Providing security - enabling business
Sapphire’s Remote Testing Service group (RTS) uses a combination of proprietary, commercial, and open source tools and techniques to assess the security of a network from outside the organization’s network or a web application accessible remotely over the Internet.
This provides the CLIENT with an in-depth understanding of their security posture facing externally, past the perimeter firewalls and defenses. There are two major avenues of access for hackers and malicious attackers who are looking to compromise our clients from an external vantage point –
- Open network services & ports such as SMTP (email), HTTP/HTTPS (web), FTP/SSH/SFTP etc (misc. services);
- Web applications that serve static/dynamic content and user functionality.
Remote Network Testing (RNT)
For this, the RTS team focuses solely on perimeter network devices and systems with services accessible from the internet.
We know that services such as SMTP, FTP, SSH, VPN etc. are necessary for the smooth functioning and administration of our CLIENT’s networks. But these services need to be tested regularly for missing patches, updates, insecure configurations or security vulnerabilities that are announced from time to time. Open source and commercial scanners are used for coverage and high level reconnaissance and testing, as detailed in our methodology beginning on the next page. This is followed by rigorous manual testing that investigates issues and potential issues in depth.
Remote Application Testing (RAT)
Every business is driven in this day and age by web-applications serving static or dynamic content to its customers. These applications may sometimes be the major avenue of inbound attack from malicious entities that are looking to compromise and gather sensitive PII, credit card data, intellectual property or information that may give them competitive advantage.
Applications evolve and as the technologies they use are affected by vulnerabilities, reconfiguration and updates may be necessary. Applications themselves may have code changes and updates, or be inherently vulnerable to security holes. We help you identify, mitigate and solve these security issues. Once again, the process starts with an automated scan to cover the breadth of the application, with in-depth manual testing that follows.
If you do not see what you need here, all you have to do is give us a call or shoot us an email. Our team of highly experienced individuals are adept at industry and business specific solutions.
Our aim is not to provide security by impacting business but by enabling it; and we understand that business enabling security comes in many molds. Square pegs do not fit in round holes – but we have the ability to create solutions for your specific problems. Our experience, our flexibility and our immense knowledge of the technology space is at your disposal,
Our main value add to any security project is the manual efforts. We have highly certified and qualified personnel with more than a decade of experience following security trends and latest testing techniques.
These personnel have worked with the best of the Fortune 500 companies and helped them with their security needs, providing them with testing and advisory services – at the same time ensuring that their business processes are minimally impacted not just by the assessment, but even by the remediation activities. That is what we call value addition, that is what we call trusted advisory.
We know you want more detail and we are always available for consultation at firstname.lastname@example.org
But in the meantime please visit our Download page, to download documents, presentations and case studies that will get you more familiar with us. But remember, security can not be static – for all customizations, email us today.
We will bring to your service, a worldwide network of security professionals with subject matter expertise on several security topics:
- Application and Network Penetration Testing;
- ISO 27001 Assessment & Strategy Development;
- PCI Compliance & Remediation Services;
- Tools & Technology Guidance;
- Incident Responses & Data Forensics;
- Third Party Vendor Security Reviews;
- Data Privacy & Work Process Flow Analysis;
- IS Governance & Risk Assessment Strategies.