Comprehensive verification is appropriate for Internet-facing or intranet applications that are critical to the business, provide special functions, or that process sensitive information.
ISR Computing has evolved a unique hybrid verification methodology that has proven efficient and cost-effective across a diverse range of applications and industry sectors. Our reviews are efficient because we've integrated code review with automated code analysis, vulnerability scanning, and application penetration testing to allow us to use the most effective technique possible.
Our comprehensive verification uses this hybrid verification approach, combining the strengths of automated scanning, manual code review, and manual penetration testing. This approach makes our reviews more comprehensive and more accurate than any other approach. Our state-of-the-art application security analysis, testing, and reporting workbench allows us to keep costs down while providing very high quality.
ISR Computing has unparalleled experience verifying the security of the code for complex enterprise applications. Over many years, we have tuned our process to be extremely efficient and effective. ISR Computing has deep experience with virtually all modern software environments and frameworks, including Java, .NET, C/C++, ASP, ColdFusion, Oracle, Struts, Spring, Ajax, RIA, and many more.
In some cases, access to the source code or the running application is not possible. We can still verify these applications using the available techniques, and the cost is the same. If you didn't develop the code yourself, we are happy to work with your software provider.
The comprehensive verification provides evidence that all the major security controls are in place and that they have been used properly throughout the application, including authentication, access control, input validation, output escaping, encryption, data protection, error handling, logging, and back-end communications. In addition, we satisfy the PCI DSS compliance application security requirements.
ISR Computing's reports include a strategic executive summary, a clear scorecard, and detailed findings that can serve as evidence of application security due diligence and compliance. Each finding includes a full description of the risk, including the likelihood and impact of a successful exploit to the business. We also detail the procedure for reproducing the finding, as well as a detailed description of how to remediate the issue.
Our services include:
The Cisco Network Access Control (NAC) solution uses your network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Organizations using NAC can allow network access only to compliant and trusted endpoint devices (PCs and servers, for example) and can restrict the access of noncompliant or unmanaged devices. By integrating policy enforcement and access-control capabilities throughout the network, NAC can limit exposure to devices that can compromise the security and operation of the network.
To implement NAC successfully, your organization must carefully plan, deploy, and configure NAC to work with your existing infrastructure. As part of the implement phase of the Cisco Lifecycle Services approach, the Cisco Security Network Admission Control Implementation Service, designed for large enterprises, provides expert advice from skilled ISR Computing security engineers to help ensure a successful Cisco NAC implementation. The service provides rigorous requirements planning, design, and implementation consulting—essential to deploying an effective NAC solution that reduces the risk of noncompliant hosts obtaining access to your network.
ISR Computing network engineers analyze NAC deployment requirements and assess the readiness of your organization’s network devices, operations, and architecture to support the NAC solution. In addition to identifying components that do not support NAC capabilities, security engineers determine if your network topology supports a scaled deployment and deliver an impact analysis detailing requirements for redundancy, scalability, and hardware and software upgrades. Detailed requirements are provided for:
ISR Computing network security engineers install and configure a pilot deployment solution, allowing your IT staff to test and gain experience with the NAC solution. This limited deployment can be deployed in a lab, production environment such as a branch office, or for VPN users. The service includes configuration, maintenance, and support documentation for NAC components.
ISR Computing consultants assist in developing a detailed design for integrating NAC into your network infrastructure. Working with your IT staff, design engineers develop the overall strategy and plan for the NAC solution, providing an in-depth analysis of the technical, procedural, and resource requirements for a corporatewide deployment. ISR Computing consultants also provide a design specification that defines the network topology and configuration recommendations for network access devices, Cisco Secure ACS, management software, endpoint software such as the Cisco Security Agent, and antivirus technology.
The Cisco NAC solution must be carefully deployed, configured, and integrated into your network infrastructure, so ISR Computing security engineers support your team through a full-scale implementation. ISR Computing consultants work with your IT staff to develop detailed deployment plans, including installation, configuration, integration, and management. After the plans are completed, ISR Computing security engineers deliver onsite support for installation, configuration, testing, and tuning to help ensure the deployment integrates smoothly into the production environment.
Conduct a design workshop to gather business, technical, and operational requirements
Provide staff with practical education on the operation and management of the solution
A detailed Cisco NAC Network Readiness Assessment Report with analysis, findings, and recommendations
With the Cisco Security Network Admission Control Implementation Service, your organization can:
Don't buy a business phone system until you have talked to our telecommunications experts!
We work closely with all of the manufacturers we carry including Cisco, ShoreTel, Avaya, Polycom, Plantronics and others to deliver the best communications available.
Our engineers are available for telephone system installation, service and maintenance support.
We support all aspects of your application and network security initiative.
From quick engagements to help protect an application to large programs that improve an entire organization, ISR Computing can help you quickly and cost-effectively.
Our services take advantage of our proven application security methodologies and extensive knowledge base.
We have 8 guests and no members online