eSentire's External Assessment Process permits you to determine what information specific to your enterprise can be gained from a remote source. Hackers perform this type of scan (usually unnoticed) on a daily basis, looking for weaknesses in your security infrastructure. Wouldn't you like to know what information your company is currently offering to the Internet?

eSentire's External Assessment Methodology is as follows:

• Probe for improperly configured services, weak protocols, or poorly maintained security or network infrastructure. We use a combination of freely available open source tools, coupled with commercial network analysis tools in addition to proprietary tools coded by eSentire staff.
• Post-probe, we examine Firewall and Intrusion Detection System (IDS) output to see if our attacks have been properly identified. This process allows a corporation to recognize what services are currently offered to the world at large and identify possible associated risks. As well, it can demonstrate what problems could be seen if a real attack occurs.
• In addition to eSentire's staff keeping up-to-date on recent vulnerabilities and attacks, we decode, analyze and test protocols to check for possible weaknesses. This permits us to write proprietary tools to further probe the security of your infrastructure.

External Vulnerability Assessments have different levels of intensity, ranging from an automated scan of addresses to a "no-holds barred" ethical hacking session.

Internal Network Assessment

While some might consider threats originating from inside of your company to be of low risk, evidence shows that this is not the case. Currently the United States Secret Service (USSS) and CERT are investigating the prevalence of Insider Threats to critical corporate infrastructure.

This process assesses your enterprise's security implementation and determines how well protected your enterprise is from the threats determined in the risk model.

eSentire's Assessment Methodology:

• examine all aspects of the client's systems and procedures, such as general security practices, network vulnerability, firewall readiness, encryption strategy, access control (logical and physical) and virus protection
• identify
critical information assets, associated threats, and the security requirements of said assets
• evaluate the strategies the corporation uses to protect these assets and discover any inherent weaknesses or vulnerabilities
• provide an analysis of our findings and work with you to create the most secure environment possible by means of security strategy and policy. This often requires that the network topology be changed to consist of concentric rings of trust, based on the principles of enclaves and "least privilege". There is no reason that every user within your network should have access to every service or resource within the company. For example, your sales force probably shouldn't have access to your payroll information. Careful analysis and reorganization of your company's infrastructure can prevent security problems.