parameter Injection
    6. Directory Traversal
    7. Buffer Overflow
    Click Here to Get More Information About Vigilar's Professional Security Services

    Once the assessment is complete, the client receives a detailed set of deliverables, plus a thorough review of these reports, led by the Vigilar assessment team. These deliverables consist of:

    1. Report—focuses on providing customer with the following key objectives:
      • An Executive Summary that summarizes security exposures discovered in the assessment and the potential impact upon the organization
      • A Management Report that details operational issues related to Web application vulnerabilities that were discovered
      • A Technical Report that details the identity and location of vulnerabilities
      • A Solutions Recommendation Report that helps staff begin the process of prioritizing remediation efforts, with strong emphasis on reducing the greatest risks to the enterprise first
      • PCI Compliance Summary describing how this assessment maps to specific sections of PCI in regards to Web Application security
    2. Emergency Notification upon discovery of any critical vulnerability
    3. Technical Conference Call to review vulnerabilities with support staff and the appropriate changes that should be made to remediate
    Web Application Penetration Testing Features
    1. Comprehensive review of Web application components using automated tools as well as hand validation by Vigilar security experts
    2. Tiered levels of service for businesses of varying sizes
    3. A complete set of reports that address the needs of both senior managers and technical staff
    4. Guidance for prioritizing and fixing discovered vulnerabilities
    Web Application Assessment Service Benefits
    1. Delivers rapid, accurate and non-invasive discovery of the security weaknesses in Web applications
    2. Provides comprehensive assessments without requiring the purchase of hardware, software or staff
    3. Assigns a risk level to Web application vulnerabilities to help structure and simplify remediation efforts
    4. Integrates business and technical concerns associated with Web application vulnerabilities for faster, more productive remediation efforts
    Click Here to Get More Information About Vigilar's Professional Security Services

 

Resources:

White Papers

Case Studies

Webcasts

 Home | Contact Us | Privacy | Legal | About Us | IT & Security Training | ATLAS SaaS | Professional Services | Solutions
© 2008 Vigilar, Inc. All Rights Reserved.
Stay current with Information Security News and Updates